IE August 2006 Security Update is now available

The IE cumulative August 2006 security update is now available via Windows Update. Alternatively, you can receive this and all other Microsoft updates via the new Microsoft Update and I encourage you to upgrade to Microsoft Update if you haven’t already.

This update addresses 8 security issues: 5 remote code execution vulnerabilities, 2 information disclosure vulnerabilities and 1 elevation of privilege vulnerability. For more information on the contents of this update, please see:

Microsoft Knowledge Base article: MS06-042 – Cumulative Security Update for Internet Explorer (KB# 918899)

Details on the vulnerabilities and workarounds can be found at

This is a “Critical” update and affects all supported IE configurations from IE5.01 to IE6 for XPSP2 and IE6 for Server 2003 Service Pack 1. IE security updates are cumulative and contain all previously released patches for each version of IE.

I encourage everybody to download this security update and other non-IE security updates via Windows Update or Microsoft Update. Windows users are also strongly encouraged to configure their systems for automatic updates to keep their systems current with the latest patches from Microsoft.

– Charles Watanabe
Release Coordinator

Edit: Corrected the number of vulnerabilities addressed in the bulletin

Comments (142)

  1. Jeff says:

    Is IE7 Beta 3 affected by these issues?

  2. SA says:

    Can I install these updates (via windows update) with IE7 Beta 3 in place? Or should I first unistall IE 7 Beta 3, perform the windows udpate and then reinstall IE7 Beta 3 (on Windows XP SP2).

    I ask this because the release notes of IE 7 Beta 3 recommend to install any OS updates without unistalling IE 7 Beta 3. Please advise.

  3. luke says:


    – the IE7 releases notes mean you can’t install an OS over your current OS.

    – you can apply all Windows XP updates with IE7.

  4. Maybe this will keep my WindowsXp Pro more


  5. Steve says:

    ONCE AGAIN!!!!!!!!!!!!


    This is not funny anymore.  This is the 3rd time in a row that this has happened with updates.

    I use Thunderbird. You couldn’t pay me to use Outlook.  Do not force me to reset my email client every time I apply updates for an Outlook security hole.

    Play fair, or quit the "We’re listening" mantra until you do.


  6. Steve – I agree that sounds like a bug. I encourage you to contact the Outlook and Outlook Express teams and let them know. I will pass your concern along as well but it’s always more powerful when it comes from a customer. As a reminder, here on the IE team we have nothing to do with Outlook or Outlook Express updates.

    -Christopher [MSFT]

  7. Aedrin says:

    "I use Thunderbird. You couldn’t pay me to use Outlook."

    Then why are you complaining about Outlook if you don’t use it?

    I suppose sometimes people just complain about Microsoft to look cool with the Unix/Apple people.

  8. Afsag says:

    I don’t use Internet Explorer, and I won’t use it in the future; but a lot of people use it (too many) and the standards are very important to see the same webpage in the same way in all the browsers. Please, listen to the developers: more support for xhtml and css and less unnecessary icons!!

  9. mry007 says:

    This update cannot be installed if you’re running Internet Explorer 7 Beta 3. The error you will get:


    The version of Internet Explorer you have installed does not match the update you are trying to install."

    So now I don’t know if I’m vulnerable or not. But hey, it’s still a beta so I guess I should not complain about that…

  10. Phil says:

    After installing the new Aug ’06 security updates on 2 Win 2000 machines (one Pro SP4; the other Adv Server SP4), I’ve had IE (6.0.2800.1106IC) crash several times — on both machines.

    i.e., IE has experienced a problem & must close, …

    Anyone else seeing this?  

  11. JR says:

    Phil: YES.

    IE has crashed on my Windows 2000 system 15 times since applying yesterday’s updates. Before that it never crashed.

    Tested on another freshly updated Windows 2000 system (with just IE, no Flash or any other add-ons), and got it to crash in under a minute.

    The crashes seem to occur most often while loading pages with advertising banners. The exceptions are access violations (0xc0000005) and the faulting DLL/address is different each time. Some examples (copied from the Event Log):

    iexplore.exe, 6.0.2800.1106, ntdll.dll, 5.0.2195.7006, 0004d79a.

    iexplore.exe, 6.0.2800.1106, rpcrt4.dll, 5.0.2195.7085, 0002236e.

    iexplore.exe, 6.0.2800.1106, ws2help.dll, 5.0.2134.1, 000014fc.

    iexplore.exe, 6.0.2800.1106, ntdll.dll, 5.0.2195.7006, 0004c04c.

    Known issue…?

  12. Gail says:

    Having the same problem here.  I can’t seem to find anything to fix it.  

  13. Phil says:

    This is a serious problem, at least with W2K.  Like JR, I *never* had IE crashes before.  A few things…

    (1) i have Flash Player 8.0 (not sure if it’s related to the problem)

    (2) the crash is not consistent; i.e., IE will crash from one site, but the next time, the same URL may be fine.

  14. JR says:

    Twice I’ve seen call stacks like the following when it crashes. Notice that the last IE API called is SHDOCVW!WinList_NotifyNewLocation. Makes me wonder if it’s related to the "Window Location Information Disclosure Vulnerability" fix that was included in this update…

    ChildEBP RetAddr  

    0012e40c 77d524f2 RPCRT4!BCACHE::FreeBuffers+0x25

    0012e428 77d52493 RPCRT4!BCACHE::FreeHelper+0x50

    0012e44c 77d4ff63 RPCRT4!BCACHE::Free+0x5e

    0012e458 77d4fb7c RPCRT4!LRPC_CCALL::ActuallyFreeBuffer+0x28

    0012e464 77d4222b RPCRT4!LRPC_CCALL::FreeBuffer+0xf

    0012e46c 7cef3c59 RPCRT4!I_RpcFreeBuffer+0xc

    0012e480 7ce88257 ole32!CRpcChannelBuffer::FreeBuffer+0x3c

    0012e49c 77d9139a ole32!CCtxComChnl::FreeBuffer+0x3d

    0012e4ac 77d93e22 RPCRT4!NdrProxyFreeBuffer+0x28

    0012e6f8 77d96f9c RPCRT4!NdrClientCall2+0x7d0

    0012e714 77d792ab RPCRT4!ObjectStublessClient+0x76

    0012e724 717972e3 RPCRT4!ObjectStubless+0xf

    0012e74c 7151a0a5 SHDOCVW!WinList_NotifyNewLocation+0x34

    0012e75c 71722ac3 BROWSEUI!CShellBrowser2::UpdateWindowList+0x24

    0012e76c 717250ba SHDOCVW!CBaseBrowser2::_UpdateBrowserState+0x26

    0012e788 71726386 SHDOCVW!CBaseBrowser2::_ActivateView+0x7a

    0012e7c0 636a1816 SHDOCVW!CBaseBrowser2::FireNavigateComplete2+0x73

    WARNING: Stack unwind information not available. Following frames may be wrong.

    0012e7f8 635fb8ae mshtml!com_ms_osp_ospmrshl_releaseByValExternal+0x10a74

    0012e81c 635f7dc5 mshtml!CreateHTMLPropertyPage+0x6a58

    0012e858 63782ada mshtml!CreateHTMLPropertyPage+0x2f6f

    MSFT, is this problem being investigated? Or shall I keep gathering more information?

    I’m still trying to find a URL that consistently reproduces the crash.

    P.S. A user here claims that disabling HTTP 1.1 is a workaround:

  15. Fduch says:

    How can programm that can easily invoke DOS attack on user’s system BY DESIGN be called browser?

  16. Boler Guo says:

    After install this Security Update, the returnValue in Modal Browser cannot return the element in this Modal Browser.

  17. Abel says:

    Oh well, IE is improving well, despite so many loopholes it had last time…we should be glad that Microsoft is still supporting updates to Win2K and even more for XP…

  18. J says:

    This August security update has caused tremendous errors and crashs. Our web application is now crashing very oftenly and constantly. It never happened before.

    Could Microsoft help us to determine what could be the possible cause?

  19. Paul Lynch says:

    I’m relieved to see that people are reporting issues with this latest update – because I am experiencing crashes and I thought it must have been something I had done to my machine. Apparently not…

    Quick recap – I installed all of the relevant August updates for my XP Home SP1 machine (MS06-040,MS06-041,MS06-041,MS06-045,MS06-046,MS06-050,MS06-051) in one go and I immediately noticed problems with IE – it just seemed to close (and take any other open instances down with it) for no apparent reason.

    I was able to repro the problem by doing this :

    1. Perform this specific search on Google :,GGLD:2004-34,GGLD:en&q=%22connectionManagement%22+maxconnection+value+specify+config

    2. Right-click on the 5th link in the list (Steve Hebert’s Development Blog) and then try to open that link in a new window.

    3. Wait a few seconds and then…. boom IE closes and takes the parent instance (the Google search) down with it.

    4. I uninstalled the MS06-042 hotfix and re-ran the above steps and it works OK.

    5. Can I obtain any logging information generated when this happens ? (I always send the error reports to MS)

    6. Is anyone reading these comments and doing anything about this ?


    Paul Lynch

  20. Larry says:

    Happens to me to.  When looking for the hotfix described all I have is KB#  Is there a KB number coresponding to the hotfix?

  21. Henry says:

    I like Microsoft products a lot, but i’m tired of those security updates… looks like you pay for a product full of bugs…

  22. Lonewalker says:

    JR wrote:


    IE has crashed on my Windows 2000 system 15 times since applying yesterday’s updates. Before that it never crashed.

    Tested on another freshly updated Windows 2000 system (with just IE, no Flash or any other add-ons), and got it to crash in under a minute.

    The crashes seem to occur most often while loading pages with advertising banners. The exceptions are access violations (0xc0000005) and the faulting DLL/address is different each time. Some examples (copied from the Event Log):

    iexplore.exe, 6.0.2800.1106, ntdll.dll, 5.0.2195.7006, 0004d79a.

    iexplore.exe, 6.0.2800.1106, rpcrt4.dll, 5.0.2195.7085, 0002236e.

    iexplore.exe, 6.0.2800.1106, ws2help.dll, 5.0.2134.1, 000014fc.

    iexplore.exe, 6.0.2800.1106, ntdll.dll, 5.0.2195.7006, 0004c04c.


    I have been having the same problem on Win200.

    Always on pages with ad banners.

    Privacy in IE is set to medium.

    Would love to see a hotfix for this one.

  23. ST says:

    923762 Internet Explorer 6 Service Pack 1 unexpectedly exits after you install the 918899 update

    Urlmon.dll 6.00.2800.1567

    IE6SP1 with XPSP1 or 2000SP4

    Please release public patch 923762 or 918899v2.

    I need HTTP1.1 on IE.

  24. EW says:

    I can’t seem to find a link on that page for the hotfix download. It just tells me to e-mail or call Microsoft.

    Am I just blind?

  25. VS says:


    To work around this problem, follow these steps:

    1. Start Internet Explorer 6.

    2. On the Tools menu, click Internet Options, and then click the Advanced tab.

    3. In the Settings box, click to clear the Use HTTP 1.1 check box under HTTP 1.1 settings, and then click OK.

  26. EW says:

    DOH! And here I thought it said check it!

    Is my face red. =P


  27. Tony says:

    Anyone have a link on where to download the hotfix for this. Why cant microsoft just post the exe? Thanks!

  28. Adam says:

    I have exactly the same crashes of my IE on W2K when browsing some well known big websites like for example:

    (this is not a spam; I have nothing to do with 😉

    This occurs exactly since half an hour after I have updated my system with August patches on August 9th;

    I have exactly the same IE bug output each time:

    iexplore.exe; 6.0.2800.1106; ntdll.dll; 5.0.2195.7006; 0004aff8.


    0000: 41 70 70 6c 69 63 61 74   Applicat

    0008: 69 6f 6e 20 46 61 69 6c   ion Fail

    0010: 75 72 65 20 20 69 65 78   ure  iex

    0018: 70 6c 6f 72 65 2e 65 78   plore.ex

    0020: 65 20 36 2e 30 2e 32 38   e 6.0.28

    0028: 30 30 2e 31 31 30 36 20   00.1106

    0030: 69 6e 20 6e 74 64 6c 6c   in ntdll

    0038: 2e 64 6c 6c 20 35 2e 30   .dll 5.0

    0040: 2e 32 31 39 35 2e 37 30   .2195.70

    0048: 30 36 20 61 74 20 6f 66   06 at of

    0050: 66 73 65 74 20 30 30 30   fset 000

    0058: 34 61 66 66 38 0d 0a      4aff8..

    I hope your team is already aware about this and will release some fix shortly ?



  29. EW says:

    The fix posted by VS and ST works fine for me.

    The reason it’s crashing is because the page has flash on it.

  30. Adam says:

    Just to confirm following my last post above that after unchecking "Use HTTP 1.1" check box under HTTP 1.1 settings and rebooting my W2K everything runs smoothly even browsing to the websites which crashed IE on each visit before.

    IE hotfix will be released certainly in couple of days ?

    Thanks in advance

  31. Tony says:

    The http 1.1 fix works great, but does this come at the expense of reduced functionality on certain webpages, especially ones that utilize 1.1?

  32. Nemurytorul says:

    HELP ME !!!!!!!!!!

    i can’t view the microsoft update page, i have IE7 beta 3 and i load this page in browser but it is a whole empty white page without any text !!!!!!!!!….and yahoo messenger doesn’t work correctly because i send text or anything else but i can’t see what i write and what i received …..i’ve uninnstall IE beta 3 and …surprize ….IE6 and yahoo messenger is working….the next day …..surprize ….again this work incorrectly …again  buullshit !!!!!!!….o man ….what can i do?????

    PLEASE HELP ME !!!!!!!!!!!!

  33. Lisa says:

    work around  to uncheck the "Use HTTP 1.1" worked for me but I cannot view a few sites tha use this…like all of my kid’s school sites, please announce the hotfix soon.

  34. Nemurytorul says:

    i uncheck "use http 1.1 , i activate scripting, uninstall and again install IE6,IE7 and still nothing change….same bullshit….

  35. Nemurytorul says:

    i uninstall some update hot fix from microsoft but nothing cahnge….

  36. paul says:

    The uncheck workaround resolved the problem for me.  Note, you do not have to restart your machine for this to take effect.  

    Although MSFT details the workaround at the bottom of the page here:

    <a href=""></a&gt;

    it would be nice if they:

    1) released the hotfix

    2) bothered to reference the problem off the main MS06-42 page.  They do not.

    <a href=""></a&gt;

    Thankfully there are sites like this one!

  37. GA says:

    It appears MS wants you to call them for the Hotfix.  At least that is the way I understand it?  I have two machines in the house running Windows 2000, and they are experiencing the problem.  I am hoping the workaround will cure things for me.

  38. Andreas says:

    got the same problem with IE crashing on win 2000 with all the latest updates. have tried http 1.1 workaround but it dont help. this problem really need a hotfix at once.

  39. John says:

    got the exact same problem, IE 6 with XP SP2.

  40. Barry Graham says:

    I can’t even get Microsoft Update to work after I installed Office 2007 Beta.  It just sticks at the screen where it determines which updates need to be applied.

  41. Jon Hibbins says:




    Right Click Issue


    <script language="javascript">

    function openMenu(objNode){

    var objSrc = window.event.srcElement;

    var windowwidth = document.body.clientWidth;

    var windowbodyheight = document.body.clientHeight;

    var intStartLeft = windowwidth/2;

    var intStartTop = windowbodyheight/2;

    var intWidth = 100;

    var intHeight = 46;

    var intLeft = event.screenY;

    var intTop = event.screenX;

    objPopup = window.createPopup();

    objPopupBody = objPopup.document.body;

    objPopupBody.innerHTML +=’ <div onMouseOver="’#eeeeee’" onMouseOut="’#DEDBD6’" oncontextmenu="return false;" onclick="alert(‘you clicked edit’);" >&nbsp;&nbsp;Edit</div>’ +

    ‘ </div> ‘ ;

    objPopupBody.innerHTML +=’ <div onMouseOver="’#eeeeee’" onMouseOut="’#DEDBD6’" oncontextmenu="return false;" onclick="window.parent.objPopup.hide();" >&nbsp;&nbsp;Cancel</div>’ ;

    objPopupBody.innerHTML +=’ </body></html> ‘;, intLeft, 100, intHeight);





    <div oncontextmenu="openMenu(this); return false;" style="display:block;border:solid black 1px;font-weight:bolder;width:200px;" >Right Click Here</div>

    This example crashes with the new ie patch just right click the section a few times !!



  42. Jamie says:

    I’ve seen these crashes happening on several computers at work and my home computer since last Friday.

    Why isn’t everyone screaming in outrage? Or is it only a minority who are affected?

  43. Chris A says:

    Have experienced IE crashes constantly since Friday’s MS hotfix downloads.  Also slow to load pages – as if prioritized: Ads, Pop-ups? (Have Google tool-bar pop-up blocker enabled.)  Faster page loading now and no crashes since un-checking HTTP 1.1.  Overall loading performance, however, slower since hotfixes.

    Thanks for the tip and regards.

  44. Brian says:

    The unchecking 1.1 and stripping Adobe flash off and re-installing v. 9 seemed to resolve the issue for one of my users who was experiencing the same problem.

  45. Luke says:

    IE7 is not vulnerable

  46. AH says:

    IE 6.0 crashes on all platforms with August 2006 Security Update installed

    Visit and follow the instructions. This will demonstrate Internet Explorer 6.0 crashing on any platform (Windows 2000/XP/2003 with any Service Pack) if you have installed the August 2006 Security Update (918899) even if you cleared the checkbox next to HTTP 1.1 protocol or installed the hotfix 923762.

    The exact error message varies, but is something like this:

    Title: "IEXPLORE.EXE – Application Error". Text: The instruction at "0x4a5b19d6" referenced memory at "0x00000020". The memory could not be "read".

    This particular issue is related to the use of the "popup" window API after installing the August 2006 Security Update. This is the cause for frequent IE crashes when using web-based applications such as Comcept and ProSight Portfolios.

  47. Chris Walters says:


    After installing the new Aug ’06 security updates on 2 Win 2000 machines (one Pro SP4; the other Adv Server SP4), I’ve had IE (6.0.2800.1106IC) crash several times — on both machines.

    i.e., IE has experienced a problem & must close, …

    My advice Dont Install till they’ve fixed it

    Chris, Sydney Australia

  48. Chris A says:

    Chris in Aus – MS has redated 918899 to today’s date and added 921883 today.  Wonder if this will fix the problem?

    My trouble started with 922616 (8/8), 920670, 920683 and 920958 all on 8/9, 921398 on 8/11 and 918899 originally on 8/12.

  49. Chris A says:

    What a difference a 6 hour day makes, machine definitely faster with today’s fixes, re-checked HTTP 1.1 and all OK!

  50. urlmon.dll needed!!!! says:

    Please release public patch 923762 or 918899v2.

    I need HTTP1.1 on IE.



  51. J! says:

    We are a CMS vendor also having the same problem as demonstrated on:

    Has anyone come up with a fix for this, or has MS got a patch for this yet?

  52. Thomas L says:

    I am also looking for a fix of the bug. It seems as if neither unchecking the HTTP 1.1 nor doing the registry hack (as described on Error message is: "Faulting application iexplore.exe, version 6.0.2900.2180, faulting module mshtml.dll, version 6.0.2900.2963, fault address 0x0006d031."

    I’m getting quite tired of this now.

  53. Paul Lynch says:

    I phoned MS yesterday and after speaking to 2 different people I wax eventually offered the MS06-042 update :-/

    I eventually persuaded the guy to send me the hotfix referenced in kb923762 and they sent it to my Hotmail account.

    The file was password protected but they did send me the password for it.

    I’ll let you know how I get on with the hotfix….


  54. noah says:

    We run a fairly large news site here in Sweden and our visitors started to experience problems with IE crashing upon startup or on exit after MS06-042 was released.

    What we’ve found so far is:

    * The offical workaround from Microsoft (

    ) works

    * Disabling HTTP compression in Apache (the webserver) works

    * Upgrading Adobe Acrobat Reader to the latest version works *for us* aswell

    My colleague noted that after reinstalling Adobe Acrobat Reader and browsing our site Adobe’s License Agreement page appeared.

    It didn’t appear while visiting other sites.

    After sniffing the traffic between our webserver and the client we noted that a couple of JPG images contained, possibly IPTC-infomation, a piece of XML which mentioned PDF in it. Probably because these weren’t "saved for web" in Photoshop (which strips out all unnecessary information from the images). It shouldn’t be there anyway.

    I assume this is what makes IE call Acrobat Reader, perhaps via some hook provided by urlmon.dll?

    Could it be a combination of:

    * urlmon.dll bug with HTTP compression+HTTP/1.1

    * old/buggy/whatever third party program (such as AcroRead)

    ..that trigger this bug on certain sites?

    I’d love to see Microsoft release a patch to fix this bug ASAP as it affects sites such as ours which take advantage of compression to save time and bandwidth for visitors.

    Losing visitors means we’re losing valueable advertising money, not to mention how this bug hurts our reputation since IE works fine on other sites which doesn’t use compression, but is crashing on our site.

    Thank you.

  55. Thomas L says:

    Noah, after reinstalling Acrobat Reader, does work without crashing IE for you?

  56. JT Tan says:

    Same problem here.. running Win2000 pro sp4, and the latest version of IE6.  Recently popped up with problems involving frequent crashes.  It is getting progressively worse (pages that didn’t crash before are now crashing), and with the recent complaints, I’m glad to hear that it’s not something I did to my computer.

  57. Chris A says:

    Back to HTTP 1.1 un-checked this morning after a couple of IE crashes on Reuters news service links that stalled while loading. MS updated 918899, and 921883 of yesterday not the complete answer?

  58. Ben says:

    Just called MS and got the fix in KB923762, seems to have fixed the issue. URLMON.DLL version 6.0.2800.1567.

    I don’t get why the patch is secret… if someone has the balls to host it somewhere, I’ll email it 😉

  59. Chris A says:

    Paul, thanks – the bulletin describes my situation exactly, am running Win 2000, SP4: And work around is: un-check HTTP 1.1?

    Looks like MS wants to charge for the hotfix?  Could this be the beginning of the end for ‘support’ of Win 2000?

  60. Chris A says:

    Hi there – have URLMON.DLL version 6.0.2800.1567 on my machine, created 7/25/06 – now what? Re-checked HTTP 1.1 and machine running Reuter’s videos now? Confused and a bit confounded.

  61. Rob says:

    Having the same problems with IE crashing in win2k as well.  Found it’s most commonly caused when there is java in the web page, which seems to set the error off.

  62. Sean L says:


    Can you share us the file??????


    I eventually persuaded the guy to send me the hotfix referenced in kb923762 and they sent it to my Hotmail account.

    The file was password protected but they did send me the password for it.

    I’ll let you know how I get on with the hotfix….


  63. Anomy says:

    Chris A

    or Ben

    or Paul,

    Can you send the fix from MS to

    I will find a way to share the fix.

  64. Greg E says:

    This problem appears both on my WIN2K machine and a Windows XP Media Center machine.  It’s the update for IE6.  It’s not OS specific.  Microsoft needs to apply a new update to fix their latest self created bug.

  65. John m says:

    Same problem here. The workaround for w2k machines is working. Now all the XP machines are having issues as the update altered fonts and font sizing in IE and outlook express. Wish I hadn’t installed it

  66. The Steve says:

    I am also having a problem with IE crashing in Windows 2000 now.  I’m uninstalling these updates to see if it resolves the issue for now.

  67. Anomy says:

    Ben, or anyone who has the kb923762 fix

    Please email the URLMON.DLL to

    I will host somewhere and let here know the site.

  68. Stephen Harrison says:

    I have the same problem with IE crashing on win 2000. It appears to "go away" after you reboot but starts again after clicking on about 20 – 30  links

  69. Dave says:

    Info for kb923762 updated…

    Article ID : 923762

    Last Review : August 15, 2006

    Revision : 2.0

    "A new version of security update 918899 is currently in development and will be released to all Microsoft Internet Explorer 6 Service Pack 1 customers by August 22, 2006."

  70. Chris A says:

    Anomy – while the URLMON.DLL version 6.0.2800.1567 file is in the System 32, cannot get it to copy? Sorry. Hope the reissue of 918899 is the answer as I have had to leave HTTP 1.1 un-checked for most of today.

  71. Jhoie says:

    Hi Paul/Ben,

    Could you send me the hotfix as well?


  72. Ben says:

    Note: Calling MS for this issue doesn’t cost anything but a few minutes of time… because it’s a known issue and they don’t have to do anything but email you the file, they don’t enter fee-based support.

  73. Ben says:

    Note: Also, we’ve had "good luck" getting things to crash by visiting …might be a good test for verifying that 1) you have this problem and 2) you’ve managed to fix it somehow.

  74. Chris A says:

    Cliked on the HTTP 1.1 and surfed around – slow to load but no repeat of the crash problem? Did not try ‘the 20 links to fail’ as so slow.

  75. NanaMac says:

    Like everyone else, I thought I’d done something stupid to my computer. I suspected the recent updates and was relieved to find this blog. I’ve tested with and without HTTP 1.1 ticked, and so far, unticking seems to work, but I don’t know what pages I won’t be able to see/use. I’m running XPsp1 and the local council that owns this computer doesn’t want me to upgrade to XPsp2. Since technically it isn’t my machine, I’m a bit loathe to download the patch without some more assurance. Have some of you tried it now?…with success? Thanks, Pat (in Oz)

  76. San says:

    Same here, IE crashes…I looked for a fix, could not find one….

  77. NanaMac says:

    What happens if you go to Add or Remove Programs and remove Hotfix KB918899? Is it connected to other fixes or updates?  Will it help or stuff up the system any worse? – Pat

  78. noah says:

    Thomas L: Regarding the crash.htm page; yes it still crashes.

  79. Kennedy says:

    RE: After install this Security Update, the returnValue in Modal Browser cannot return the element in this Modal Browser

    Does anyone know if the new release on august 22nd will fix the problem in IE6 where the return value from a modal dialog window has now become inaccessible?

  80. jelt says:

    I wander if all you are trolls or what? We’re on IE7 blog and you says IE6 crashes due the latest MS patches???? The patches are for IE6 and not for IE7.

    NO crahes with IE7.

  81. Chris A says:

    Trolls? Give us a break! The header refers to August updates:  The impact of which has been mayhem on IE 6!  Several here have noted that IE 7 is not affected!  Virtually all the dialog and suggestions are IE 6 related – where have you been?

  82. Chris A says:

    Steve – even though un-installing 918899 is possible have been hesitant.  Your experience?  Have URLMON.DLL version 6.0.2800.1567 (installed in a July update, all IE 6 should have this? Go to Start, Search type in the file and see if its there?) and IE crash problems are still occurring intermittently with HTTP 1.1 clicked.

  83. The Steve says:

    I tried uninstalling but I’m guessing I hadn’t truly uninstalled it because I still had the problem.  

    Anyway, I tried the workaround (disabling HTTP 1.1) and that did the trick.  Sounds like that’s the thing to do until Microsoft releases the fix.

  84. Chris A says:

    The Steve – thanks, thought that would be the case as updates are tentacled all over the OS.  Also, there were 7 updates in the period to 8/8 to 8/12, auto loaded on my W2000, IE 6, SP4 machine (list in a post above). MS have identified only one of these: 918899 of 8/12 (re-issued on 8/14) with a problem, the IE crash.  Guess you have the MS hotfix of yesterday: URLMON.DLL version 6.0.2800.1567?  Has been on this machine since a July ’06 update, so no help?

    Guess we will have to wait for MS.

  85. Martin says:

    I used the Urlmon.dll fix, unticked the Use http1.1 and reticked the Enable 3rd party extensions and now every thing seems back to usual, so far (fingers crossed). Can’t say how pleased I am to have found this blog – and special thanks to Anomy.

  86. grego says:

    Win2k/IE6 randomly crashing after August updates.

    I re-installed IE and it was stable until I re-applied August Critical update…I got tired of sending error reports so I guess I’ll switch to mozilla permanently..

  87. This is by far the worst update!

    MSIE 6 is crashing left and right!

    And I hate the LEFT!

    It is also ticking off my clients who keep calling me about my software crashing!



    I miss my Mac’s…

  88. Chris A says:

    Checked my August update file and remember that my IE crashes started on Friday (8/11)after permitting auto-install of 890830 (Malicious Software Removal Kit) and 921883 (Security Update)?

    Perhaps 918899, auto loaded along with 8 other updates on Saturday 8/12 is a red-herring?

    Sorry to confuse, but we may just need to un-install or get hotfixes for 890830 and or 921883?  

  89. Chris A says:

    Think I found out why I continue to get IE crashes even though I have had URLMON.DLL version 6.0.2800.1565 since 7/25 and URLMON.DLL version 6.0.2800.1566 since 8/12!  Mine are not suffix 1567!

  90. Aditya M says:

    I have the same issue as Jon Hibbins (posted Monday, August 14, 2006 5:38 AM).

    The proposed IE hotfix seems to fix only the HTTP 1.1 issue, not the window.createPopup() issue.

    Does anyone have a workaround for this? It is essential that I use the popup object.

  91. Chris A says:

    Anomy – was on the site:  but could not access/download the file?  Do I need a site login/password?

    Regards, Chris A

  92. Anomy says:

    No you dont need to login.

    Just type 3 charaters on the top right box besides download button.

    MS deleted all the link. But u reminded it. 🙂

  93. Chris A says:

    Anomy – brilliant, the 3 letters were staring me in the face – could not see for looking!

    Thanks and regards.

  94. pahts says:

    Anomy..Patch worked like a charm..Problem gone!


  95. betabite says:

    hyperlinked text usealy turn purple after clicked on. in the new ie, when in new tab, those visited hyperlinks do NOT turn purple and this disturbs me. please fix!!



  96. Aschwin says:

    I run a large Citrix farm, still on Windows 2000 SP4. And have had the crashing problem with IE since the MS06-042 update.

    This morning I have applied the 923762 hotfix and the farm is now running lika a charm. The crashing problem is solved.


    Aschwin Geisler

  97. etruscan says:

    Hi from italy,i have same crash since last update(running windows2000 professional)

    i was getting crazy doing virus scan on line , checking the settings,java,etc,etc  and now browsing thiss site(grazie)i find out is a microsoft bug,!!!

    aiaiaiaiaaa ,hope the get out a fix prestoooooooooooooooooo..

  98. Jhoie says:

    I still got the same error even after applying 923762… any other workaround

  99. Thomas L says:

    Aditya M:

    I have heard that MS are working on a hotfix for that one as well. I don’t know when it is going to be fixed, though. Call Product Support in your country and report the bug.

  100. Paul Lynch says:

    MS are working on releasing a public version of the hotfix. Details here :

    "A new version of security update 918899 is currently in development and will be released to all Microsoft Internet Explorer 6 Service Pack 1 customers by August 22, 2006. The new update will be available on the Microsoft Download Center and by using Windows Update. Customers who are using any version of Internet Explorer other than Internet Explorer 6 Service Pack 1 together with any Windows version are not affected by this release and do not have to take any action. We recommend that customers who are not experiencing this issue continue to deploy security update 918899 in their environments to receive protection from the vulnerabilities that are documented in security bulletin MS06-042. Customers who experience this issue should apply the new security update when it is available. Customers who want to avoid the issue before the new security update is available may apply hotfix 923762."

    To those people who asked me to mail them the hotfix – sorry, I was asked not to distribute it. Not sure why they asked but I respect their wishes in this. But all you’ve got to do is phone MS Product Support and you can get the fix for free – no need to risk downloading files from some dodgy filesharing web site.


    Paul Lynch

  101. Thomas L says:

    Just to clarify: The hotfix Paul Lynch talks about is a different one from the one I and Aditya M are talking about. My problem appears in a fully patched IE 6 on XPSP2 and is repro:ed on .

  102. SteveG says:

    We have the same problem where IE 6.1 crashes, it only affects us when we visit our Incident Logging System which our Outsource Uses.

    I crashes on the the test

    We use IE6.1 on XP-sp2(MS says is not affected) & the hotfix only installs on XP-SP1.

    The website which makes ours crash is run on our Outsourcers Appache Server and they will not turn off HTTP1.1 and Compression.

    Any Help Please


  103. David Rose says:


  104. DR says:

    AppName: iexplore.exe AppVer: 6.0.2800.1106 ModName: ntdll.dll ModVer: 5.0.2195.7006 Offset: 0004aff8



  105. Tom Verschoore de la Houssaije says:

    A possible workaround for the popup problem caused by the update 918899 (MS06-042).

    var oMenu = null;

    function onclickSomething() {

    // Creating the popup window on each click.

    oMenu = window.createPopup();


    oMenu.document.body.innerHTML = x;

    With x also containing:

    <input type=’hidden’ value=” id=’selectedItem’/>

    And some kind of menu items that onclick:

    1) Assigns selectedItem.value with information needed.

    2) Closes the popup window.


    // Keeping the information transfer as lose as possible

    oMenu.document.body.onunload = Function("menuCollapse(this)");,0, 100,100);


    function menuCollapse(Sender) {

    var item = Sender.document.getElementById("selectedItem");

    if ((item != null) && (item.value != "")) {  

    //Act on information of item.value


    item = null; // Releasing the reference

    oMenu = null; // Releasing the reference



    I’m trying to NOT allowing the popup to persist through navigations and access the location of the parent window…


    · Creating the popup window on each click.

    · Keeping the information transfer as lose as possible.

    · Releasing the reference

    It seems to work.


  106. tom says:

    We applied the 923762 hotfix yesterday on all our staff computers (gotta love the manual process of installing it on EVERY machine).

    The good news is that, for the most part, the IE crashes have stopped. But, I’m still getting reports of system performance degradation in general from our users. Who knows if the cause is the original security update or the hotfix at this point. I’m hoping that the 8/22 official release fixes all of these problems for good.

  107. Mark says:

    When I uncheck the box, I am asked to download a program called CA947UBL. It looks suspicious to me so I always say no. I am able to proceed but whenever I log into my browser I get the same prompt to download CA947UBL. Has anyone else seen this?

  108. disillusioned says:

    @Tom Verschoore

    Thanks for you attempt to make my work easier.

    Unfortunatly did your solution not help me. I still got the problem when clicking outside the popup.

    Running XP prof SP2.

    The hotfix mentioned above a couple of times does to only apply to SP1 of XP?

    When I read the diffent notes from Microsoft, it seems as you are not aware of the problem with XP SP2?

  109. Tom Verschoore de la Houssaije says:

    A hopefully workaround for the popup problem caused by the update 918899 (MS06-042).  

    I’m using my “standard” trick to close the popup window.

    I did not think it would be essential for the workaround.

    Maybe it is…

    You need my file containing:


    <public:method name = "closePopupWindow" />

    <script language="JScript">

    function closePopupWindow() {

      try {

    //Turning to new focus trick

       var P = top.createPopup();,0,0,0);



       } catch(exception) {

    alert("Error menu.closePopupWindow:n" + exception.description);






    Extending the function onclickSomething:

    function onclickSomething() {

    // Creating the popup window on each click.

    oMenu = window.createPopup();

    //Assuming on same location



    oMenu.document.body.innerHTML = x;

    With x also containing:

    <input type=’hidden’ value=” id=’selectedItem’/> as first element  

    an menu example

    <span class=’menuItem’ onclick=’this.parentElement.firstChild.value = "Hope"; body.closePopupWindow();’  >Hopefully</span>


    // Keeping the information transfer as lose as possible

    oMenu.document.body.onunload = Function("menuCollapse(this)");,0, 100,100);


  110. Hi!!

    Hoping everyone is well inspite of the download problems.

    I run Windows 2000 Pro……

    The automatic updates ~

    KB917008, 917422, 920670, 920683, 920958, 921398, 922616, and malicious software tool KB890830 ~

    starting causing problems/errors after the AUTOMATIC update yesterday, closing windows and notifying Microsoft…. and I had to use GoBack4 to return my system to the previous day’s settings….

    After which I set my "automatic downloads" to "Notify me, but don’t automatically download or install them" …

    It started reloading again today and when the download was finished, I installed it and all was OK.

    THEN the new patch KB918899 came in for IE6 and again, when I clicked onto a link for my e-mails as yesterday, the box comes up with sending an error message to Microsoft and closing the windows that were open.

    NOW, I’ve TURNED OFF the automatic downloads completely and GO TO Microsoft to see what the new patches are and choose for myself…..

    Might not be the best choice, BUT I’m tired of reversing my drive and loosing information.

    NOTE: To change AUTOMATIC settings, open CONTROL PANEL and double click AUTOMATIC UPDATES….. choose a setting that YOU are comfortable with ~ It’s YOUR computer!!

    Take care and ~ Have a GREAT day!!


  111. Steve Thornton says:

    I am also getting constant IE crashes identical to JR’s on all of our updated PCs. This is a HUGE problem for us.

  112. Steve Thornton says:

    By "dodgy filesharing web site" do you mean ? Because that’s the site that’s damaging all of our computers. Be sure to thank everyone for me.

  113. Moe says:

    Steve Thornton’s 5:15 pm post is the best yet.  MS had best clean up its own filthy mess, BEFORE hurling insults somewhere else!  

    Heal thy self, oh great MS machine.  

  114. Anomy says:

    I guess most people here agree with Steve Morton.

  115. Anomy says:

    Omg, did I say Morton? My mistake.

    Mr. Thornton is right.

  116. Chris A says:

    Got this from MS this evening:

    KB Article Number(s): 923762

    Language: English

    Platform: i386

    Location: (  Password protected.

  117. Tom Verschoore de la Houssaije says:

    A possible workaround for the popup problem caused by the update 918899 (MS06-042).


    Additional testing revealed same problems when clicking outside popup window.

    I only gained stability when clicking on the menu items.

    Workaround is deadend.

  118. Chris A says:

    Have been bopping around the net for an hour with no problems – HTTP 1.1 checked.  Suggest get MS to send you the file.

    Have Win 2000, IE6, SP4.

  119. Tom Taylor says:

    I’ve updated with the patch 923762 and for the most part it appears to fix the issue however I still have a few users that are experiencing a crash in IE.  We are using Peoplesoft and now the crash is caused by urlmon.dll which just happens to be the updated file in patch 923762.  WHY?!?!?!?!

  120. Chris A says:

    Tom – the problem came on 8/12 when Urlmon,dll was updated from suffix xx65 to xx66 and patch 923762 updates to xx67 – have had one crash since instal, was getting crashes every 2 to 5 minutes with xx66. MS are to release a fix for 918899 by 8/22 – may be the answer?

  121. Tom Taylor says:

    @Chris A

    I really hope that the "update for the update for the update" will fix this issue.  For the most part the patch 923762 has helped on most of my machines but there are a few that still have problems although not as often as pre 923762.  Now they will work for a while before they start crashing and only a reboot will fix them temporarily.

  122. Kevin says:

    918899 has caused many of my users extreme headaches.  I was reading along this blog, and see that for some of you, the hotfix 923762 works, but Chris A has apparently noticed a few machines that now crash IE in Urlmon.dll.  

    @Chris A.

    I would love to try that hotfix you posted, but you failed to post the password.  Why would MS password protect a hotfix file?

  123. Chris A says:

    There is a bit of complexity if the file appears with a sub file as to which to apply, so best to contact MS for the hotfix to ensure compatibility with your OS.  Try:

  124. angry says:

    Do thiss also slow down  navigation speed,because apart al 20 seconds crashing i noted also a real slow way to open sites..

    come om ms,moveeeeeeeeeeeeeeee..

  125. George says:

    Just look at the source code and fix … oh.  Sorry.  Never mind.

  126. Mark Kinsler says:

    Thank you, everyone.  I’ve downloaded the hotfix, presumably with success.  Waiting time was not too bad. They’ll assign you a 15-character case number; try to get this early in the conversation in case you get cut off, which happens. I wouldn’t be too hard on Microsoft: nobody’s ever done this stuff before, and they seem to be doing their best.

  127. Chris A says:

    Did the whole thing with MS via e-mail in less than 24 hours – tech’s do 8PM to 6AM shifts.  Courteous, supportive and follow-up within 6 hours of the download.  Also ran a full diagnostic that they looked at and commented on within 1 hour.  First class!

  128. Warlord Raven says:

    Piece of cake. Running Win2K. Went into my WINNT folder and scrolled through the hotfix folders until I got to the one with the latest IE upgrade in it (not sure of the name… didn’t write it down first but it has the following in the folder name IE6SP1 – 20060725 <– make sure it is the one with the latest date.) Open the folder and look for the uninstall file. Uninstalled the update, restarted and am back in business.

  129. Paul Lynch says:

    @ Steve Thornton

    maybe you should consider testing any security fixes before you blindly deploy them into your production environment.

    I’m glad you don’t work on any servers I am responsible for.

    And as for your childish comments about Microsoft Update…. well, just grow up… I was suggesting that people avoid filesharing web sites with good reason… you never know what nasties you may inadvertently pick up…

    Have a nice day….


  130. Chris A says:

    All fine since Friday evening – my Win 2000, IE6, SP4 started crashing again every 5 minutes or so starting around 1PM this afternoon – have re-booted twice.

  131. Jim S says:

    Is the update to the update out yet? I can’t find the dang thing.

  132. John M says:

    At noon it looks like the update page has adopted the same scheduling as Vista – I wouldn’t hold my breath waiting

  133. AHH says:

    I was having the same problem.  In addition to the same browswer crashes, I could not log on to my CBS Sportsline account for Fantasy Football.  

    I removed the 3 Security updates for windows media player and have not had any problems since.  I found your site very interesting and thanks for the info.