Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

HOTFIX: A site does not run in the expected security zone in IE7 if the site address in the security zone uses a wildcard character

July 29th 2007 in Uncategorized

Symptom 1

A site address that uses a wildcard character overrides a site address that uses the exact name. For example, assume that you have added the “*.subdomain.domain.com” site address to the Local Intranet security zone. You also add the “server.subdomain.domain.com” site address to the Trusted Sites security zone. When you access the following Web site, you expect the Web site to run in the Trusted Sites security zone:

http://server.subdomain.domain.com

However, the status bar of Internet Explorer indicates that the Web site runs in the Local Intranet security zone.

Symptom 2

A site address that uses a wildcard character does not apply to a site address that is in a nested namespace. Instead, the site address that uses a wildcard character applies only to a site that is directly in the defined namespace.

For example, assume that you have added the “*.subdomain.domain.com” site address to the Local Intranet security zone. When you access the following Web site, you expect that the Web site will run in the Local Intranet security zone:

http://server.dns.subdomain.domain.com

However, the status bar of Internet Explorer indicates that the Web site runs in the Internet security zone.

In this case, the Web site runs in the Local Intranet security zone only after you add the following addresses to the Local Intranet security zone:

• *.dns.subdomain.domain.com
• server.dns.subdomain.com

Note The Web site runs in the correct zone in Microsoft Internet Explorer 6.

IMPORTANT INFO FOR HOTFIX WITH WINDOWS SERVER 2003

To apply this hotfix, you must have Windows Server 2003 Service Pack 2 installed on the computer.

IMPORTANT INFORMATION FOR HOTFIX WITH WINDOWS XP

To apply this hotfix, you must have Windows XP Service Pack 2 installed on the computer.

WINDOWS VISTA – No prerequisites

http://support.microsoft.com/default.aspx/kb/939940


Comments are closed.

Consider the following scenario. You use Dynamic Data Exchange (DDE) to integrate a program into Windows Internet Explorer 7. In this program, you configure some options to open links in new Internet Explorer windows. However, when you try to open a link in a new window, Internet Explorer 7 opens the link in a window […]

Previous Entry

I admit, there are some statements in the first video that I would argue with (such as 50% of all spam coming from bots – it is far more than that – and some of the technical statements are inaccurate) but overall the videos are a good start and they get the message across.  Their target […]

Next Entry

Archives