Microsoft has released four cumulative updates for Internet Explorer (IE) this year. After you install the February updates, the security patches cause IE to behave unexpectedly when you attempt to browse a Microsoft Word document, a Rich Text Format (.rtf) file, a Microsoft Excel spreadsheet, or a comma-separated file (.csv) on an internal or external Web server. Before opening the document, IE verifies that the content type in the Web page’s header matches the document’s file name. If the two match, IE displays the requested document; otherwise, IE prompts you to open or download the file. A bug in the shdocvw.dll component of February IE cumulative update incorrectly greys out the Open button when you attempt to browse .rtf or .csv files, but not .doc or .xls files. The Microsoft article "PRB: Open Button in Dialog Disabled When You Browse or Redirect to .rtf or .csv Files" at http://support.microsoft.com/default.aspx?scid=kb;en-us;q318761 describes two methods you can use to workaround the greyed-out Open button

The August 22 cumulative IE release includes fixes from the February, March, and May update rollups and corrects three problems introduced by previous IE versions. Among the fixes, Microsoft FrontPage correctly displays Web pages that use cascading style sheets (CSS) with themes in Preview mode, the multilanguage version no longer displays some dialog boxes in English, and Secure Sockets Layer (SSL) links in Word documents and Excel spreadsheets function correctly, instead of producing the "cannot find server" error message.

You can download the August rollup (Security Bulletin MS02-047) from http://www.microsoft.com/windows/ie/downloads/critical/q323759ie/default.asp. The download can update IE 6.0, IE 5.5, and IE 5.01 Service Pack 2 (SP2) and SP3. Because Microsoft no longer packages IE updates in service packs, you need to apply the rollup to existing SP3 systems and new SP3 builds. As with previous cumulative updates, you can't uninstall this patch, so test it carefully before you roll it out on production systems.

If you upgrade IE using the August version, IE’s script-blocking feature won't let users browse Web pages on a Windows 2000 Server Terminal Services system—script blocking disables the Terminal Services ActiveX controls). When a client tries to connect to Terminal Services with the August IE update installed, the connection attempt will fail with either a blank page or a scripting error message. If clients routinely access Terminal Services through a browser, you need to update the Terminal Services ActiveX control before you update client systems. To avoid the same error when browsing other Web pages, you must also modify existing Active Server Pages (ASP) files so they reference the new control. The Terminal Services ActiveX control and installation instructions are located at (http://www.microsoft.com/windowsxp/pro/downloads/rdwebconn.asp). The Microsoft article "You Cannot Connect to Terminal Services from a Web Page" at http://support.microsoft.com/default.aspx?scid=kb;en-us;q328002 contains instructions on the edit you perform to update control information on ASP pages

Building Your Own Windows Update Server
With the advent of the Automatic Updates client in Windows 2000 Server Service Pack 3 (SP3), many sites will opt for managing security hotfixes and bug fixes internally. A while ago, I promised to give you instructions for installing and configuring your own Windows Update server, affectionately known as a Software Update Server (SUS). To support more than just a few clients, you’ll need a fairly robust server running Microsoft IIS. Building a secure Web server is quite a labor-intensive task—make sure you don’t forget to run the IIS Lockdown tool. The SUS main reference page (http://www.microsoft.com/windows2000/windowsupdate/sus/default.asp) contains links to white papers and SUS server and client software you can download to deploy this solution internally.

I haven’t had time to install and configure a SUS server yet, so if you've undertaken this task, send me your feedback. I’m particularly interested in how easily the SUS software installs and whether it interoperates smoothly with the SP3 Automatic Updates client. Also, if you’re just getting started with the Automatic Updates client, you'll find a new article that describes the available update modes, how to configure the client in Control Panel, and how the Automatic Updates Group Policy affects the ability to configure the client locally.