This update resolves the "Web Client NTLM Authentication" security vulnerability in Windows 2000 and Office 2000 and is discussed in Microsoft Security Bulletin MS01-001. Download now to ensure that your Web Extender Client (WEC) components are set to the recommended Internet Explorer security levels, to prevent a malicious Web site operator from capturing your logon credentials. Under specific conditions, this vulnerability allows a malicious Web site operator to obtain the cryptographically protected logon credentials of a visiting user. This is because the security settings for WEC components are set to incorrect levels, which allows your computer to send information about your authentication credentials to remote Web applications. The vulnerability exists because WEC, which allows Internet Explorer to view and publish files via Web Folders, does not adhere to the recommended security settings in Internet Explorer, and performs NTLM authentication for any server that requests it. A malicious Web site operator could format a document to request NTLM authentication from a visiting user automatically, causing the user's authentication credentials to be sent by default. Once the credentials are revealed, the operator may be able to use specialized tools to derive the user's password. Note This vulnerability affects only computers running versions of Internet Explorer later than 5.0 with Web Folders enabled. For more information about this vulnerability, read Microsoft Security Bulletin MS01-001.
|File Size||1.57 MB|
|Operating System||Windows 2000 Windows|