The MS01-020 and MS01-027 Security Patches May Not Be Applied When You Upgrade to Internet Explorer 6 (308411)


The information in this article applies to:

  • Microsoft Internet Explorer version 6 for Windows 98
  • Microsoft Internet Explorer version 6 for Windows 98 Second Edition
  • Microsoft Internet Explorer version 6 for Windows Millennium Edition
This article was previously published under Q308411

SYMPTOMS

When you upgrade to Internet Explorer 6, the MS01-020 or MS01-027 security updates may not be applied to your computer.

CAUSE

The files that contain the vulnerability are associated with Microsoft Outlook Express, which is included as part of Internet Explorer. If all of the following conditions exist, Outlook Express is not upgraded and the vulnerability remains:
  • You are running Microsoft Windows 98, Microsoft Windows 98 Second Edition, or Microsoft Windows Millennium Edition (Me). Note that Internet Explorer 6 is not supported on Microsoft Windows 95.
  • You upgraded from Internet Explorer 5, 5.01, 5.01 Service Pack 1 (SP1), 5.5, or 5.5 SP1 to Internet Explorer 6.
  • You did not apply the patch for MS01-020 or MS01-027 before you upgraded to Internet Explorer 6.
  • When you installed Internet Explorer 6, you either selected the Custom Install option and cleared the option to install Outlook Express, or you selected the Minimal Install option.
Note that this issue does not apply to Microsoft Windows NT 4.0, Microsoft Windows 2000, or Microsoft Windows XP because the vulnerable code is always updated on these versions of Windows.

RESOLUTION

To resolve this problem, reinstall Internet Explorer 6 from the following Microsoft Web site:

http://www.microsoft.com/windows/ie/downloads/ie6/default.asp

The default installation mode for Internet Explorer 6 is the Typical Install option, which upgrades Outlook Express and protects against the vulnerability. Also, the Full Install option upgrades Outlook Express and protects against the vulnerability.

MORE INFORMATION

The files that contain the vulnerability cannot be added to your computer by an Internet Explorer 6 installation; they must already be present before the installation. If your computer was not affected by the vulnerability before you installed Internet Explorer 6, your computer is not vulnerable afterwards. If you applied the MS01-020 or MS01-027 security update, or Internet Explorer Service Pack 2 (SP2) before you installed Internet Explorer 6, you have already eliminated the vulnerability.

If you upgraded directly from Internet Explorer 4.x or earlier, you are fully protected because these versions do not contain the vulnerability.

If you think you might be affected by this problem, start Outlook Express, and then click About Outlook Express on the Help menu. The version number is displayed in the dialog box. If the version number begins with "5", you need to upgrade Outlook Express. The easiest way to do this is to reinstall Internet Explorer 6 by using the Typical Install or Full Install option.

For more information, see the following Microsoft Web site:

http://www.microsoft.com/technet/security/topics/NimdaIE6.asp

Modification Type:MinorLast Reviewed:6/7/2005
Keywords:kbenv kbprb KB308411
©2004 Microsoft Corporation. All rights reserved.