IE6 and Klez
Results 1 to 3 of 3

Thread: IE6 and Klez

  1. August 4th, 2002, 02:59 AM #1
    AnnMarie's Avatar
    AnnMarie
    AnnMarie is offline Deco Annie
    Join Date
    Sep 2001
    Location
    New Zealand
    Posts
    2,869

    IE6 and Klez

    Its top of the charts again folks for the third or fourth? month running.

    Some IE6 users have reported instances of Klez infection yet supposedly IE6 is not affected by the vulnerability reported in IE5 and IE5.5. That is true except in one set of circumstances. If a user with an unpatched browser selects the minimal installation for IE6 instead of the default, then the vulnerability is inherited.
    Reply With Quote Reply With Quote
  2. August 4th, 2002, 08:50 AM #2
    Vernon Frazee's Avatar
    Vernon Frazee
    Vernon Frazee is offline Virtual PC Specialist!!!
    Join Date
    Feb 2000
    Location
    26.03°N 80.14°W
    Posts
    9,410
    Here it is from the Microsoft KB: The MS01-020 and MS01-027 Security Patches May Not Be Applied When You Upgrade to Internet Explorer 6
    Cause

    The files that contain the vulnerability are associated with Microsoft Outlook Express, which is included as part of Internet Explorer. If all of the following conditions exist, Outlook Express is not upgraded and the vulnerability remains:
    • You are running Microsoft Windows 98, Microsoft Windows 98 Second Edition, or Microsoft Windows Millennium Edition (Me). Note that Internet Explorer 6 is not supported on Microsoft Windows 95.
    • You upgraded from Internet Explorer 5, 5.01, 5.01 Service Pack 1 (SP1), 5.5, or 5.5 SP1 to Internet Explorer 6.
    • You did not apply the patch for MS01-020 or MS01-027 before you upgraded to Internet Explorer 6.
    • When you installed Internet Explorer 6, you either selected the Custom Install option and cleared the option to install Outlook Express, or you selected the Minimal Install option.


    Note that this issue does not apply to Microsoft Windows NT 4.0, Microsoft Windows 2000, or Microsoft Windows XP because the vulnerable code is always updated on these versions of Windows.
    It is also mentioned on this Microsoft page: Microsoft Security Bulletin MS01-027
    These vulnerabilities can be eliminated either by installing the patch or upgrading to an unaffected version. However, as discussed in the FAQ and in Knowledge Base article Q308411, customers who upgrade to IE 6 on systems running Windows 95, 98, 98SE or ME must select either Typical Install (this is the default) or Full Install in order to eliminate the vulnerabilities.
    Vernon Frazee, Microsoft MVP (Windows - Shell/User)

    Defenses Up!
    Tip: When prompted for a password, give an incorrect one first. A phishing site will accept it; a legitimate one won't.


    Inside Spyware: A Guide to Finding, Removing and Preventing Online Pests

    If you don't keep up with security fixes, your computer|network won't be yours for long.
    Reply With Quote Reply With Quote
  3. August 7th, 2002, 10:41 AM #3
    LindaHewitt
    LindaHewitt is offline Virtual PC Surgeon!
    Join Date
    May 2002
    Location
    Dallas, Texas, USA
    Posts
    1,413

    Cool

    I have a new W2K system, which came with IE 5.00.

    Should I install IE 6.x or should I upgrade?

    What is the process that I should follow? Do I need to back-up the 6 months of data in Outlook Express?

    Thanks,

    Linda

    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules