Bugtraq mailing list archives
FW: URGENT: Freeze Distribution of IE 5.0, 5.0a, and 5.0b with th e 128-bit encryption pack
From: stace.cunningham () KEESLER AF MIL (Cunningham Stace D MSgt 2 AF/XPI)
Date: Mon, 13 Mar 2000 12:59:48 -0600
FYI in case people aren't aware yet... -----Original Message----- From: ieak () microsoft com [mailto:ieak () microsoft com] Sent: Monday, March 13, 2000 10:49 AM To: stace.cunningham () keesler af mil Subject: URGENT: Freeze Distribution of IE 5.0, 5.0a, and 5.0b with the 128-bit encryption pack IEAK Partners, Microsoft has just discovered a serious problem when a user attempts to install the 128-bit security patch for Internet Explorer 5.0, 5.0a and 5.0b on Windows 2000 as part of an IE5.0 IEAK package. After restarting the system, users will not be able to logon to Windows 2000. The instructions to incorporate the 128-bit security patch into IEAK packages say you should use the command line switches: "/q:a /r:n /n:v" The /n:v switch when used with ie5dom.exe (the 128-bit security patch for 5.0x) causes important security files on Windows 2000 to be replaced with older files, preventing users from logging on. Installations created using IEAK 5.0 for Windows 95, Windows 98, and Windows NT4 systems with the ie5dom.exe, and these command line parameters specified, are not affected. It is critical that you freeze distribution of IE 5.0, 5.0a or 5.0b builds that incorporate the 128-bit security patch with these switches. Please take immediate action to help prevent more customers from encountering this issue. Please check http://www.microsoft.com/windows/ieak/en/support/faq/default.asp and Microsoft Knowledge Base (KB) article Q255669 for updates to this issue. Note: It may take 24 hours from the original issuance of this bulletin for the Microsoft Knowledge Base (KB) article related to this issue to be visible. We sincerely apologize for this inconvenience and thank you in advance for your help in protecting end users. Thank you, The IEAK Product Team Checking to see if you have included this command-line switch: To check a package for this issue: Open your IEAK package in the IEAK Wizard and go to the Custom Components screen. Examine each custom component. If you have included ie5dom.exe as a custom component, check the command line switches for '/R:N /Q:A /N:V' *OR* If you don't have the IEAK Wizard available to you: 1) Extract your custom IE 5.0x package by running this command line: 'ie5setup.exe /c /t:<path to an empty directory>' 2) Browse to the directory. Open 'iesetup.cif' in Notepad. 3) Look for a section like this: [CUSTOM0] SectionType=Component DisplayName='128-bit Security' URL1='Ie5dom.exe',2 GUID=128PATCH Command1='Ie5dom.exe' Switches1='/R:N /Q:A /N:V' Type1=2 UninstallKey='' Version= Size=216 Platform=win95,win98,nt4,nt5, Modes='0,1,2' Details='128-bit Securiy' Group=CustItems Priority=500 UIVisible=0 4) Examine for: Switches1='/R:N /Q:A /N:V' If you have this switch listed, immediately freeze distribution of this package!!!
Current thread:
- FW: URGENT: Freeze Distribution of IE 5.0, 5.0a, and 5.0b with th e 128-bit encryption pack Cunningham Stace D MSgt 2 AF/XPI (Mar 13)