A recent Microsoft security patch for Internet Explorer (IE) can lock users out of certain Web sites and Microsoft's own MSN e-mail service, Microsoft said late Wednesday.
The issue affects the cumulative patch for IE versions 5.01, 5.5 and 6.0 released on Feb. 5 and rated "critical" by Microsoft. The software maker released a software fix to correct the bug, according to the revised MS03-004 security bulletin. (http://www.microsoft.com/technet/security/bulletin/MS03-004.asp)Users, primarily consumers, were unable to access certain Web sites requiring user authentication after installing the patch, Microsoft said. This issue in itself does not present a new security vulnerability and the original patch does fix all the vulnerabilities it is meant to, the vendor said.
Only users having trouble authenticating to Web sites or accessing MSN e-mail need to install the new fix, which is available on Microsoft's security Web site, the vendor said.
The cumulative patch announced in MS03-004 includes all previously released patches for Microsoft's Internet browser and fixes two newly discovered vulnerabilities involving IE's cross-domain security model, which keeps windows of different domains from sharing information. In the worst case, these two flaws could enable a Web site operator to load and run malicious code on a user's system.