Microsoft offers download patch for browser bugs

Microsoft claims it has fixed a security bug in its Internet Explorer browser, which could allow user authentication information to be intercepted.

The company has posted a patch for Internet Explorer 3 and 4 browsers on its Website, claiming that it will eliminate the page redirect security bug. The problem occurs when users type in their user name and password to enter one Website, and are later redirected to a second site. Both the account name and password are passed on to the second site, allowing them to be read or saved by the other party.

The bug affects Internet Explorer 4 for Windows 95 and NT 4, as well as Internet Explorer 3.02 for the same platforms. It was also present in the preview version of Internet Explorer 4 for Unix, but Microsoft claimed this would be fixed before the product ships.

A warning posted on the company's download site said: 'In the meantime, we advise that Unix Preview 1 users do not enter their authentication information at Websites.'

Jan Guldentops, an internet security consultant in Leuven, Belgium, said security bugs such as this one will inevitably keep turning up as long as internet software developers maintain their present breakneck release schedules. 'This market is just too competitive. Products are being developed and released too fast and there just isn't time for accurate security checking,' he said. 'And so this will keep on happening.'

Microsoft was reportedly working on a fix for another problem that occurs when software containing a bundled version of Internet Explorer - such as the AOL 3 client software - is installed on a system that already has IE4 installed. The two versions of the browser clash, with the result that neither will work. While working on a fix, Microsoft said reinstalling Internet Explorer 4 should solve the problem.