Microsoft Releases SSL Vulnerability Patch
Yesterday, Microsoft released a patch that eliminates two "SSL Certificate Validaton" vulnerabilities in Microsoft Internet Explorer. The holes involve how IE handles digital certificates. Under a certain set of circumstances, a malicious web site would be able to pose as a trusted page. The patch also eliminates many vulnerabilities relating to "Unauthorized Cookie Access" problems. The patch is available here
Here is a section of the bulletin:
The patch requires IE 5.01 to install; a version that supports IE 4.01 Service Pack 2 will be released shortly. Customers who install this patch on versions other than these may receive a message reading "This update does not need to be installed on this system". This message is incorrect.