IE December Security Update – addressing scattered reports of odd browser behavior

We have received scattered reports of users experiencing odd browser behavior after installing our most recent security update. Some of you have reported opening a browser window that promptly hangs IE, others have reported opening links that render blank, and finally we have reports of multiple windows opening when initiating a browser session. After investigating several of these reports, we have traced these issues to a common source.

If a user has ever attempted to run IE7 Beta1 in an unsupported side-by-side configuration with a version of IE6, IE7 Beta1 puts a registry key on the machine the first time a user executes the IE7 version of IEXPLORE.EXE. This key is part of an normal IE7 installation on XP, and will not be configured correctly if an unsupported side-by-side install is used. When IE7 is installed using the installer, the key should be removed properly upon uninstall. A machine can also load this registry key and not remove it during a failed IE7 installation.

To address this issue on a machine running IE 6 SP1 with our most recent security update, locate and delete this entire key from the registry of the affected machine: HKEY_CLASSES_ROOTCLSID{c90250f3-4d7d-4991-9b69-a5c5bc1c2ae6}. If you are running IE7 Beta1 in a side-by-side scenario with another version of IE, this is not a supported scenario. Please uninstall and reinstall IE7 Beta1 in the recommended manner.

Thank you all for your blog comments reporting this incident. Your valuable feedback allowed us to locate this issue in IE7 Beta1 and investigate how to prevent the problem in future.

- Jeremy Dallman

Comments (105)
  1. Anonymous says:

    Excellent, I was bitten by this bug earlier this week and was facing a re-install to get IE to work properly again. This fix solved the problem.

    For me, the behaviour I was seeing was whenever I typed a URL into IE, it would launch firefox to view the page.

    I’ve deleted my sidebyside install of IE7, and promise to behave from now on.

    It’s funny to be reading an RSS feed and have it describe the exact problem that was vexing you for the past two days…

  2. As a web developer it would be nice to have multiple versions of IE installed side-by-side.

    I do understand that supporting side-by-side installations would be a pain to support because it would exponentially explode the test cases.

  3. Anonymous says:

    I find it interesting that Microsoft investigated an "unsupported" configuration and found a solution for it.

    Now back to our regularly scheduled spam of those who run the unsupported configuration yelling about why IE7 is taking so long to reach beta 2, when if they’d stop reporting problems with an unsupported configuration and forcing MS to stop and investigate these bug reports, we might have beta 2 by now.

  4. Anonymous says:

    Maurits: iexplore.exe (the Internet Explorer front-end) has an undocumented switch, -eval, which will put it into "evaluation mode", where it will preload the following DLLs before yielding to the actual Internet Explorer main loop (in shdocvw.dll):









    If you put these in the iexplore.exe directory, they will be loaded instead of those in the system directory, and the older version of Internet Explorer implemented by that set of DLLs will load

    Or so it used to work in Windows 98. I believe in Windows 2000 and later you’d have to use an iexplore.exe.local hack (LoadLibrary() has been somewhat hardened since then), and in Windows XP and later you could use application manifests

    All the versions "installed" this way will share their settings, history and cache (the latter two being especially problematic, since their on-disk format may have changed), but I believe you can use the Application Compatibility Administrator to apply the virtual registry shim and redirect the relevant keys

    Your mileage may vary. On the internet you can find detailed guides on how to do it, or even pre-made applications that will do everything for you. This is obviously unsupported, not to mention unused (hence untested) since Internet Explorer 4.0, and may have quirks or not work outright

    Finally, all applications using Internet Explorer components will use the system-wide version – unless the relevant DLLs aren’t redirected in a way similar to how iexplore.exe does

  5. Anonymous says:

    yes! what happened with me is this: when typing url into the address bar, everything worked fine. when selecting a link from favorites, it would launch a blank window that hung, and then loaded the url. when selecting favorites through the start menu, 2 blank windows would be launched and both would hang.

    i’ve been in contact with microsoft support for several days, and their first advice was "clear the cache". this issue befuddled the sh** out of them. i’m glad i’m tech savvy enough to read blogs like this. if i relied on microsoft support, i’d be completely lost.

    ms support sucks. of course why should they care? its not like they are making any money by fixing my problem.

  6. Anonymous says:

    My IE problem is that multiple windows were opening on launch – at times over 100 in a few seconds – totally locking up my system.

    I have a stand alone version of IE 7 Beta 1 that I snagged from running alongside IE 4, 5, 5.5 and 6. I always thought that these versions didn’t add anything to the registry. Hmmm . . .

    I found a similar key there but the upper lower cases are slightly different so I’m not sure it is identical to the one you recommended removing:



    I need to have these browers to do cross browser testing. So exactly how can I do that with IE 7?


  7. Anonymous says:

    I’d like to warn you IE folks that some clueless CNET reporter has misreported this and made it into a front page news –

    Here’s what I wrote about it in the talkback for the story –

    There is no news here. The reporter does not realize that this does not affect all IE7 installations but rather only those IE7 installations where the person chose to install it in a "unsupported" manner side by side with IE6. Those who installed IE7 normally would have no problem. So the number of people effected is very small. This is not newsworthy in any way and shows lack of knowledge on the part of the reporter to understand what the issue is and also lack of journalistic skills to investigate the story properly. Clue: Just reading some random tech blog where you don’t even understand all the technical details and making a story of it does not make you a good reporter. Anyone can do that. At the very least contact the blogger and get their point of view or clarification about anything you don’t understand. This clearly shows extreme bias on the part of to publish any remote and random negative story about Microsoft. How sad that CNET cannot find anything more newsworthy.

  8. Anonymous says:

    I’m not sure of the significance but there are other keys that reference this CLSID value. Is there any concern about these since they now reference a non exsistent value?

    HKEY_CLASSES_ROOTInterface{07B5F0B8-EC29-4C50-B7EB-A6A3198CF7B1} contains a (default) value under ProxyStubClsid32

  9. Anonymous says:


    Side by Side install of different versions of IE is not a supported configuration. If you hack your system in order to do this, you run the risk of destabilizing it or having crashes, such as the issue addressed in this blog post. There is no Microsoft supported mechanism for running different versions of IE on the same system. I would suggest using Virtual PC and having different virtual systems with different versions of IE if it is necessary to have access to different IE versions.

    Al Billings [MSFT]

  10. Anonymous says:

    I will also point out that the Beta 1 of IE7 is only legitimately available from MSDN. If you download it from a third party site, you may get almost anything, including the possibility of malware.

  11. Anonymous says:

    Thanks for the responses.

    These versions of IE, used by webmasters all over the world, do not require any hacks or ‘installation’ and they never appear in Add-Remove Programs. To activate, it is only necessary to put the folders in Programs Files and launch. Uninstall of these versions is accomplished by deleting the folders.

    In any case, can you please tell me if registry keys are case sensitive? My key is in caps while the one recommended for removal is lower case. Dealing with the registry is one of my least favorite things to do and I want to be sure before I nuke it.

    Looking forward to a confirmation . . .

  12. Anonymous says:

    earther: the registry is not case sensitive, see for details.

    I’m glad to see that this issue has been resolved and that once again I feel 100% confident in the Windows Update mechanism.

  13. Anonymous says:

    Hey, can you fix the certificate on this and other msdn blogs?

  14. Keith Farmer says:

    I’ve got this problem, but not the key cited:


    SKC VC Name Property

    — — —- ——–

    4 1 {C94611FA-1905-4195-A23C-29… {(default)}

    3 1 {C96401CC-0E17-11D3-885B-00… {(default)}

    3 1 {C96401CF-0E17-11D3-885B-00… {(default)}

    3 1 {C96401D1-0E17-11D3-885B-00… {(default)}

    2 8 {C9A14CDA-C339-460B-9078-D4… {Author, SpecVersion, Version, Vendor, MetadataFormat, RequiresFullStream, SupportsPadd…

    3 1 {C9BC92DF-5B9A-11D1-8F00-00… {(default)}

    4 1 {C9E37C15-DF92-4727-85D6-72… {(default)}

    3 1 {C9F0A842-3CE1-338F-A1D4-6D… {(default)}

    3 1 {C9F61CBD-287F-3D24-9FEB-2C… {(default)}

  15. Anonymous says:

    <<These versions of IE, used by webmasters all over the world, do not require any hacks or ‘installation’ and they never appear in Add-Remove Programs.>>

    "Earther"– I don’t think it’s safe to assume that folks willing to illegally redistribute Internet Explorer are not also willing to find a way to "personally benefit" from such activities.

    "…"– There’s nothing really wrong with the certificate on the MSDN blog. The issue is that Firefox doesn’t support all forms of intermediate certificate download. IE users do not see a prompt because IE downloads the intermediate certificate as needed. There’s a bug over in Bugzilla on this issue.

  16. Anonymous says:

    It seems strange, why Microsoft doesnt provide an official mechanism to install several versions of IE simultaneously. It is very inconveniently for Web developers. However, Microsoft never cares for Web developers. 🙁

  17. Anonymous says:

    ive never tried to install IE7 , i use firefox and just use IE as back up..all im guilty of is installing updates which now keeps on trying to install everytime !!!

    and i dont have the registry key listed either…

  18. Anonymous says:

    "It seems strange, why Microsoft doesnt provide an official mechanism to install several versions of IE simultaneously."

    Virtual PC is included in an MSDN subscription, what more do you need?

  19. Anonymous says:

    I read that bugzilla bug report.

    They say that it happens with intermediate certification authorities.

    A server has to include all certficates exspect the root certificate. Then Mozilla AND IE will accept them.

    It the intermediate certficiate is missing, neither IE, nor Mozilla will accept them on a FRESHLY INSTALLED PC.

    BUT: Internet Explorer has a strange way of dealing with intermediate certificates: It downloads and installs them in a special cert store.

    So it KEEPs them.

    Visiting only one properly configured server is enough to make the BUG disappear on IE, but not on Firefox.

    You should really configure the servers correctly!

  20. Anonymous says:

    "Virtual PC is included in an MSDN subscription, what more do you need?"

    I think it’s not effective to set up _one_ _more_ _OS_ (though vitrual one) for the sake of merely launching a browser. Why Opera and Firefox don’t require any stuff like virtual machines etc?

  21. Anonymous says:

    Absolutely, it should be easy to use more than one copy of IE — especially of IE7, where you would think MS would get a clue: Make IE as independent of Windows as possible! Obvious benefits include easier testing (duh) and increased security (duh) as well as the loss of dependence on the Registry (yay).

    I also should not have to buy a MSDN subscription or run a virtual machine. I’m not a "Microsoft Developer." I’m a __Web__Developer__ who has to test in IE because 80-odd percent of the world uses IE because it ships with their computer!

  22. Anonymous says:

    Thanks very much for posting this, Jeremy.

  23. Anonymous says:

    Well, I got this update last night while I was out and now I cannot print my bill from Cingular without IE crashing. And no I do not have IE7 installed on this machine.

  24. Anonymous says:

    Opera and Firefox aren’t part of the operating system. Other parts of Windows rely on components that IE ships. That’s why putting more than one version on your system is a bad idea.

    The post above makes it clear that the entire reason for the problems people reported with multiple windows opening, etc. was because people were doing this side by side install barring the occasional uninstall error for IE7.

  25. Anonymous says:

    Hmm, I couldnot instal that patch, I got only this message:

  26. Anonymous says:

    Thanks guys, this fixed my problem.

    One note; on my x64 system, the key was located at HKEY_CLASSES_ROOTWow6432NodeCLSID{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}

    I have also removed IE7 my "side-by-side" installation 😉

  27. Anonymous says:

    This update really screwed up my computer. After the update, Windows XP would try to start and then would give a blue screen of death and immediately reboot me. The first issue was a bad image checksum failure on urlmon.dll. I loaded the file from the Windows XP cd back onto my C: drive and got another blue screen. This time it was a bad image checksum for shdocvw.dll. I reloaded that from the CD and was able to finally boot my computer. Now, any program which calls IE for embedded web pages – such as Yahoo or AIM – crashes with an error in kernel32.dll. IE will not run at all.

    This is just horrible. Why put out an update that crashes our machines?

  28. Anonymous says:

    Eric, glad to know you guys regularly peruse Bugzilla…

    But I have a question… Does the IE team have anything equivalent to bugzilla? Internal or external.

  29. Anonymous says:

    I am happy to report that deleting the registry key solved the problem I was having. I just installed the update and all is well.

    [rant]I just wish that MS would make things easier instead of harder for designers to do their work. Understandable since there’s no money to be made in keeping designers happy. 😉 The CSS bugs in IE 5 and 6 are legendary. I was just trying to prepare for what will hit the fan when IE 7 appears on the scene and what I got was yet another MS headache.[/rant]

    At least this glitch has a fix and I am thankful to those who found it.

  30. Anonymous says:


    From your image, you are running the Beta 1 of IE7. The patch on Windows Update doesn’t install on IE7 Beta 1. There will be a version for it soon but the error message is correct, you are not running the right IE version for the patch you are trying to install.

    Al [MSFT]

  31. Anonymous says:

    SP2 is about as stable as Charles Manson. Lets see some SP1 support please.

  32. Anonymous says:

    Ok, me and few other people experienced same issue as discribed here, except none of use is using IE7 (or even have it).

    The problem is not in IE7.

    But thanks to this site, I removed that key from registry and the problem is gone. I’m waiting confirmation if it worked or not from the others people who I’ve suggested to do the same thing. But I pretty much sure they will confirm it possitive.

    Thank you guys for this info, I’ve been pulling my hair off trying figure out first what caused it and then how to fix it.

  33. Anonymous says:

    "Microsoft never cares for Web developers. 🙁 "

    Yeah, it sure seems that way, doesn’t it, rch? I wonder why? We complain about the browser they produce and they act like they listen to us, but the action MS takes leaves quite a bit to be desired.

    Funny, I was talking to a coworker the other day and Acid2 came up and he said "Microsoft could support Acid2 if they really wanted to."

    "No, they can’t. There’s two things you don’t understand about Microsoft," I replied. "One: They’re a small company and Two: they don’t have much money." (said while counting on fingers).

    OK, so MSFT is not a small company, they’ve got lots of money, and they’ll probably keep producing MSIE for the duration of my career.

    I was considering to apply the hackery required to run multiple IE’s so I could beta-test IE7 while still working on IE6, but the effort required to run multiple IE is somewhat discouraging. Now I have one more reason not to do it: Running multiple versions of IE (unsupported hackery) doesn’t even work.

    Thanks for the heads up.

  34. Anonymous says:

    Yes Al Billings [MSFT], that is what I do not understand. I have read, that the patch caused problems on IE7, but since it cannot be installed in IE7, I really do not get it. :S

  35. Anonymous says:

    Hi "TheTom.SK",

    the problem mentioned in the article may occur, if you have IE7 Beta 1 installed in an unsupport way, which is the "side-by-side" installation (having IE7 Beta 1 installed *and* IE 6). Then you may run into problems in IE6(!) after the installation of KB905915 (MS05-055).



  36. Mike Dimmick says:

    IE7 will only be available on XP SP2 and Windows Server 2003 SP1, and Windows Vista. Both of the down-level operating systems support side-by-side operation through manifests. Have you considered the possibility of making IE7’s DLLs opt-in, and make IE7 run side-by-side with IE6?

    It’s less likely to cause compatibility issues with third-party applications, with the obvious downside that they then don’t get any enhancements or bugfixes in the new release, and security patches would need to be applied to both versions of the browser. Explorer adds a further complication since it uses urlmon.dll and shdocvw.dll – should these be redirected to the IE7 version or kept at IE6?

  37. Anonymous says:


    The problems that you have read about are on IE6, not IE7. They are caused by people having a registry key put in place by IE7 which is removed during normal uninstalls. The identified way that this gets left in place when IE6 is running is when people have an unsupported "side by side" configuration and are running both IE6 and IE7 on the same system. This is not supported. This is not an IE7 problem in particular.

    Mike Dimmick,

    It is unsupported. Sorry but IE upgrades are OS level upgrades. Given that other Windows components use IE dlls, we do not support side by side installation. There is no plan to change this as far as I know.

    Al Billings [MSFT]

  38. Anonymous says:

    Where is eveyone getting Internet Explorer 7.0 from??

  39. Anonymous says:

    I too had this problem, so I’m glad I found this post!

    Al fixed now by removing the registry key. I can go to sleep now. (And wonder if this was just a clever way of MS getting people to stop using unsuported IE releases).

  40. Anonymous says:

    # re: IE December Security Update – addressing scattered reports of odd browser behavior

    Sunday, December 18, 2005 7:55 PM by

    Where is eveyone getting Internet Explorer 7.0 from??

    Google harder…

    It’s no secret that Microsoft betas don’t stay closed for very long… Not that I condone it, but I acknowledge that if you look hard enough, you can download Windows Vista, Office 12, or Internet Explorer 7 Beta 1…

  41. Anonymous says:

    Considering that this is a "Beta" version, it would be nice if the side-by-side installation was supported. Backwards compatability is an essential part of web-dev.

  42. Anonymous says:

    # re: IE December Security Update – addressing scattered reports of odd browser behavior

    Monday, December 19, 2005 1:38 AM by Marc

    Considering that this is a "Beta" version, it would be nice if the side-by-side installation was supported. Backwards compatability is an essential part of web-dev.

    That would go against their "essential to the OS" policy…

    That’s the only reason why the European Union is being blocked from forcing Microsoft to remove the non-essential Internet Explorer.


  43. Anonymous says:

    I run Win98SE with IE6, and immediately afer the December IE6 security update was installed I found that I could no longer use RUN from the Start Menu to type in and fetch a URL: a blank window would open and hang. Start /Run continued to work to execute DOS programs but won’t execute http://{website].

    The difficulties people are mentioning in this thread sound similar enough to my RUN problem that I think maybe the update is the cause. Any ideas?

  44. Anonymous says:

    I have another (VERY) odd behavior with my IE6 (SP2), which has nothing to do with IE7 at all.

    When I try to open a website (via manual typing an URL, or choosing a website via favorites), my IE opens the website in Firefox instead!

    Not even Windows Update works – it will be opened in Firefox, too.

    I checked everything – BHOs, Settings, Cache etc. … without success. Since IE6 SP2 is part of WinXP SP2, I can’t try to reinstall it.

    Any ideas? 🙁

  45. Anonymous says:

    The solution worked for me, thanks. Although I had always been confident on installing MS beta software on my work machine, I’ll never do it again. 🙂 Glad to see the problem could be resolved so fast. Thanks!

  46. Anonymous says:

    Ottmar Freudenberger / Al Billings [MSFT] / Thanks for exlanations. I should have read all text more carefully. 🙂

  47. Anonymous says:

    i have a problem with the December update, too! i havnt installed IE7 Beta1 or want to do that but the update canceles after i start it with the following message "The KB905915 Setup has canceled" (sorry dont know correctly english because its on my german system). After editing the update_SP2QFE.inf (or update_SP2GDR.inf) and removing the [Prerequisite] section it works but the installation end because the file is not digital signed! so i hope anybody can say me why i cant install it.. i integrated it into my SP2 cd and that works but i should be ablte to install it, too!

  48. Anonymous says:

    Thanks [MSFT], for tracking this problem down!

    I agree that IE side-by-side is necessary for developers everywhere, since the alternative of VirtualPC/VMWare means buying another Windows license, which is just silly for browser testing.

  49. Anonymous says:

    It just proves how selfish Microsoft is…

    They still don’t care about DEVELOPERS DEVELOPERS DEVELOPERS!

  50. Anonymous says:

    All I’m trying to do is make my standards-compliant sites look decent in three of Microsoft’s famously quirky browsers. Should I really be forced to pay an MSDN subscription and/or run Virtual PC just to create a better experience for IE users? Shouldn’t Microsoft be helping (or at least allowing) us to help them, rather than asking small businesses to pay for the privilege of trying to address various versions of IE’s bugs and rendering differences? Just because Microsoft leaves its older users behind doesn’t make it acceptable practice for good developers. And surely planning ahead for the next browser version is a good thing? Come on Microsoft, let us help you look good!

  51. ieblog says:

    A reminder note: posting links to live exploits that will crash someone’s IE or their machine will force that comment to be deleted. Don’t do it. 🙂

    – Al Billings [MSFT]

  52. Anonymous says:

    Hello since I am downloaded the patch in December, since I am using IE 6 SP2 I am not able to open any hyperlink in my MS OUTLOOK, Word and EXCEL all 2003.

    Any solutions please sent to me thanks

  53. Anonymous says:


    I totally agree with you. Microsoft’s policies on beta-testing make sense from a business standpoint, but not from a practical, objective, quality-based standpoint. The reason that M$ wants only MSDN subscribers to test IE is because they know (as well as we do) almost ALL MSDN subscribers are M$ lovers. That way, their product will obviously seem better to those who cannot (legally) test IE. However, in the unlikely event that M$ decides to care about quality of their products, they would have to release the IE7 beta (no matter what stage) to the general public to test. Not only that, they must provide a way to allow IE6 to stay with IE7, due to stability implications.. They would have 2 options for doing that. One is to offer a something of a VMware player with a special version of Windows that will ONLY run Internet Explorer 7, or they could make IE7 Wine-compliant (at least only for betas) and allow ppl to use a VMware player-sort to use a custom Linux distro that functions very similarly to Windows. Possible candidates: Linspire. Of course, doing that would be admitting defeat. So the second option is actually work on using IE’s eval install function so that people can choose to use the stable or the beta. Microsoft’s design of the IE installer makes it very easy to do so, since Internet Explorer 5, they allowed IE to be installed as ONLY A WEB BROWSER. The actual integration is as old as Internet Explorer 4, and you would have to install IE4 first, then install IE5 to have IE5 integrate. So obviously, it is possible to do that. Of course, M$ would only do that if they cared about their customers and also it would be admitting defeat, since the only reason IE is able to stay in Windows is because a false claim that Windows needs IE. And the only reason they say that IE7 will not work is because they want ppl to buy their newer versions of Windows. Before IE7, I was surprised that they actually listened to their customers and gave a version of IE for all their 32-bit versions of Windows. Now, I see that they have decided to ignore a majority of Windows users by forcing them to have XPSP2. Not even Office 2003 requires XP, it can work on Windows 2000. If they are really against supporting older versions, they should just make an "unsupported" bugfix to IE6 that updates the rendering engine to IE7’s, since they promised to have IE7 standards-compliant. Of course, that is bad marketing, so they won’t do it. Originally they did have a true cross-platform IE, a very rare IE for UNIX. It was for Sun Solaris for SPARC and even integrated with it in a similar fashion of Windows integration, so we do know that IE7 can be cross-platform. But, if they wanted to do that for Linux, that would be admitting defeat again. Of course, they could devise a Linux distro that does use all of M$’s tools and programs that would be for enterprise customers only and remove their Windows Server System. But again, that is admitting defeat, even though they could make more money in a subscription-based M$ Linux distro, just as Red Hat did with a special Fedora distro. Of course , if Microsoft did not want to deal with the headache of IE, they could open-source IE and allow the community to deal with all the quirks and make it standards compliant, then M$ could take the finished part and have the IE team make the special configurations for their OSes. Of course that means the the community would have access to the code, so they will be able to figure out how to disintegrate IE from Windows. M$ probably will never release a beta to the general public. Simply because it is not a good business practice if you want to shave off cost. Of course, they could just dump the existing IE code and use Firefox code to power a new version of IE and just add or remove what they do not want, suppose they do not want Firefox extensions and want ActiveX controls instead. Bad idea, but they could do it. They want all their logos and icons, etc… Fine. They want to integrate it with Windows, Fine, but they better allow regular firefox to do the same. They want to remove Firefox Quality Agent to allow Windows Error Reporting services to take over. Fine, but they really should have a Quality Agent for their product…. I could go on forever, but you get the picture.

    @IE Team

    I am sorry that you have to see all this, it is the truth, but it is also your work. I regretfully also say that the only way IE will get better is if you stand up to your bosses and build IE to not require to be integrated with Windows. Or you could secretly build an undocumented function that allows IE to not require to be integrated into Windows. Seriously though, most Windows holes are from IE. Also, hopefully IE7 passes the Acid2 test. Unfortunately I cannot truly believe anything you are saying because I have not seen proof or used it myself. I am sure there are others who feel this way… You guys should realize that the road to standards-compliance is going to be a long and hard one. Of course, if we (the regular people) were able to test the browser ourselves, anything you fixed or did, we can back it up. Unfortunately, in order for you to release a public beta, you would have to go against your bosses. It is sad when quality is undermined by time and quantity, etc….

  54. Anonymous says:


    You may find useful, espcially the "Bekannte Probleme" section. Sorry, the article is in German ;o)



  55. Anonymous says:

    yes thx that helped ^^ good to know for the future 🙂

  56. Anonymous says:

    A reminder note: posting links to live exploits that will crash someone’s IE or their machine will force that comment to be deleted. Don’t do it. 🙂

    – Al Billings [MSFT]

    Then address those exploits rather than conceal their existance.

  57. Anonymous says:

    >Or you could secretly build an undocumented

    >function that allows IE to not require to be

    >integrated into Windows.

    This shows very little understanding of what this "integration into Windows" is. Code reuse is actually good for security (less place for bugs), so I’d rather that MS developpers feel free to make use of IE components whenever their functionality is required. Adding mysterious undocumented functions would do nothing to remove the dependencies.

    By the way, Firefox is also built as a toolkit, designed to be reused for other projects. Guess what would happen if hundreds of programs used this toolkit? Exactly the same kind of problem: DLL hell. (Currently the toolkit is simply duplicated by each program, but this method doesn’t scale well).

    I think development time is better spent on improving real security issues and CSS/XHTML rendering improvements than on inflated claims about the relationship between IE and Windows.

    I guess SxS installations using manifests could be implemented, but this would require a tremendous amount of testing. Nonetheless, I think it would be worth considering for the future. (Maybe IE could be handled in the way the CRT and common controls DLLs currently are?)

    >Also, hopefully IE7 passes the Acid2 test.

    It won’t. This was announced a few months ago, and is fully understandable if you consider how much catching up has to be done. (Things like CSS-generated content are fun, but not necessarily easy to implement).

  58. Anonymous says:

    An unusual twist on this problem is if you have another browser (ie. Firefox) installed as your default browser. In this case, when you type an URL into the IE address bar, it opens in Firefox. If you Shift+Click a link, it opens in Firefox. I only noticed this yesterday because I use Firefox as my primary browser, but use IE for compatibility testing.

    I agree with others that Microsoft really should support side-by-side installs for betas at least. It’s not exactly hard and plenty of app developers do it.

  59. Anonymous says:

    @John Carney:

    I posted this problem before (just look some lines above), and found the problem.

    The cause was the Hotfix KB905915 (for IE6) … when I deinstalled it, my problem was gone.

    A pretty cool securtity fix – you can’t use IE6 at all and everything is passed through to Firefox ^^ 😉

  60. Anonymous says:

    we are experiencing the same behavior on one of our PCs, but I can’t find the registry key cited (or anything like it) – so how do I fix the problem?

  61. Anonymous says:

    I am seeing a different problem, don’t know if it’s related to 905915 (although I did install that, and changed nothing else except installing a couple of Windows Security updates):

    I can’t make a change to my home page in IE "stick" beyond a reboot. And before everybody jumps in and says it’s a malicious hijack – the IE home page is being reset to MSN. Other people have reported this in the forum, but I haven’t been able to find any Microsoft responses as to why this is suddenly happening. I only use IE as a backup browser for sites that don’t support Firefox, but even so it’s maddening to be directed to MSN every time you have to use IE.

  62. Anonymous says:

    I never tested IE7, yet on one PC, I sometimes get the blank IE windows popping up since that KB was installed! Any other ideas?

  63. Anonymous says:

    I encounterd the same behavior upon security update and gone thru most of the weirdness defined above (50 windows, constant hanging ups, firefox window etc, mouse is still acting up). Good news is, I was using IE 7.0 beta side by side so removing the registery key has fixed it. However, my VS.NET web applciation debugging feature is messed up now. It keeps complaining "Error while trying to run project: unable to start debugging on server". I have tried steps defined in associated MSDN help [1] but no luck, Any ideas?

    [1] ms-help://MS.VSCC.2003/MS.MSDNQTR.2003FEB.1033/vsdebug/html/vxtbsHTTPServerErrors.htm

  64. PatriotB says:

    Since applying the patch I haven’t had the main problem this posting discusses. But I have noticed a different problem, affecting Windows Explorer only. Sometimes, when navigating to a subfolder, or when clicking the back button, the window freezes. I can (usually) get it to unfreeze by opening up a new Explorer window (Windows-E or clicking Start > My Computer).

    I’m not going to explicitly say the patch is to blame, but I can say I never had this happen until after applying the patch, and now it’s happened several times over the past week. Not too often, but enough to be annoying.

  65. Anonymous says:

    I rebuilt a pc and loaded xp etc on it. When I use IE it defaults to the home page fine. But when i enter an ip address for my wireless router it starts to open multiple web pages and the machine slowly dies a death. Any idea what this could be ?

  66. Anonymous says:

    >This shows very little understanding of what

    >this "integration into Windows" is.

    I do know that the integration into Windows is one of the major reasons why Windows is a memory hog, as well as each new release the number of spawned processes in the startup sequence just to load the shell doubles. The integration into Windows runs as deep as the core of the Windows shell. IE used to be just another web browser, now it is the shell of the Windows GUI. I am not a fanboy of Linux or Firefox, though both are better, they have weaknesses. I am not blinded of the truth like some people who bash and bash and bash on about how horrible IE and M$ are, even though IE does have genuine problems. My point about IE’s integration into Windows and the security issue is that IE jepordizes Windows security by being a part of Windows, and you can see my point in one simple example… A hacker overloads IE, causing IE to relinquish control of its main process to the hacker… Due to the fact that IE’s main process is DIRECTLY connected to "explorer.exe" GUI process in Windows, the hacker may do anything he/she desires because the GUI ALWAYS runs as System…. That is why Linux’s X Windows has a very good example of process control… the X server itself runs in system process, but must follow the logged in user’s permissions and rules, no matter how integrated a browser is to the Windows Manager, it can NEVER access the system files unless a user is being stupid by logging in as root… I am very young, but I have studied a lot about Windows and Linux, experimented with files in the cores of both, and resolved issues in system cores of both, most notably, I use a different shell for PCs connected to the internet…

    >Code reuse is actually good for security

    >(less place for bugs), so I’d rather that MS

    >developpers feel free to make use of IE

    >components whenever their functionality is

    >required. Adding mysterious undocumented

    >functions would do nothing to remove the dependencies.

    While this does have merit, I have to disagree because reusing code means that INHERENT bad design will cause the code to have bugs that cannot be fixed, such as the Windows integration issue… IE can be run separately from Windows, making Windows sleeker, faster, and less buggy. The idea of web-based Windows is good, but the implementation itself I would say is alpha quality, simply for the inherent bad design of the required process spawning and requiring the IE browser to run as System.. Even Vista cannot fix this… If IE Team and the Vista team even cared about their products, they would redesign the integration system for IE and Windows… Take a good model and implement… Some innovations are bad, others are good.. MSN Search=GOOD, Windows Compatibility Layer=GOOD, Win16-on-Win32=GOOD, IE/Windows current integration model=BAD… Learn from your mistakes, do not try to cover them up… You are right about mysterious undoc’ed features.. Document the feature, or at least default IE betas to run side-by-side with stable ones… I will not go on forever, but I can…

  67. Anonymous says:

    ‘a simple script for removing the registry keys

    const HKEY_CLASSES_ROOT = &H80000000

    strComputer = "."

    Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\" &_

    strComputer & "rootdefault:StdRegProv")

    strKeyPath1 = "CLSID{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}InProcServer32"

    strKeyPath2 = "CLSID{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}"

    oReg.DeleteKey HKEY_CLASSES_ROOT, strKeyPath1

    oReg.DeleteKey HKEY_CLASSES_ROOT, strKeyPath2

  68. Anonymous says:

    Daniel R. wrote on 12/21/05

    "I never tested IE7, yet on one PC, I sometimes get the blank IE windows popping up since that KB was installed! Any other ideas? "

    This is exactly the same thing happened to my PC when installing the recommended KB905915 for increased security.

    Since this very moment I couldn’t get into internet any more receiving a blank IE-window.

    Uninstalling the KB helped immediately and things wre running smooth again.

    So, I expect expressively Microsoft can claer this bug by now, as all my update trials start now with a remarc of a suppressed KB-installation, and unless this has been done no more updates are offered from the Microsoft server.

    Nice, isn’t it?

    As I’m just an ordinary user of Microsoft’s software – and my native language is German – I feel a little alone now with this problem, as on German chats this issue has not been shown, yet.

    Is there anybody to give me helping "hand" in this twisted matter?

    Thanks for your attention..

    and a happy NEW YEAR to EVERYBODY out there.

    Juergen Schultz

  69. Anonymous says:

    I have Win98SE, have never ran IE7 yet from the moment I install the new KB I have had trouble with IE6 hangups. I do not have the registry key mentioned (probably due to not having downloaded the #7 version). When I use the add/remove programs from control panel the new KB is not there yet it downloaded successfully. I am so frustrated because I am not extremly tecky and I don’t have a solution for this!! Just lots of wasted time while my IE spools around and around. When I ctrl/alt/delete the web page it shuts down the whole system now leaving just the wallpaper. Thanks for your blog, hopefully I will find a solution by continuing to follow this thread.

    Happy New Year!


  70. Anonymous says:

    Here’s a batch script that launches IE7 in standalone mode, waits for it to exit, then deletes the registry key:

    How exactly did the Dec security fix rollup conflict with the IE7 ActiveX Interface Marshaling Library?

  71. Anonymous says:

    Believe it or not, I succeeded in installing the "correct" exe-file of KB905915 loaded from the German web site of winhelp

    I selected the German version.

    I primary set a rescue point before action but after installing it worked properly without any hick-hack.


  72. Anonymous says:

    I was having this issue on my main PC, on which I had -never- installed any IE7 release on. I would click on a link, or type a URL in the address bar and hit enter, and it would open a new blank window, which would then open another new window to the desired location. Occasionally, it would open up dozens of new windows instead. I didn’t find this blog until after I had given up trying to resolve the issue with IE 6, and decided to try the current IE 7 beta in hopes installing it would resolve my issues (and subsequently had a new/different issue I was researching, and found the solution for). I never install beta software on my main work PC (with this one time being the only exception), so I know the issue was not caused by any previous IE 7 installation in my case. Microsoft needs to look deeper into the root cause of this issue.

  73. PatriotB says:

    LinWinOverlord: What planet are you on?

    "Due to the fact that IE’s main process is DIRECTLY connected to "explorer.exe" GUI process in Windows, the hacker may do anything he/she desires because the GUI ALWAYS runs as System…." "…simply for the inherent bad design of the required process spawning and requiring the IE browser to run as System."

    Explorer.exe and Iexplore.exe do not run as System. They run as the user that you logged in as. Explorer.exe and Iexplore.exe use a large amount of common code to present the window frames and user interface. That is the integration. There is no running as System involved. Iexplore.exe has just as much user rights as any other 3rd-party program does.

  74. Anonymous says:

    I only have IE6 and Starting Jan. 5th of 2006 I started experiencing problems opening pdf files from a web page. I looked for the registry key mentioned but did not find it. Please help.

  75. Anonymous says:

    I’ve got one of the issues mentioned here. Taking url links to new windows causes blank window and the window hangs. Never had IE7 and MS Updates pages show KB905915 loaded 13th December. Fairly sure that the issue has only started in the last 3 or 4 days. The registry key doesn’t exist on my machine. I have 2 machines, both got the fix, one working fine, one with this issue. Ideas?

  76. Anonymous says:

    In addition to my post on Jan. 6th I am finding if I hit F5 to refresh then the pdf will finally display.

  77. Anonymous says:

    When I try to open up IE I get and "Iternal Syntax Error" message. When I try to type in another URL I get the "Page cannot be displayed error". Any ideas?

    I am running XP without SP2.

  78. Anonymous says:

    I am experiencing a different problem after having installed KB905915, that I haven’t seen mentioned anywhere yet. Here’s what one can observe:

    If you attempt to start an executable that was downloaded from the web,

    by double-clicking in Windows Explorer, Explorer displays a warning

    dialog. So far, so good…

    Now, while that dialog is open, try to click on the Explorer window,

    and watch what happens. I tried this on four different machines (all

    different hardware and configuration), and in each of those cases, the

    dialog starts flickering wildly, depending on the sound card I hear a

    series of bloops, or some wild screeching, and the winlogon process starts chewing

    up some serious CPU time. At least on a fast machine, this stops after

    a while (10 seconds or so, indicated by a final "bloop"; one can see that at that point, winlogon ceases to use up CPU time), but on an old P3 I tested it on, this might ultimately end in a system crash.

    I tracked down an older system, that had last been updated in July 2005. I then planned to install the security updates since then one by one, to see which one causes the problem. Well, the Cumulative Security upgrade KB905915 happened to be the first one I installed. After rebooting, I tried the above procedure again, and bam, same result. Thus, I conclude that this security update creates a serious problem in Explorer.

    As I said, I have by now verified this on five different machines, different hardware, graphics cards/drivers, notebooks, desktops, etc., etc. I am confident that you will see this bug on any machine that has this security update installed…

  79. Anonymous says:

    Thanks guys 4 all the solutions,this is really stress relieving.will never try that ,nearly choked my system.

  80. Anonymous says:

    You should really consider putting the fix for this in an official Windows Update. I think you will find that it has affected more web developers than you think it has. A LOT of people I know downloaded IE7 and had this problem. Why would you NOT install the side-by-side for IE7? Most web developers (and this is of course a release targetted at developers) have to test their apps primarily in IE6 still, so they HAVE to install the side-by-side installation for this in their development environments…

  81. Anonymous says:

    I’m glad I was pointed to this article. I’ll make this information more widely available.

    @ <a href="#504946">Al Billings:</a> The standalone versions of IE from were extracted from the installers available from No spyware/malware here, I assure you. I’m only interested in the altruistic benefit of web designers everywhere.

    @ <a href="#504990">EricLaw:</a> I have no interest in "personally benefitting" from the standalone versions. I don’t even have a "donate" link anywhere on my website. As I mentioned earlier, I’m only interested in helping RESPONSIBLE web designers all over the world — entirely altruistically.

    You could make it easier for us all, and provide SUPPORTED standalone versions of IE for the specific case of side-by-side views of IE intended for web developers. Like the current standalones, there is a fully-installed version of IE on a Windows system, and then there are non-integrated-into-the-OS versions that can run side-by-side. You’d be doing web developers all over the world a favor by releasing official standalone versions.

  82. The latest blog entry from the IE team makes for interesting reading.

    IEBlog : IE December Security…

  83. Summary I just releaseda new version of the IE7 Standalone Launcher.Due to changes in this beta release

  84. As of IE7 Beta 3, this launch script no longer works. I&amp;#39;ve released a new version which works with

  85. UPDATE: IE standalone mode isn&amp;#39;t supported and has been reported to cause problems with a recent

  86. As part ofa recent Visual Studio 2005 SP1 announcement,the Corp VP of Microsoft’s Developer Divisionstated

Comments are closed.

Skip to main content