Two new security bulletins escape from Redmond

Microsoft Corporation issued two security bulletins on Thursday, with information about bugs in Internet Explorer 4.0/5.0 and the RAS/RRAS clients on Windows NT 4.0.

The Internet Explorer bug could potentially allow computer code to be run on a user's computer or allow the information to be read from the user's hard drive. Microsoft has issued a patch for this problem which can be found on their Web site.

The second bug affects users that connect to Windows NT using Remote Access Service (RAS) or Routing and Remote Access Service (RRAS). When a user dials into an NT Server, a dialog box asks for the user's login and password. This dialog includes an option titled "Save password" that allows the user to cache their security credentials. However, server caches the user's password regardless of whether the checkbox is selected or de-selected. Microsoft has released separate patches for RAS and RRAS that fix this problem:

Thanks to Carlos Del Collado for tipping me off to the RAS/RRAS hot-fix

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.