Short Take: Patch available for IE "dotless" bug

Microsoft has posted a patch for a recently discovered security bug in its Internet Explorer browser. The IE "dotless" bug lets a malicious Web site operator use a form of IP address without dots to make the browser behave as though it has accessed a site within a local network, rather than on the public Internet. Users who have changed the intranet Security Zone from the default setting are at risk. The patch is posted to the Windows Update site for Windows 98 users, and the Microsoft security site for non-Windows 98 users.

Paul Festa Staff Writer, CNET News.com

Paul Festa

covers browser development and Web standards.

See full bio

Paul Festa

Jan. 2, 2002 4:43 p.m. PT

has posted a patch for a recently discovered security bug in its Internet Explorer browser. The IE "dotless" bug lets a malicious Web site operator use a form of IP address without dots to make the browser behave as though it has accessed a site within a local network, rather than on the public Internet. Users who have changed the intranet Security Zone from the default setting are at risk. The patch is posted to the Windows Update site for Windows 98 users, and the Microsoft security site for non-Windows 98 users.