Microsoft fixes broken Explorer URL handling


Microsoft fixes broken Explorer URL handling

Microsoft has issued a patch that restores Internet Explorer's ability to handle certain types of web URLs which had been banned by an emergency browser security patch earlier this month.

The patch restores the ability to handle a type of HTTP URL containing user authentication information such as user name and password information. The patch was issued after web developers reported problems because a critical security update, MS04-004, disabled such URLs.

That patch was intended to plug a security hole that allowed malicious hackers and online scam artists to mask the URL of a web page by manipulating the way Explorer handles URLs containing user credentials such as a user name and password.

The software update affects Microsoft XML Service Pack 2, Service Pack 3 and Service Pack 4 and is available through a link in Microsoft Knowledge Base Article 832414. (See:;en-us;832414.)

Websites that use XMLHTTP calls along with URLs containing user authentication information in the format "" will still be blocked by Explorer, even after the latest patch has been applied, Microsoft said.

However, requests that use the XMLHTTP object and proper syntax for breaking out user name and password information from the HTTP URL will now work with browsers that have the patch applied.

Paul Roberts writes for IDG News Service

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy