IE Setup – From IExpress to Windows Package Installer

My name is John Hrvatin and I’m the Program Manager for Internet Explorer setup.  That includes installers for security updates as well as integrating IE into Windows setup for future releases.  In the past, IE has used IExpress as its installer.  With the release of security update MS04-038 in October 2004, however, IE has begun using the Windows Package Installer, or “update.exe”, for all IE security updates and hot fixes on the following platforms:

• Windows 2000 (all service pack levels)
• Windows XP (all service pack levels)
• Windows Server 2003 (all service pack levels) 

For security updates and hot fixes on all other platforms as well as existing packages like IE 6 SP1 (we’re not rebuilding these), we will continue to use IExpress.

We made this switch to create a more common install experience across Microsoft products and Windows components in particular, as update.exe is the standard Windows installer.  The increased consistency benefits IT administrators by standardizing the user experience, including command-line switches and the location to verify installation.

In addition, all users will benefit from this move because of update.exe features like respect of file versions and integration with system restore along with continued improvements going forward like Watson integration for non-critical failures.

Descriptions of all command-line switches, such as the rather popular ‘/quiet /norestart’, are documented in this article: Command-Line switches for Windows software update packages.  Command-line switches are also detailed in the security bulletin posted on along with each security update (you can see the most recent one at

For more general information about update.exe you can read Inside Update.exe - The Package Installer for Windows and Windows Components.

For information on IExpress switches, see Command-Line Switches for IExpress Software Update Packages.

Thanks for participating in the IEBlog!


Comments (11)
  1. Anonymous says:

    Imho to create a more common install experience, the Windows Installer (MSIServer) is a better choice. It is used by some Microsoft products and by many product outside Microsoft. It is tricky to use sometimes but it does facilitate features (e.g., resilience, advertising, policy-driven privilege escalation, etc) that are harder to implement from the ground up or using other installation technologies, and often end up not implemented for that reason.

  2. Anonymous says:

    Why do the setup examples in MS04-040 and other IE security bulletins use both the /passive and /quiet options? Isn’t this redundant?

  3. Anonymous says:

    Related to update.exe vs msiserver, the section "Installer convergence" in describes the choice that was made.

    It would be interesting to know what features got setup.exe to be the final choice for OS components.

    Maybe a possible subject for a future blog entry? ‘:)

  4. Anonymous says:

    Personally, I liked the IEAK the best. As a large corporation it provided me the flexability to deploy IE in a preconfigured setup locked down in certain areas and open in others. With the current recomended practice of using GPO you just can’t do that! They say you just make it a prefrence but i sure as heck can’t get it to work that way. This is an area that i for one think has taken a huge step back in my opinion.

  5. Anonymous says:

    The switch to update.exe is very welcome!

    BTW, I always wondered why the Update UIs don’t support Visual Styles. Even the Setup wizard of XP SP2 doesn’t use Visual Styles. The same is true for IE updates. For example, message boxes to restart the computer have non-themed buttons. Why is that?

  6. Anonymous says:

    The article you link to – "Inside update.exe" – is very informative, but seems to have a rather serious error. By my reading there are two contradictory definitions of "ERROR_SUCCESS_REBOOT_REQUIRED."

    I’d near complain myself, but the complaint might be better heard if it came from an Microsoft developer/manager required to use update.exe patches.

  7. Anonymous says:

    Thanks for the comment mw! I have corrected the whitepaper so the online version on TechNet should be correct.

  8. Anonymous says:

    Thanks Malcolm for pointing out the redundancy in using those two switches together. The /quiet suppresses all dialogs where /passive shows the progress of the installation but does not allow the user to interrupt it. Using the two together would have the same effect as just using /quiet. I have asked the folks that write the bulletins to make this clearer going forward.

  9. Anonymous says:

    John Hrvatin —

    I have not been able to get my daughter back online since her Dell Laptop Inspiron 8200 became infected with a Trojan.StartPage virus. I can’t disable System Restore and the system tells me that the User Name and Password are inconsisten with what the system wants. Do you have suggestions?

    Rick Boardman

  10. Anonymous says:

    Watson integration – is optimal.

Comments are closed.

Skip to main content