Printable View
Its top of the charts again folks for the third or fourth? month running.
Some IE6 users have reported instances of Klez infection yet supposedly IE6 is not affected by the vulnerability reported in IE5 and IE5.5. That is true except in one set of circumstances. If a user with an unpatched browser selects the minimal installation for IE6 instead of the default, then the vulnerability is inherited.
Here it is from the Microsoft KB: The MS01-020 and MS01-027 Security Patches May Not Be Applied When You Upgrade to Internet Explorer 6It is also mentioned on this Microsoft page: Microsoft Security Bulletin MS01-027Quote:
Cause
The files that contain the vulnerability are associated with Microsoft Outlook Express, which is included as part of Internet Explorer. If all of the following conditions exist, Outlook Express is not upgraded and the vulnerability remains:
- You are running Microsoft Windows 98, Microsoft Windows 98 Second Edition, or Microsoft Windows Millennium Edition (Me). Note that Internet Explorer 6 is not supported on Microsoft Windows 95.
- You upgraded from Internet Explorer 5, 5.01, 5.01 Service Pack 1 (SP1), 5.5, or 5.5 SP1 to Internet Explorer 6.
- You did not apply the patch for MS01-020 or MS01-027 before you upgraded to Internet Explorer 6.
- When you installed Internet Explorer 6, you either selected the Custom Install option and cleared the option to install Outlook Express, or you selected the Minimal Install option.
Note that this issue does not apply to Microsoft Windows NT 4.0, Microsoft Windows 2000, or Microsoft Windows XP because the vulnerable code is always updated on these versions of Windows.
Quote:
These vulnerabilities can be eliminated either by installing the patch or upgrading to an unaffected version. However, as discussed in the FAQ and in Knowledge Base article Q308411, customers who upgrade to IE 6 on systems running Windows 95, 98, 98SE or ME must select either Typical Install (this is the default) or Full Install in order to eliminate the vulnerabilities.
I have a new W2K system, which came with IE 5.00.
Should I install IE 6.x or should I upgrade?
What is the process that I should follow? Do I need to back-up the 6 months of data in Outlook Express?
Thanks,
Linda
;)