Instead of seeing the expected site or cookie name displayed, cookies are identified as alpha-numeric.txt files (i.e., HILD912G.txt).
In testing, I intentionally started installing the security updates one-by-one, selecting Microsoft Security Bulletin MS11-057 - Critical: Cumulative Security Update for Internet Explorer (2559049) first since it applies to all three operating systems and browsers. Indeed, following a restart, I was able to confirm the change in cookie display for IE9 on Windows 7.
Based on feedback from WinPatrol users, this issue has been confirmed in Windows XP, Windows Vista and Windows 7 with IE8 and IE9. (IE6 and IE7 have not been tested but will likely be impacted the same since the update applies to all versions of Internet Explorer.)
MS11-057 is a critical security update and it is strongly advised that it be installed. Cookies are a minor issue compared to the fix in this update, which, as described in the MSRC Blog:
"resolves five privately reported vulnerabilities and two publicly disclosed vulnerabilities in Internet Explorer. The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer."Bill Pytlovany has been advised of the situation and is actively working on a solution.
It's not just how WinPatrol perceives cookie names... the Microsoft Update has implemented a new cookie-naming system for ALL cookies used by Internet Explorer (perhaps for privacy/security concerns???). So ANY program (or user) that accesses one's IE-cookie-file will encounter these random cookie names.
ReplyDeleteBillP has written about it here: http://billpstudios.blogspot.com/2011/08/windows-update-changes-ie-cookies-names.html
The cookie changes are explained in the "Cookie Filenames are Randomized" section of EricLaw's IEInternals blog post, Internet Explorer 9.0.2 Update.
ReplyDelete