Article ID: 831167 - View products that this article applies to.
You may not be able to log on to a Web site or complete an Internet transaction after you install the 832894 (MS04-004) security update. For example, when you submit your user name and password to an SSL-secured Web site by using a form on a HTTPS Web page, you may receive an HTTP 500 (Internal Server Error) Web page.
This problem may occur after you apply the 832894 security update (MS04-004) or the 821814 hotfix on a computer that runs Microsoft Windows XP, Windows 2000, Windows NT 4.0, Windows Millennium Edition, or Windows 98.
For additional information about these software updates, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/832894/ )MS04-004: Cumulative security update for Internet Explorer
821814The 832894 security update (MS04-004) and the 821814 hotfix change how the Internet extensions for Windows (Wininet.dll) retries POST requests when a Web server resets the connection. Programs that use Windows Internet (Wininet) application programming interface (API) functions to post data (such as a user name or a password) to a Web server retry the POST request without including the POST data if the Web server closes (or resets) the initial connection request.
(http://support.microsoft.com/kb/821814/ )You receive a "page cannot be displayed" error message when you post to a site that requires authentication
Note A POST request does not include POST data if its content length is set to 0 or is empty.
Sometimes, this behavior prevents another reset and permits authentication to complete. However, you may receive an HTTP 500 (Internal server error) Web page if the Web server must have the POST data included when Wininet retries the POST request.
Update informationTo download and to install this update, visit the Microsoft Windows Update Web site, and then install critical update 831167:
http://update.microsoft.comAdministrators can download this update from the Microsoft Download Center or from the Microsoft Windows Update Catalog to deploy to multiple computers. If you want to install this update later on one or more computers, search for this article ID number by using the Advanced Search Options feature in the Windows Update Catalog.
For more information about how to download updates from the Windows Update Catalog, click the following article number to view the article in the Microsoft Knowledge Base:
323166The following files are available for download from the Microsoft Download Center:
(http://support.microsoft.com/kb/323166/ )How to download updates that include drivers and hotfixes from the Windows Update Catalog
Download the Q831167.exe (32-bit) package now.
Collapse this imageExpand this image
Download the Q831167.exe (64-bit) package now.
Collapse this imageExpand this image
Release Date: February 12, 2004
For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.
(http://support.microsoft.com/kb/119591/ )How to Obtain Microsoft Support Files from Online Services
PrerequisitesTo install this update, you must be running Internet Explorer 6 SP1 (version 6.00.2800.1106) on one of the following versions of Windows:
Restart requirementYou must restart your computer after you apply this update.
Update replacement informationThis update replaces 821814 for Windows XP, Windows 2000, Windows NT 4.0, Windows Millennium Edition, Windows 98 Second Edition, and Windows 98.
Note This update does not replace 821814 for Windows Server 2003 because the problem that is described in this article does not occur on Windows Server 2003-based computers.
Deployment informationThe packages for this update support the following Setup switches:
q831167.exe /q:a /r:n
File informationThe English version of this update has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.
Date Time Version Size File name Platform ------------------------------------------------------------------- 06-Feb-2004 18:05 6.0.2800.1405 588,288 Wininet.dll 07-Feb-2004 01:41 6.0.2800.1405 1,796,608 Wininet.dll IA-64
If you cannot apply the update that is discussed in the Resolution section, you can use one of the following server-side actions to work around the problem:
Microsoft has confirmed that this is a problem in Microsoft Internet Explorer 6.
Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/322756/ )How to back up and restore the registry in Windows
After you apply the 831167 software update that is described in this article, programs that use Wininet functions to post data to a Web server will resend complete POST requests when a connection with a Web server is reset.
To enable header-only post behavior, create a DWORD value named SampleApp.exe, where SampleApp is the name of the executable file that runs the program. Set the DWORD value's value data to 1 in one of the following registry keys:
Note To enable header-only post behavior for all programs that use Wininet functions to post data to a Web server, create a DWORD value named * to the same registry key, and set the value's value data to 1.