The patch came out in early February. As it's being slowly applied, it seems to have a cascade effect. So I'm sure that you'll have more login and form submission problems to deal with over time, among possibly other things - I see reports of TCP/IP and local networking problems as well. This supposes, of course, that you or your clients use some flavor of IE that has this patch applied or you operate any kind of high volume web site with users who have applied it to their IE browser. Let's take a wait and see approach, shall we? =)
p.s. Apparently, as was posted in a comment elsewhere in this thread, MS Passport uses some kind of XML login scheme that relies on basic authentication, which this particlar patch has rendered inoperable, at least at present.
I commented today on a patch that is likely the "reason" why this article might be important. There is a reply, and some thoughtful additions in this thread - if you sort them out from the Newest first.
Unfortunately most of the general public uses some flavor of Internet Explorer, and if they've (Microsoft) done something to break it, then it will effect lots of sites besides their own. I hope this doesn't result in some kind of snowball that puts us all out in the cold.
A recent cumulative update patch for Internet Explorer browsers removes support
for the user:pass@www.site.com basic authentication method for HTTP and HTTPS
URL's - a response to widespread misuse of the functionality to spoof web addresses
to trick unsuspecting users into revealing personal information to a dubious
third-party. However, a side effect of this patch includes intermittent clobbering
of hidden form fields used to maintain state or session on sites that do not
implement cookies. This will render most script driven web sites useless.. Also,
installing this patch clears out and resets any internal IE cache of username
and password combinations used on frequently visited sites, causing people to
have to enter these details anew.
It is likely that this issue may be responsible for the recently reported Hotmail
and MSN related outages (CNN)
and a variety of increasing problems on many other web sites as users continue
to install the update patch into their IE browser over time. A MS
TechNet article describes this problem and proposes workarounds - one is
to uninstall the patch, or install a new patch to fix the previous patch for
users of IE 6.0 and higher. Web site operators are also encouraged to increase
the server KeepAlive connection timeout, although a specific numeric suggestion
isn't proposed. There is an informative thread on this topic available in the
Google
Groups UseNet archives. Apparently this issue has been growing more problematic
over the past five weeks, and will continue to effect sites and users unless
steps are taken to address it.
IMHO: An illustrative analogy to this problem would be like your automobile
manufacturer determining that accidents are caused by vehicles in motion. As
a solution, all tires will be removed, thereby preventing accidents. What a
great cure.
Slashdot Mirror
p.s. Apparently, as was posted in a comment elsewhere in this thread, MS Passport uses some kind of XML login scheme that relies on basic authentication, which this particlar patch has rendered inoperable, at least at present.
Unfortunately most of the general public uses some flavor of Internet Explorer, and if they've (Microsoft) done something to break it, then it will effect lots of sites besides their own. I hope this doesn't result in some kind of snowball that puts us all out in the cold.
-N
A recent cumulative update patch for Internet Explorer browsers removes support for the user:pass@www.site.com basic authentication method for HTTP and HTTPS URL's - a response to widespread misuse of the functionality to spoof web addresses to trick unsuspecting users into revealing personal information to a dubious third-party. However, a side effect of this patch includes intermittent clobbering of hidden form fields used to maintain state or session on sites that do not implement cookies. This will render most script driven web sites useless.. Also, installing this patch clears out and resets any internal IE cache of username and password combinations used on frequently visited sites, causing people to have to enter these details anew.
It is likely that this issue may be responsible for the recently reported Hotmail and MSN related outages (CNN) and a variety of increasing problems on many other web sites as users continue to install the update patch into their IE browser over time. A MS TechNet article describes this problem and proposes workarounds - one is to uninstall the patch, or install a new patch to fix the previous patch for users of IE 6.0 and higher. Web site operators are also encouraged to increase the server KeepAlive connection timeout, although a specific numeric suggestion isn't proposed. There is an informative thread on this topic available in the Google Groups UseNet archives. Apparently this issue has been growing more problematic over the past five weeks, and will continue to effect sites and users unless steps are taken to address it.
IMHO: An illustrative analogy to this problem would be like your automobile manufacturer determining that accidents are caused by vehicles in motion. As a solution, all tires will be removed, thereby preventing accidents. What a great cure.