I wrote in the Mar. 11 issue of Brian’s Buzz about three security bulletins that Microsoft released as part of its normal monthly update schedule on Mar. 9.
No major new security bulletins have been released by Microsoft since that time. Some changes to the previous situations, however, are important enough that you need to find out if the changes affect you. Two of these are described below.
New hotfixes aid users of Microsoft’s XMLHTTP
MS04-004 (832984): The patch that was released by Microsoft in the past year with the worst side-effects was MS04-004 (KB 832894), posted on Feb. 2.
I reported in the Feb. 12 issue of Brian’s Buzz that MS04-004 broke the username/password URL functionality in Internet Explorer, which many system administrators rely upon to give authorized users access to corporate resources. In addition, the patch has incompatibilities, among many other things, with cacheing in IE and programs written in Microsoft’s MSXML.
Since that time, one of the Knowledge Base articles that I linked to has been updated by Microsoft as recently as March 3. The updated article provides links to not one but five different hotfixes for five different versions of XMLHTTP. These versions are XMLHTTP 2.5, 2.6, 3.0 SP2, 3.0 SP3, 3.0 SP4, and 4.0 SP2.