MS02-015 (Q319182) breaks intranet cookies

From: Strele Franz (Franz.Strele@SYNERGIS.AT)
Date: 04/05/02


Date:         Fri, 5 Apr 2002 12:33:04 +0200
From: Strele Franz <Franz.Strele@SYNERGIS.AT>
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

hi,

i've installed the ms02-15 q319182 security patch for ie6 and now internet
explorer doesn't do cookies from an intranet iis. i've made a simple
.asp-page "Response.Write Session.SessionID" for testing and when i refresh
the page on the client, i get a new sessionid everytime.

this only happens when i apply the patch.
everything is ok before i apply the patch...

this only happens when i access the server via intranet (http
://server/test/test.asp)
everything seems to be ok (sessionid stays the same)when i access the server
via internet (http ://www.company.com/test/test.asp)...

i tested with following os on different machines:
* win 98
* win nt 4
* win 2000
* win xp

ie6 version is 6.0.2600.000

is someone else experiencing this ? is there a workaround ? have i missed
something ?

thanks,
franz