Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

Update Available for Dotless IP Address Security Issue


View products that this article applies to.

This article was previously published under Q168617

↑ Back to the top


Summary

Microsoft has released an update that addresses a potential security issue involving the implementation of Security Zones in Internet Explorer. Additional information about this issue is available from the following Microsoft Web site:

Updates are available for the following products:

  • Microsoft Internet Explorer 4.01 for Windows 95
  • Microsoft Internet Explorer 4.01 for Windows NT 4.0 (Alpha and x86)
  • Microsoft Windows 98
  • Microsoft Internet Explorer 4.01 for Windows 3.1
  • Microsoft Internet Explorer 4.01 for Windows NT 3.51


This issue may enable a malicious Web site administrator to misrepresent the Web address (URL) of an Internet Web site, enabling the site to be treated by Internet Explorer's Security Zones feature as if it was located on a local Intranet.

By default, the settings for the local Intranet zone are similar to those for the Internet zone with regard to downloading executable code, (including ActiveX controls and plug-ins) in that you are prompted to confirm the download process before it begins. However, you may be at risk if you have altered your local Intranet zone settings to enable automatic downloading of executable content. Microsoft has not received any reports of adverse effects due to this issue.

↑ Back to the top


More information

NOTE: After you apply this update, computers on your local Intranet with completely numeric computer names are treated as if they are in the Internet zone. Note that Microsoft does not recommend using all numeric computer names as it can cause some utilities to misinterpret the names as IP addresses. This is documented in the following article in the Microsoft Knowledge Base:

   ARTICLE-ID: <WWLINK TYPE="ARTICLE" VALUE="Q190294">Q190294</WWLINK>
				
   TITLE     : Use of all Numeric NetBIOS Names Can Cause Problems
				


To work around this issue if you must use an all numeric computer name, add the computer's IP address to Internet Explorer's Proxy Server exceptions list. To do this, use the appropriate method:

NOTE: Perform the following steps only on computers that use a static IP address.

Microsoft Windows 95/98 or Microsoft Windows NT 4.0 or Later



  1. Click Start, click Run, type "ping <all numeric computer name>" where <all numeric computer name> is the computer's all numeric computer name, and then click OK.
  2. Note the computer's IP address, type "exit" (without quotation marks), and then press ENTER.
  3. Click Start, point to Settings, click Control Panel, and then double-click Internet
  4. Click the Connections tab, and then click Advanced under Proxy Server.
  5. In the Exceptions box, enter the IP address that you noted in step 2, click OK, and then click OK.

Microsoft Windows 3.1x or Microsoft Windows NT 3.51



  1. In Program Manager, click Run on the File menu.
  2. In Windows NT 3.51, type "cmd" (without quotation marks), and then click OK. In Microsoft Windows 3.1x, type "command" (without quotation marks), and then click OK.
  3. At the command prompt, type "ping <all numeric computer name>" where <all numeric computer name> is the computer's all numeric computer name, and then press ENTER.
  4. Note the computer's IP address, type "exit" (without quotation marks), and then press ENTER.
  5. In Internet Explorer, click Internet Options on the View menu, and then click the Connection tab.
  6. Click Advanced, and then in the "Do not use proxy server for addresses beginning with:" box, type the IP address you noted in step 4, click OK, and then click OK.
Update Information by Product:

NOTE: If you are using Internet Explorer 4.0, you must install Internet Explorer 4.01 in order to apply this update. You can install Internet Explorer 4.01 with Service Pack 1 from the following Microsoft Web site:

   <WWLINK TYPE="GENERIC" VALUE="http://www.microsoft.com/windows/ie/downloads/default.mspx">http://www.microsoft.com/windows/ie/downloads/default.mspx</WWLINK>
				


Microsoft Internet Explorer 4.01 and 4.01 with Service Pack 1 for Windows 95:

   File Name            Size           Date       Version
   -------------------------------------------------------------
   Urlmon.dll           517360         10/21/98   4.72.3510.2000
				


Microsoft Internet Explorer 4.01 and 4.01 with Service Pack 1 for Windows NT 4.0 (x86):

   File Name            Size           Date       Version
   -------------------------------------------------------------
   Urlmon.dll           517360         10/21/98   4.72.3510.2000
				


Microsoft Internet Explorer 4.01 and 4.01 with Service Pack 1 for Windows NT 4.0 (Alpha):

   File Name            Size           Date       Version
   -------------------------------------------------------------
   Urlmon.dll           828688         10/21/98   4.72.3510.2000
				


Windows 98:

   File Name            Size           Date       Version
   -------------------------------------------------------------
   Urlmon.dll           517360         10/21/98   4.72.3510.2000
				


Microsoft Internet Explorer 4.01 for Windows 3.1 and Windows NT 3.51:

   File Name            Size           Date       Version
   ------------------------------------------------------------
   Urlmon16.dll         351968         10/21/98   4.1.2510.2100
				


Reducing Your Risk If You Cannot Apply the Patch



If you are unable to apply the patch, you can reduce your risk of being affected by this problem by adjusting your Intranet Zone settings to be the same as those used by the Internet Zone. To do this, perform the following steps:

  1. Click Start, point to Settings, and then click Control Panel.
  2. Double-click Internet, and then click the Security tab.
  3. In the Zone box, click local Intranet Zone.
  4. Modify the local Intranet Zone security level or custom settings to match those in the Internet Zone.
  5. Click OK to close the Internet Properties sheet.
Note: The default configuration for both the Internet Zone and the local Intranet zone is "Medium Security". However, there is one difference between these defaults: the local Intranet Zone enables the automatic use of NTLM challenge response authentication with local Intranet machines, while this option is disabled by default when connecting to servers in the Internet Zone. If you need to change this setting, perform the following steps:

  1. Click Start, point to Settings, and then click Control Panel.
  2. Double-click Internet, and then click the Security tab.
  3. In the Zone box, click local Intranet Zone.
  4. Select the level of security that you wish to use under User Identification | Logon.
  5. Click OK to close the Security Settings dialog, then click OK to close the Internet Properties sheet.

↑ Back to the top


Keywords: kbinfo, KB168617

↑ Back to the top

Article Info
Article ID : 168617
Revision : 7
Created on : 8/15/2007
Published on : 8/15/2007
Exists online : False
Views : 659