January 3, 2002 5:50 PM PST
Microsoft alerts Passport users to patch IE
The Redmond, Wash.-based company has sent millions of e-mail notifications in the past month to Passport users, urging them to visit a special Web page to determine whether Internet Explorer needs a security upgrade.
"The reason for the 'canvassing' approach is that we feel that we need to do everything to make users aware of fixes to browser issues that could affect their Passport experience," said a Microsoft representative. "The fundamental architecture of IE and .Net Passport continues to be safe and secure for consumers."
The move illustrates Microsoft's sensitivity to the possibility of ongoing security risks, since many customers often ignore fixes to flawed software. Although Microsoft has not tracked how many people applied the IE fix, the company has said the issue has been a problem in the past.
The fix is meant to shore up a known vulnerability in IE 5.5 and 6.0. In November, Microsoft warned that the flaw could expose personal data contained within cookies--tiny electronic files used by Web sites to file account information or personalize pages. The flaw could allow an outsider to break into cookies and steal or alter data from Web accounts, including credit card numbers, usernames and passwords.
The software maker has been racked with security problems of late. Just two weeks ago, Microsoft released a fix for a security hole in Windows XP that could leave some systems open to a malicious attack. At the time, Microsoft recommended that every Windows XP customer apply the patch immediately.
In November, security flaws were found in Microsoft's Passport authentication system, causing the software maker to remove part of the service from the Internet. The privacy breach in the Passport service, which keeps track of data used by e-commerce sites, potentially exposed the financial data of thousands of consumers, undermining Microsoft's recent efforts to convince people that it is serious about security.
For the IE fix, Microsoft said it has sent e-mail to 25 million Passport subscribers and newsletters via Hotmail and MSN Internet access accounts.