Microsoft Corporation warned its Internet Explorer Administration Kit (IEAK) partners this week about a serious problem with the 128-bit security patch for Internet Explorer that can cause Windows 2000 users to be unable to logon to their systems. The problem has halted the distribution of the IEAK while Microsoft works to fix it.

The IEAK is a toolkit for administrators that wish to customize and deploy Internet Explorer. It is used by large companies and Internet Service Providers (ISPs) to give users a branded version of IE that is automatically configured in a manner appropriate for those environments. When Microsoft posted a new version of 128-bit encryption upgrade for Internet Explorer shortly after the Windows 2000 launch, it provided instructions for integrating this technology into IEAK distribution patches. But following these instructions and then installing the package on a Windows 2000 machine will cause vital security files to be replaced with older versions. And this will prevent users from be able to logon to their systems. Windows 95/98 and NT 4.0 systems are not affected.

Because of the problem, Microsoft is strongly recommending that IEAK users freeze distribution of IE 5.0, 5.0a or 5.0b builds that incorporate the 128-bit security patch.

Please check the IEAK 5 Frequently Asked Questions page for details about this issue and a future resolution, which is due later this week