The first upgrade fixes a problem in Internet Explorer 4.0, 4.01, and 4.01 Service Pack 1 that allows JScript Scripting Engine to invoke a function that can cause Internet Explorer to terminate. For this to happen, a Web page developer would have to specifically write malicious code with that purpose in mind. Microsoft released a patch this week that fixes the problem. This patch is available for download from the Microsoft Scripting Technologies web site.
The second upgrade updates Microsoft's PPTP implementation to protect the confidentiality of user data from a variety of potential vulnerabilities. The problem occurs in Microsoft Dial-up Networking 1.2x and earlier on Windows 95, Microsoft Remote Access Services (RAS) on Windows NT 4.0, Microsoft Routing and Remote Access Services (RRAS) on Windows NT Server 4.0, and Microsoft Windows 98 Dialup Networking. Please note that the new versions of DUN mentioned in the previous article are not affected by this bug. Microsoft recommends updating to these new versions to protect your system from this potential security problem