Update Available for IE 5.01, IE 6.0 SP1, and IE 6.0 on Server 2003


This morning we re-released three versions of our August 2006 cumulative security update (MS06-042). As I had written about before, the original release of MS06-042 introduced a new security vulnerability for IE 6.0 SP1 users which we addressed in a subsequent re-release. However, with the increased scrutiny this release received, a security researcher responsibly disclosed to us that a similar vulnerability was also discovered in IE5.01 on Windows 2000, IE 6.0 SP1 (in a different location), and the original release of Windows Server 2003 (not SP1). This re-release fixes that vulnerability.

This update is available through all of our normal release channels including Windows Update, Automatic Update, Download Center and our deployment tools such as WSUS. We recommend all affected customers install the update immediately. Users running Windows XP SP2, Server 2003 SP1 or any of the IE7 betas, IE7 Release Candidate 1, or Windows Vista are not affected and do not need to take action.

This release and the need for subsequent re-releases have certainly been a learning experience for us. This update cycle has not been an example of our best work, but as I mentioned earlier we have used this experience to improve our processes and increase transparency to ensure all of our releases are of the quality we expect and our customers deserve.

Tony Chor
Group Program Manager

edit: removed Download Center link

Comments (30)

  1. Anonymous says:

    The hotfix for the popup window issue, described in MS KB 923996, has been made publicly available for download from Microsoft.

    The URLs are:

    For Windows XP SP2 – http://www.microsoft.com/downloads/details.aspx?FamilyId=FF9BC431-01F3-48E8-9A58-D701D2E60C1D&displaylang=en

    For Windows Server 2003 SP1 – http://www.microsoft.com/downloads/details.aspx?FamilyId=4AE4AA58-97FB-4CCF-ABA4-F9271A9282E2&displaylang=en

    For Windows Server 2003 SP1 (ia64-bit) – http://www.microsoft.com/downloads/details.aspx?FamilyId=E9E5A987-A833-45B7-9127-8B812B27F44C&displaylang=en

    For Windows Server 2003 SP1 (x64-bit) – http://www.microsoft.com/downloads/details.aspx?FamilyId=2B7B1D5B-0B08-432A-B552-857997513476&displaylang=en

    I hope this information is useful to some folks here.

  2. Anonymous says:

    Correct me if im wrong, but there is no new release (Sept 12th) for the issue discussed in http://support.microsoft.com/kb/923996/ for Windows XP SP2 with IE 6. (The latest version in general release).

    We use SharePoint alot in our organisation and all our site administrators are encountering exactly this problem (as are we).

    Why was this not fixed and re-released when the other V3 releases of MS06-042 were released?

  3. Anonymous says:

    Hello,

     

    This is Christopher Budd.  I wanted to take a moment to let you know that we’ve…

  4. Anonymous says:

    always up grade sp1 if you know wat it is for

  5. Anonymous says:

    http://blogs.msdn.com/ie/archive/2006/09/12/750815.aspx#750992

    Marcus you are correct, you still have to call for that hotfix

    I don’t know why.

  6. Anonymous says:

    Regarding hotfix 923996.

    Why on earth isn’t this hotfix included in this updated update for IE?? The hotfix was ready in August.

    I just checked with Microsoft and we cannot release the 923996 hotfix on our website to our customers. Many of our customers is affected by this serious bug from Microsoft. This means that they all have to call Microsoft to obtain this hotfix.

    I am very dissapointed with the way Microsoft has handled this bug and how hotfixes and updates to IE are released.

  7. Anonymous says:

    OK, I just installed IE7 and freaked out! Please, oh please, make ALL TOOLBARS and ALL BUTTONS movable!!! It’s SO FRUSTRATING not be able to move main menu over the address bar, or toolbar at the right corner of tabs bar to somewhere else… or favorites button to another toolbar… you get the point!

  8. Anonymous says:

    I had to reinstall windows 98 se and know my printer won’t install because I need a higher verson of internet exployer

  9. Anonymous says:

    (My question in the previous blog has been answered, thank you to both those who emailed me).

    I have a question about the styling of input text fields and their associated submit button in IE7 (version/build 7.0.5700.6).  There appears to be styling that can not be removed.  On a site where every pixel has to be exact I am finding myself unable to remove a normal state added padding to the submit button.  I have a couple partial screenshots…

    Text input focused

    http://img157.imageshack.us/img157/5131/iefocusbe6.gif

    Text input without focus

    http://img157.imageshack.us/img157/7444/ienofocusqh9.gif

    The submit button is effected by the input text field so I am unable to control the submit button directly. Regardless I tried setting border, height, max-height, max-width, margin, padding, and width to the button on all pseudo-elements for the button without success.

    Also will we be able to see support for the :focus pseudo-element? For example focused elements typically have an orange background for high contrast if the user tabs through elements on my site. Opera also does not support this.

  10. Anonymous says:

    Some of you guys can’t stay on topic to save your life, haha.  This topic has nothing to do with IE7.

    I have to wonder how much more effective these complaints would be if they weren’t all convoluted like this.

    I’m going to go off topic for a second to illustrate my point.  Several months ago I submitted a bug to Internet Explorer Feedback on Connect ( https://connect.microsoft.com/IE/ ).  It was a bug concerning an application I wrote which wouldn’t function properly when IE7 was installed.  It took a few weeks, but Microsoft investigated the problem and contacted me about it.  They pointed me to a solution, I fixed the problem in the application and my customers are happy again.  Had I complained about it here, I would have never had that level of support.

  11. Anonymous says:

    P.S.

    The "Rules for Comments on the IEBlog" and "What We Talk About on IEBlog" links to the right explain it best.

  12. Anonymous says:

    The Steve:

    You forgot the most important rule of UI design, people don’t read. If it looks like a textbox then they’ll type in their complaint no matter what kind of rules are posted.

  13. mmichek says:

    a note about hotfix 923996…this hotfix has been applied to a number of our systems and are encountering a new problem as a result (javascript error regarding ‘Permission denied..’). So it may be that further regression testing is going on before it’s rolled into the cumulative update.

  14. Anonymous says:

    Wow… another stand up job by microsoft to fix bugs in internet explorer….. and ie7 .. yes it may still be in beta.. but holy crap it has a lot of issues already.. Even when its out of beta i still wont use it daily…

    I’ll stick with my 98se and firefox 1.5… xp pro only when apps need it…

  15. Anonymous says:

    Simple Questions…

    Does this issue affect Windows 2000 SP4 running IE 6?

    It seems like a simple questions but when you start looking into the document, more and more you should become confused.  In the re-re-release of this only the .dll’s (urlmon) of Win 2003 were changed to reflect the current date of Sep-2006, no other .dll’s were changed in Win 2000/XP.  

    When I read titles and caveats that say.."On September 12, 2006, this Security Bulletin and Internet Explorer 6 Service Pack 1, Internet Explorer 5.01 Service Pack 4, and Internet Explorer 6 for Microsoft Windows Server" is Win 2003 the only affect OS or should we be applying this patch to everything?

    Thanks for any help..

  16. Anonymous says:

    windows internet explorer for update

  17. @Itsme

    Have a look into the IE6.0sp1-KB918899-Windows-2000-XP-v3-x86-ENU.exe once again and don’t be surprised to see the urlmon.dll in there beeing dated August 31th with file version 6.0.2800.1572. Version 2 of KB918899 for IE 6 SP1 included version 6.0.2800.1567 of urlmon.dll, dated on August 4th. Conclusio: version 3 of KB918899 updates IE 6 SP1 under Windows 2000 and Windows XP *SP1* too and should be applied.

    For Windows Server 2003 version 3 of KB918899 is relevant *if* you don’t have applied SP1 for Windows Server 2003 yet.

    Bye,

    Freudi (who’s quite wondering, why those revisions, at least version 3 of KB918899 which has been released on regular Patch Day doesn’t show up with a new KB number and a "individual" Security Bulletin to minimize the foreseeable confusion)

  18. Anonymous says:

    Hi

    I am seriously looking a KB 923996 Fix. Our Corporate is extensively using SharePoint and guys are struck up with work because of the Error occurred during execution which are mentioned in KB 923996.

  19. Anonymous says:

    Anyone having problems with WSUS or WSUS3 beta rolling out 918899 to Windows 2000 or 2000 server?  WindowsUpdate.log shows numerous attempts to download but download fails.  Ended up manually installing file that I copied from the WSUS3 beta contents directory so I know the download file is not corrupt.

  20. Anonymous says:

    In Korean Win2K3 Ent, I can’t run the IE 7.

    First I downloaded IE7 from MS site.

    Install the IE 7. it’s correct. next reboot.

    I tryed to log in.

    The message appeared, that is (by translate to korean) "User32.dll System DLL realloc to memory. Applications has not to run not correct. "C:WindowsSystem32SHLWAPI.dll" DLL is allocated memory space reservced by Windows NT System DLL. You can receive ….."

    Why the message appeared?

  21. Anonymous says:

    Performance is also an issue comparing to Firefox browser.

    Internet Explorer RC1 takes 30MB RAM space while firefox takes 19MB when opening only one tab with the page http://www.google.com.

    I think Internet Explorer 7 is very friendly for users and feature-rich. But hope the performance could be better as well.

  22. Anonymous says:

    Next try, the first comment didn’t make it through:

    KB923996 has been released to the public via DownloadCenter the other day.

    Bye,

    Freudi

  23. Anonymous says:

    update the internet explore 6.0