IE December 2006 Security Update is Now Available


The IE cumulative December 2006 security update is now available via Windows Update. Alternatively, you can receive this and all other Microsoft updates via the new Microsoft Update. I encourage you to upgrade to Microsoft Update if you haven’t already.

This update addresses 4 security issues:  2 remote code execution vulnerabilities and 2 information disclosure vulnerabilities. For more information on the contents of this update, please see:

This is a “Critical” update and affects all supported IE configurations from IE5.01 to IE6 for XPSP2 and IE6 for Server 2003 Service Pack 1 except IE7 where the associated vulnerabilities do not affect this newer platform. IE security updates are cumulative and contain all previously released updates for each version of IE.

Unrelated to today’s IE update, Microsoft released an Outlook Express update (MS06-076) that resolves an issue in the Outlook Express code that may affect some IE users. 

I encourage everybody to download this security update and other non-IE security updates via Windows Update or Microsoft Update. Windows users are also strongly encouraged to configure their systems for automatic updates to keep their systems current with the latest updates from Microsoft.

Charles Watanabe
Program Manager

Comments (20)

  1. Pawel, M. says:

    Hi!

    When I add a website to the IE7 (version:  7.0.5730.11) trusted sites I go to

    the site and IE7 does not recognize it as trusted. At the bottom of the

    window there isn’t a green check and the page won’t load correctly.

    Even if I add different URL’s related to the site.

    The sites that were previously added with IE6, works fine and IE7 recognize

    them as trusted. Only the websites I try to add after installing IE7 won’t

    work!

    I restored the system prior the IE7 installation and tried to reinstall IE7 by downloading it without Windows Update, but the problem persists.

    All other softwares were closed antivirus, firewall, etc.

    Does this problem has something to do with the new way IE7 handle security?

    My system:

    WinXP Home SP2 (Brazilian portuguese)

    IE6 (version: 6.0.2900.2180.xpsp.050622-1524)

    with all updates and patches.

    Thank you!

  2. Bill says:

    @Pawel M

    Tools -> Internet Options -> Advanced tab -> Reset button

  3. And there’s an optional but frist update for IE7 too, but not offered via WU/MU/AU yet: http://support.microsoft.com/kb/928089/en-us

    This update improves the performance and eleminiates some quirks displaying some sid|tes as an side effect too.

    Although it’s available in "English" only, the update can be installed on localized Windows/IE7 versions also. Only the setup is running in English.

    FWIW,

    Freudi

  4. Fofa says:

    Well, I like IE 7.0 but it glitches some times here and there. Also, its a copy of Mozilla Firefox how Microsoft made tabs.

  5. r.laduc says:

    some hyperlinks will not open anymore, not even on a new page

  6. Peter says:

    After updating 2 XP SP2 machines (one Pro, one Home) with the Dec security update, both IE7 show .url extentions on all favourite entries. Either fav sidebar or ‘links’ symbol segment.

    This did not happen with pre-update IE7.

    Any tips or tricks?

  7. Aedrin says:

    "Also, its a copy of Mozilla Firefox how Microsoft made tabs."

    And you think FireFox invented tabbed browsing?

    If everyone invented their own user interface standard, we’d still be in text mode.

  8. Frank S says:

    "Also, its a copy of Mozilla Firefox how Microsoft made tabs."

    To continue on top of what Aedrin said:

    I think’s its a great idea they ‘mimic’ (not copy) Firefox, since it’s consistent.

    And had they done their own implementation, you would probably be moaning that they weren’t consisted, and should have mimicked Firefox.

    They can’t really win!

  9. steve_web says:

    @Frank S, Fofa, & Aedrin:

    We only wish they had copied Firefox’s tabs… if they had, they wouldn’t have stuffed all the tools on the tab row, you’d be able to close the first tab (and free up several square inches of precious real-estate) and be able to load content into existing tabs, drag contents to a tab, have every new tab open beside the current tab, have tabs that mimic the OS, etc. etc.  but why copy the good parts about tabs?

  10. Jonathan says:

    I Downloaded And Installed IE7.5730.11 Over A Month ago Using The Save To Hard Drive Route, All Seems Quite Stable But One Bug Is Very Annoying: When I Start IE7 Using The Shortcut,it wants to connect to the internet,so I Connect and then A 2nd Connect box pops up and then I Connect again, this time it connect, This Is A Dial-up User Connection Bug, IE7 Uses It’s Own Connection Window partially and Then Finally Uses Windows XP Connection Window To Finally Get Connected: Please Fix This Bug!

  11. campa says:

    @steve_web

    probably it isn’t so bad they put all the icons on one row, because like this you save space in vertical (you only need two rows instead of three or four)

  12. goose says:

    Thanks Microsoft for keeping the baddies out of our systems! Internet Explorer 7 is unfairly targeted by hippies, terrorists and communists who just want to make our lives miserable.

    Your security is remarkable!

  13. Nathan Gerber says:

    Is there a patch available or in testing yet that will disable the maximum JavaScript array size limit imposed in IE7 yet?

    We are having to tell customers to not upgrade to IE7 because of this. We have an array that contains over 10,500 items within it and will only grow in the future. The page works fine in IE6 and alternative browsers, but refuses to work in IE7. All we get are errors. When we tested and trimmed the array down for testing purposes it worked fine (though lacking all of the data). We have verified that there are no special characters within the array that may otherwise mess things up.

  14. doc0tis says:

    @Jonathan

    I really thought the annoying bug you were talking about was the fact that everytime you post The First Letter Of Every Word Is Capitalized.

    –doc0tis

  15. Arieta says:

    >>have every new tab open beside the current tab

    huh? opening a link in a new tab will launch the new link next to the current tab, not the end of the tab row, if thats what you mean. It can be reversed for every new tab to be opened at the far end of the tab row under options. I don’t see the problem here.

  16. Charles Belov says:

    I just had a IE6->IE7 degradation reported to me on our website.

    http://www.sfmuni.com/cms/msft/fareinfo_wstyles.htm#passports

    has a bulleted list reading:

    1-day Passport $11 (where to buy)

    3-day Passport $18 (where to buy)

    7-day Passport $24 (where to buy)

    The 1, 3, or 7 is not visible in IE7 maximized at 800 x 600 or 1280 x 1024, and is barely visible at 1024 x 768.

  17. Marcus says:

    I installed it through the update but IE7 won’t start. The mouse cursor briefly changes into an hourglass but after that, nothing. It doesn’t show up in the taskmanager. I’ve tried to start without add ons, disabled all ActiveX or other components but to no avail. Changed everything to default settings, but that didn’t work either.

    I did a rollback to IE6 and everything is fine again. Never had any problems with Firefox.

  18. steve_web says:

    @campa,

    The issue with the icons, being on the same row as the tabs, is they take up room, that we all want to use.  I can only open 4-5 tabs, then things start crunching (even worse on a small screen)

    If the icons (for the tools/action/?) were actually on their own row, they could be dragged to an appropriate place, and fit in wherever desired, or better yet, be turned off.

    What is so annoying, is that they are "bound" to the tab row.  You can’t hide it, and you can’t move it, worst of all, if you decide you don’t want to see it, you can still only hide all but one of the icons.

    And as for the "vertical" savings, again, if I could hide the single tab, when no others are showing, I could save several square inches of space! (57,600 pixels! on a [16×12] screen) or 2+ lines of regular text.

    And that is using the "Small Icons"!

  19. FF says:

    IE7 is a browser of the old times. Can even interpret a simple <td align="right">

  20. vozeldr says:

    I don’t like that a web developer can decide how I can print. If I want to print only one paragraph from http://msdn2.microsoft.com/en-us/vstudio/aa948853.aspx I have to copy and paste it to a document and print it from there. That’s bogus and should be addressed in the next update. Granted, the page is allowed to print using a different style that actually prints pretty nice (if I wanted the full document), but I should still have the option to print what I want from my own browser.