Microsoft has issued a patch that restores Internet Explorer's ability to handle certain types of web URLs which...
had been banned by an emergency browser security patch earlier this month.
The patch restores the ability to handle a type of HTTP URL containing user authentication information such as user name and password information. The patch was issued after web developers reported problems because a critical security update, MS04-004, disabled such URLs.
That patch was intended to plug a security hole that allowed malicious hackers and online scam artists to mask the URL of a web page by manipulating the way Explorer handles URLs containing user credentials such as a user name and password.
The software update affects Microsoft XML Service Pack 2, Service Pack 3 and Service Pack 4 and is available through a link in Microsoft Knowledge Base Article 832414. (See: http://support.microsoft.com/default.aspx?scid=kb;en-us;832414.)
Websites that use XMLHTTP calls along with URLs containing user authentication information in the format "username:email@example.com" will still be blocked by Explorer, even after the latest patch has been applied, Microsoft said.
However, requests that use the XMLHTTP object and proper syntax for breaking out user name and password information from the HTTP URL will now work with browsers that have the patch applied.
Paul Roberts writes for IDG News Service