This is the BIG one folks...it fixes NUMEROUS vulnerabilities in IE 5.01, 5.5, and 6.0...any other versions are not supported (and you should either update to one of the supported versions or get another browser).

The link to the security bulletin on the Microsoft Technet Site is below:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-005.asp
It also has download links.

Below I have put a quote from the MS bulletin on the vulnerabilities fixed in this patch:

-{ Quote: "What vulnerabilities are eliminated by this patch?

This is a cumulative patch that, when applied, eliminates all known security vulnerabilities affecting Internet Explorer 5.01, 5.5 and 6.0. In addition to eliminating all previously discussed vulnerabilities versions, it also eliminates six new ones:

-A vulnerability that could enable an attacker to take any action on another user’s system that the user himself could take.
-A vulnerability through which an attacker could read files from another user’s system.
-A vulnerability that could assist an attacker in convincing a user to download or run an unsafe file.
-A vulnerability through which an attacker could start an application on another user’s system.
-A vulnerability that could enable a web page to flout one of the security settings a user had selected.
-A newly discovered variant the "Frame Domain Verification" vulnerability discussed in Microsoft Security Bulletin MS01-058. " }-

Enjoy! *;D

P.S. Glad to be first to see this one. *:)

UPDATE: This is NOT the botched version of this patch, if anyone was wondering...

argh it told me that update was only for Win 2k!!!

Conspiracy... *>:(

-{ Quote: "argh it told me that update was only for Win 2k!!!

Conspiracy... *>:(" }-

Did you try going to this link?
http://www.microsoft.com/windows/ie/downloads/critical/q316059/default.asp

Enjoy! *;D

Hmm no but I just did.. and here's my problem...

System Requirements
This update applies to:

Internet Explorer 6.
Internet Explorer 5.5 SP2.
Internet Explorer 5.5 SP1.
Internet Explorer 5.01 SP2 on Windows 2000 only.

And I have 5.0 or 5.01 with Win98... I am now trying to get a 5.5 update :-) Assuming that would let me get this update

Aaaah...ok.

I would recommend IE 5.5 SP2 if you have an older version...it also allows you to get this patch. *:)

I'm going to stay away from IE 6.0 as much as I can for as long as I can - or at least until SP1. *;D

A note of thanks JavaCool ! P.S. Detox I thought MS was a conspiracy:)

No doubt there m8, and I still haven't even gotten up to IE 5.5! I think it's my fault though, haven't really gone through looking for it.. will do soon and report back on my patch progress, if anyone cares *:-X

I do. I got the same 'this patch is for W2K' message - but i know darn good and well I clicked on the right update link for the browser on the computer concerned that's running IE5.01 w/SP2.

I haven't had a chance to look around the net yet, but I've a sneaking suspicion that we are not alone in this problem. Pete

* And, are we sure there still aren't problems with the patches effectiveness? http://www.newsbytes.com/news/02/174427.html

-{ Quote: "I do. I got the same 'this patch is for W2K' message - but i know darn good and well I clicked on the right update link for the browser on the computer concerned that's running IE5.01 w/SP2.

I haven't had a chance to look around the net yet, but I've a sneaking suspicion that we are not alone in this problem. Pete

* And, are we sure there still aren't problems with the patches effectiveness? http://www.newsbytes.com/news/02/174427.html" }-

Based on tests of others, this new version of the patch closes a couple bad security holes, and partially closes others.

Which ones? I forget the link, but I will go hunting...

But it IS a good idea to install it...even if it only "fixes" a couple and "kinda' fixes" some others.

(NOTE: There is at least one vulnerability NOT covered in this patch - and Microsoft is currently tight-lipped about it.)

-{ Quote: "Patch Leaves IE Users Exposed To Attacks

By Brian McWilliams, Newsbytes
Feb 12 2002 10:19AM PT

A bundle of software fixes designed to close security holes in Microsoft's [NASDAQ:MSFT] Web browser leaves Internet Explorer users vulnerable to several published attacks.

The patch, which was released by Microsoft Monday, "eliminates all known security vulnerabilities affecting Internet Explorer," according to bulletin MS02-005 from the company. Six bugs, two of which are rated "critical," are addressed by the cumulative patch, Microsoft said.

But tests performed by Newsbytes and independent security researchers show that the Feb. 11 patch only partially closes two vulnerabilities and does not address at all a flaw in Internet Explorer version 6 that could allow remote attackers to execute programs on a client system.

The unpatched flaw, known as the "IE Pop-Up OBJECT Tag Bug," was reported to Microsoft on Jan. 10 by a security researcher using the nickname ThePull.

A demonstration at ThePull's site successfully exploited...

.
.
." }-
To read more visit: http://www.securityfocus.com/news/327

Holy cow! :o When's the next patch, tomorrow? *::) Am I glad I'm using Opera 6.01 b1041! ;D

Note: The patch does not work with IE5.01 w/SP2 unless you are running W2K as your OS.

5.01w/SP2 doesn't need it unless you're running W2K? That would point to it being an OS rather than a browser issue, wouldn't it?

Or, MS's just not supporting the fix on any other platform with 5.01 than W2K?

Very confusing. pete

-{ Quote: "Note: The patch does not work with IE5.01 w/SP2 unless you are running W2K as your OS.

5.01w/SP2 doesn't need it unless you're running W2K? That would point to it being an OS rather than a browser issue, wouldn't it?

Or, MS's just not supporting the fix on any other platform with 5.01 than W2K?

Very confusing. pete

" }-

Yeah, I'm too wondering about that, Pete.

-{ Quote: "Security experts gave mixed reviews Thursday to the way in which a software-reliability company disclosed a bug in Microsoft's newest tools for building applications for its .Net framework and Windows operating system.
Late Wednesday, Dulles, Va.-based Cigital told The Wall Street Journal of a flaw in Microsoft's latest tools for creating Windows and .Net programs after giving the software giant a little more than 12 hours to respond.

Some security experts criticized the quick public announcement as irresponsible.



"There is no way that Microsoft could fix this in a day," said Al Huger, vice president of engineering for vulnerability-information company SecurityFocus. "Full disclosure has to be coupled with responsible disclosure."

The issue reopens a debate on how to responsibly disclose information about security vulnerabilities. Thoughts on disclosure range between two extremes: those who believe that every detail of a potential security threat should be publicized as soon as possible, and others who believe that no details of any security flaw should ever be published." }-
Full article:

http://news.com.com/2100-1001-838096.html

regards.

paul