Windows · Free download · Browsers

Microsoft Internet Explorer and quot;SSL Certificate Validation and quot; Vulnerability PatchvMS00-039

lets you eliminate two security vulnerabilities involving digital certificates in <A HREF=/Internet/Web_Browsers_and_Utilities/Browsers/Review_17790_index.html>Microsoft Internet Explorer</A>.

Operating system
Windows 95/98/Me/NT/2000/Windows 10/11
File size
2 MB
License
Freeware
Last updated
Feb 7, 2025
Download Microsoft Internet Explorer and quot;SSL Certificate Validation and quot; Vulnerability Patch Read review

253 downloads·452 page views

Sponsored

Overview

What is Microsoft Internet Explorer and quot;SSL Certificate Validation and quot; Vulnerability Patch?

lets you eliminate two security vulnerabilities involving digital certificates in <A HREF=/Internet/Web_Browsers_and_Utilities/Browsers/Review_17790_index.html>Microsoft Internet Explorer</A>.

In depth

A closer look at Microsoft Internet Explorer and quot;SSL Certificate Validation and quot; Vulnerability Patch

The vulnerabilities involve how Microsoft Internet Explorer handles digital certificates, which could allow, under a very daunting set of circumstances, a malicious Web site operator to pose as a trusted Web site.

Two vulnerabilities have been identified in the way IE handles digital certificates. (1) When a connection to a secure server is made via either an image or a frame, IE only verifies that the server's SSL certificate was issued by a trusted root; it does not verify the server name or the expiration date. (2) When a connection is made via any other means, all expected validation is performed. Even if the initial validation is made correctly, IE does not re-validate the certificate if a new SSL session is established with the same server during the same IE session.

The circumstances under which these vulnerabilities could be exploited are fairly restricted. In both cases, it is likely that the attacker would need to either carry out DNS cache poisoning or physically replace the server in order to successfully carry out an attack via this vulnerability.

The timing would be especially crucial in the second case, as the malicious user would need to poison the cache or replace the machine during the interregnum between the two SSL sessions.

Verdict

Should you download Microsoft Internet Explorer and quot;SSL Certificate Validation and quot; Vulnerability Patch?

Microsoft Internet Explorer and quot;SSL Certificate Validation and quot; Vulnerability Patch runs on Windows 95/98/Me/NT/2000/Windows 10/11 and is available under the Freeware license — the installer is 2 MB. We’ve catalogued it under Browsers.

Verified clean. Every Microsoft Internet Explorer and quot;SSL Certificate Validation and quot; Vulnerability Patch build on SoftLookup is scanned for viruses, spyware, adware, trojans and backdoors. We re-test on every update.
Sponsored

At a glance

Microsoft Internet Explorer and quot;SSL Certificate Validation and quot; Vulnerability Patch specifications

Category
Browsers
Publisher
Microsoft Corporation
Last updated
Feb 7, 2025
License
Freeware
Operating system
Windows 95/98/Me/NT/2000/Windows 10/11
File size
2 MB
Price
Free
Page views
452

Leave a comment

Help fellow users decide. Share your experience with Microsoft Internet Explorer and quot;SSL Certificate Validation and quot; Vulnerability Patch.

Download Microsoft Internet Explorer and quot;SSL Certificate Validation and quot; Vulnerability Patch