Invalid SSL Certificates May Be Bypassed in Internet Explorer (254902)


The information in this article applies to:

  • Microsoft Internet Explorer 5.01 for Windows NT 4.0
  • Microsoft Internet Explorer 5.01 for Windows 98 Second Edition
  • Microsoft Internet Explorer 5.01 for Windows 98
  • Microsoft Internet Explorer 5.01 for Windows 95
  • the operating system: Microsoft Windows 2000
This article was previously published under Q254902

SYMPTOMS

If you use a command-line option to start an instance of Webserver.exe and specify a server certificate at startup, and you then stop the current Webserver.exe instance and start a new instance of Webserver.exe with a different server certificate, a computer that is running Internet Explorer may not recognize the certificate change.

RESOLUTION

To resolve this problem, obtain the latest service pack for Windows 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

260910 How to Obtain the Latest Windows 2000 Service Pack



Microsoft has released an update that resolves this issue. For information about this update, please visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/bulletin/ms00-039.asp

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.

This problem was first corrected in Windows 2000 Service Pack 1.

MORE INFORMATION

NOTE: This update may not appear when you click Product Updates on the Microsoft Windows Update Web site, or you may receive the following message when you are installing this update from the Microsoft Download Center:
This update does not need to be installed on this system.
Updates are available only for Internet Explorer 4.01 Service Pack 2 (SP2) and Internet Explorer 5.01. Internet Explorer versions 4.0, 4.01, 4.01 Service Pack 1, 5, and 5.5 Beta are also vulnerable to this issue, but running the patch on a version of Internet Explorer 4.x earlier than 4.01 SP2, a version of Internet Explorer 5 earlier than 5.01, or Internet Explorer 5.5 Beta results in the message listed above. This patch is not listed as a critical update on the Microsoft Windows Update Web site unless you are running Internet Explorer 4.01 SP2 or 5.01.

Microsoft recommends that you update to Internet Explorer 4.01 SP2 or 5.01 and then install this patch. If you are using Internet Explorer 5.5 Beta, Microsoft recommends that you uninstall Internet Explorer 5.5 Beta and then install this patch for Internet Explorer 4.01 SP2 or 5.01. The final released version of Internet Explorer 5.5 includes all of the updates in this patch.

For information about determining the version of Internet Explorer you are using, please see the following article in the Microsoft Knowledge Base:

164539 How to Determine Which Version of Internet Explorer Is Installed

Modification Type:MinorLast Reviewed:9/26/2005
Keywords:kbHotfixServer kbQFE kbbug kbfix kbSecurity kbWin2000sp1Fix KB254902
©2004 Microsoft Corporation. All rights reserved.