On October 15, 1999, Microsoft released Security Bulletin MS99-042, which

discussed the availability of a patch that eliminates the "IFRAME

ExecCommand" vulnerability in Microsoft(r) Internet Explorer 4.01 and 5.0.

However, we subsequently determined that the patch contained a regression

error.  While the patch did provide protection against the "IFRAME

ExecCommand" vulnerability, it re-exposed a previously-patched security

vulnerability.  We have corrected the regression error and re-released the

patch.



We have updated the security bulletin and FAQ, and it is available at

http://www.microsoft.com/security/bulletins/ms99-042.asp.  The updated

bulletin contains information on the vulnerability, the regression error,

and the updated patch.  Please note that the regression error only affected

the IE 5.0 version of the patch; the patch for IE 4.01 was unaffected, and

customers who applied it do not need to take any action.



We apologize for any inconvenience caused by this incident, and are working

to improve our process in order to prevent similar incidents in the future.

Regards,



The Microsoft Security Response Team