This update resolves the "Cached Web Credentials" security vulnerability in Internet Explorer. Download now to prevent a malicious user from learning the credentials of another user and then using them to log onto a Web site as the other user. This vulnerability does not give a malicious user the ability to add, change, or delete files on your computer.

Under the "Cached Web Credentials" vulnerability, if a user logs onto a secured Web page using Basic Authentication, and subsequently visits a non-secure page on the same site, Internet Explorer automatically sends the cached credentials, normally a user ID and password, to the non-secure page. If a malicious user gains control over the other user's network communications, it is possible for the malicious user to read the credentials and use them. This vulnerability does not provide a means by which the malicious user can force another user to log onto a secure page, and can only be used to reveal credentials that had been cached during the current Internet Explorer session.

For more information on this vulnerabilty, please read the Microsoft Security Bulletin MS00-076. (This site is in English.)