Microsoft offers update to IE 5.0 code

Late last week, Microsoft updated the version of IE 5.0 that users can download over the Internet, as noted by beta testers affiliated with the www.betanews.com site. Microsoft has included the updated IE 5.0 code as part of the Office 2000 CD versions which the company sent to manufacturing late last month and which it plans to begin shipping to its volume licensors in the next couple of weeks.

Microsoft officials said the IE 5.0 update was meant to remedy Office 2000 integration issues, such as the use of the English-language spell checker with the French-language version of IE 5.0. The updated bits do not address two security problems discovered last week in the IE 5.0 code, a DHTML cut-and-paste problem and a separate yet similar clipboard security loophole. Betanews.com testers had speculated that Microsoft updated the IE 5.0 bits to fix the clipboard problem.

The IE 5.0 version that Microsoft released publicly on March 18 was build no. 5.00.2014.0216; the new build is 5.00.2314.1003. In order to find the updated copy of IE 5.0, users must delete their existing setup files and then re-download the Active Setup file, say betanews testers. Users will then be able to update IE 5.0 and Outlook Express. The clipboard security flaw, discovered last week, allows web servers to copy the contents of a user's Windows clipboard cache to the servers, without a user's consent. This can be done while IE 5.0's security settings are at their default level. Details regarding the security breach are explained on the System Optimisation Web site .

Microsoft says it has no plans to fix the clipboard security flaw, calling the capability to capture clipboard data not a bug, but a "feature, that is by default, enabled," in the words of a Microsoft spokeswoman. She said users who find the feature objectionable should disable it. Microsoft does have plans to fix the DHTML cut-and-paste problem, but not until mid-April, in the form of an updated ActiveX control, she said.