Microsoft patch can lock users out of websites

The issue affects the cumulative patch for IE versions 5.01, 5.5 and 6.0 released on 5 February and rated "critical" by Microsoft. The software maker has released a software fix to correct the bug, according to the revised MS03-004 security bulletin.

Users were unable to access certain websites requiring user authentication after installing the patch, Microsoft said. This issue in itself does not present a security vulnerability and the original patch fixes all the vulnerabilities it is meant to.

Only users having trouble authenticating to websites or accessing MSN e-mail need to install the fix, which is available on Microsoft's security website.

The cumulative patch announced in MS03-004 includes all previously released patches for Microsoft's internet browser.

It also included fixes for two recently discovered vulnerabilities involving IE's cross-domain security model, which keeps windows of different domains from sharing information.

These two flaws could enable a website operator to load and run malicious code on a user's system.