IE February 2007 Security Update is Now Available


The IE cumulative February 2007 security update is now available via Windows Update. Alternatively, you can receive this and all other Microsoft updates via the new Microsoft Update. I encourage you to upgrade to Microsoft Update if you haven’t already.

This update addresses 3 security issues – all three are remote code execution vulnerabilities. For more information on the contents of this update, please see:

This “Critical” update affects all supported IE configurations from IE5.01 to IE6 for Windows XP SP2 including IE6 for Windows Server 2003 SP1.

Also included in this release are ‘Important’ security updates for Internet Explorer 7 for Windows XP SP2 and Windows Server 2003 SP1 that disable specific COM objects not intended to be instantiated in Internet Explorer. While these vulnerabilities are considered ‘Critical’ in IE5 and IE6, the objects are blocked by the ActiveX Opt-in feature in IE7, preventing attacks that use non-approved controls from running an exploit. Since some users may turn off ActiveX Opt-in or mistakenly permit the objects to load without prompt, this update disables loading these objects to provide further defense-in-depth. IE7 in Windows Vista already disables these objects and is not affected by this update.

As a reminder, IE security updates are cumulative and contain all previously released updates for each version of the browser.

I encourage everybody to download this security update and other non-IE security updates via Windows Update or Microsoft Update. Windows users are also strongly encouraged to configure their systems for automatic updates to keep their systems current with the latest updates from Microsoft.

Geoffrey Silva
Program Manager

Comments (24)

  1. Caitlin says:

    I run WinXP Media Center.

    IE7 works great, except there are no tabs.

    "open in new tab" shows in the context menu, and "use tabs" is selected in main settings (default), but I have no tab bar and no tabs.

    I have downloaded and installed a few different releases, but nothing fixes this.

    Help?

  2. Mike says:

    @Caitlin

    1) don’t install pirated o cracked versions of IE7, because they generate a lot of problems (instability, crashes, etc.)

    2) remove google toolbar that is huge bugged

    3) remove any incompatibility add-on

  3. Thanks for fixing these security bugs, but please do not forget about all the other non-security bugs that can be even more annoying for the average user.

    The "Disappearing Caret" bug is for example very annoying for customers using 3rd-party toolbars:

    Disappearing Caret in 3rd-party Toolbars

    http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=1012680&SiteID=1

    Please focus also on CSS inconsistencies in future IE versions:

    CSS Zoom property inconsistency

    http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=1103493&SiteID=1

    I cannot stress one more time, how important a public bug tracking database is for a project as large as IE. Please revive the Connect database and make all previous reported bugs accessible again.

  4. steve_web says:

    @Viktor

    You are right, that css zoom thing doesn’t work properly in IE7… and yes, the bug tracking should most definately come back online ASAP!!!

    …but, I’m curious (since this isn’t in the specs (AFAIK), what exactly is this property for?

    I’m trying to understand why one would want such a feature?

    I would presume, that normally, one would want a 100% zoom, but that there might be interest in changing that dynamically (via script) for a global size increase/decrease.

  5. @steve_web

    The IE zoom property is used by many add-ons for zooming the page. Another application is to dynamically zoom parts of the Web page as a mouse hover effect.

    For consistency reasons it is important that zooming affects all child elements regardsless of the specified doctype.

  6. dus says:

    @Viktor Krammer

    IE7 has a built-in page-zoom feature.

  7. @dus

    There are differenes between the IE7 Zoom and CSS Zoom. Both have their advantages and drawbacks.

  8. cooperboone says:

    Windows automatic update automatically installed this update on my laptop today, and now I cannot access any websites with IE7.

    I get the MS webpage "Internet Explorer cannot display the webpage" which, when following the "Diagnose Connection Problems" I get the window to check the firewall settings on HTTP port(80), NTTPS port(443) and FTP port(21).

    I am not a power user….just need for IE7 to work like it did before the update.

    Help!

  9. JK says:

    My client’s website (http://www.everesti.com.sg) displays alright in IE6, but not in IE7. Is this a new bug in IE7 itself? How do I fix the higher headline problem?

    P/S: I wanted to post this comment on the Standards and CSS in IE post (http://blogs.msdn.com/ie/archive/2005/07/29/445242.aspx), but new comments are disabled.

  10. gau says:

    after installing this update i cant open my IE7 it keep on popping an error

    AppName: iexplore.exe AppVer: 7.0.6000.16414 ModName: ieapfltr.dll

    ModVer: 7.0.5825.0 Offset: 00019a73

    any idea guys on how to fix this…

  11. Not My Name says:

    I shut down my computer last night and it said it had 16 updates it was going to install. When I booted up today, IE 7 didn’t work anymore. It acts like there is no internet connection but Firefox still works. It appears other people are having the same problem. Whatever the issue is, Internet Explorer needs to log errors better. There is nothing in the Event Log.

  12. oscar says:

    Please check the following coding, doing on purporse, no mistakes, only checking, and try to render in IE7 and FFox2, look at the rendering. Pleasa…We are a one person operation and can take too many resources to answer what I found…

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"&gt;

    <html xmlns="http://www.w3.org/1999/xhtml"&gt;

    <head>

    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

    <title>Untitled Document</title>

    <style type="text/css">

    <!–

    div {

    color: #FF0000;

    background-color: #666;

    }

    span {

    color: #0000FF;

    background-color: #999;

    border: thin dotted #990000;

    }

    ol, ul {

    color: #0000FF;

    background-color: #aaa;

    border: medium solid #FFFF00;

    }

    li {

    color: #0000FF;

    background-color: #66FFFF;

    border: thin groove #0066CC;

    }

    table {

    border: thin dotted #00FF00;

    background-color: #CCFFFF;

    }

    p {

    border: thin solid #FF00FF;

    }

    body {border: thin solid red;;

    }

    –>

    </style>

    </head>

    <body>

    dklsajflkjasd fljkas lfjkas

    salfdjaslkfjaslk <li>fjlasjkfkljasfl</li> asldjflja eojfoasjdf oasjdf oasjfdoas lasdjfljasd fjlaskjdf laskjdflkasjdflkajsdlkfjasldfj aslfdjsladjf lsajdf lflsd flsjdflsjdf lskjdfl asldfkjaslfdjlsajfd ñasjfñasjfl ñasjfd aflasjfñasljkdf asjdflasj<table><tr><td><p>hola tabla</p></td></tr></table>

    kjaslfjaslfj lksdjfljkdf

    <ol>

    <li>lista1</li> <li>lista2</li> <li>lista3</li>

    </ol>

    lfjaslfjalsfjlaskjf

    <ul><li>lista1</li> <li>lista2</li> <li>lista3</li></ul>

    lasjkf lasjkflas lista1 lista2 lista3 lkasdjf asljfl  

    <ul>hola ul sólo</ul>

    jlskdjf lasjfd lasj fdjaslfdj lsjdfldsjdflasj ldfjlsjdf lsjdf lsjdflsjkfdlsjkdflksj

    <ol>hola ol sólo</ol>

    dlfjksldfkjsljdf lsdjflsdjfldskjflsdjfls jflsjdflsdjf sldjflsjf lsjflsfjsdl fldsjfl

    dklsajflkjasd fljkas

    <p>hola párrafo párrafo …</p> sdlfjlsdf lsdjf lksjdfljsdflj

    salfdjaslkfjaslk <span>hola span span</span> lksdjfljkdf <div>hola división división …</div>lasjkflas fjkas

    </body>

    </html>

  13. mark Lockyer says:

    Stay away from IE 7 until it really is sorted.if ever!

  14. Nocturnal says:

    Team,

    I was wondering why IE7 as of 2/19/07 has been removed from Windows Update?  I work as a tech and I perform Windows Updates for clients.  I’ve done five computers so far and these are all clean installs with SP2.  I go to do the updates and normally IE7 is there as either a mandatory or optional update but it is in neither.  Can someone get back to me regarding this?

  15. EricLaw [MSFT] says:

    @Nocturnal: I’m not sure why you’re not seeing the update, unless the customer deployed the blocking tool.  You can install IE7 directly from http://install7.com (a shortcut to http://www.microsoft.com/windows/downloads/ie/getitnow.mspx)

  16. turan says:

    xp internet explorer 7  kurumu başarısız.

  17. edward says:

    Same error here;

    AppName: iexplore.exe AppVer: 7.0.6000.16414 ModName: ntdll.dll

    ModVer: 5.1.2600.2180 Offset: 00031c6b

  18. edward says:

    am having trouble with ie7 accessing http://www.grandcentral.com

    At the site I enter the area code and get a crash

    AppName: iexplore.exe AppVer: 7.0.6000.16414 ModName: ntdll.dll

    ModVer: 5.1.2600.2180 Offset: 00031c6b

    This is new install of xp home. Prior install worked alright; I had to install ie7 from the ie7 site, not windows update as it was not listed as an option.

    Please help!

  19. QingXie [MSFT] says:

    @gau: Does the issue your experiencing crash the browser immediately after launching Internet Explorer? Also, what happens if you disable the Phishing filter? You can do this by selecting Internet Options from the Windows Control Panel, or if you are able to Internet Options off the Tools menu in the browser, under  “Internet Properties”->Advanced-> Settings->Security->Phishing Filter->Disable Phishing Filter.

    Thanks for reporting.

  20. Nocturnal says:

    Team,

    This is the third straight day that I’m not able to download IE7 from Windows Updates/Microsoft Updates.  I have had several machines ranging from clean installs to none that had SP2 and they all are not seeing the IE7 as an update.

    I’m having to manually download/install IE7.  Is there an issue with the updates or am I being blocked by IP address or something?  That does even exist?

  21. mwatt says:

    I now canno print from outlook express. Getting error message

    An error has occurred in the script on this page.

    Line 2020

    Char;1

    Error:Unspecified error

    Code:0

    url:res:/ieframe.dll/preview.dls

    I suspect it is the result of the

    Cumulative Security Update for Internet Explorer 7 for Windows XP (KB928090)

    Any suggestions to fix?

  22. David Gould says:

    I work for a service centre and it seems that we can’t see it as Microsoft has taken IE7 off the updates site.  And this is during our fresh installs of systems direct from the website.  What’s up and why the hiding of answers?  I’m actually glad as we have a few issues with fresh installs of IE7 on HP machines.

  23. dbpvr says:

    David IE 7 was removed because Microsoft reclassified it as an optional update now.

    I never felt it was was critical unless wanted by the user finally Microsoft changed this because not everyone liked it and hopes to stop people from switching to fire fox

  24. dbpvr says:

    it should now be found by using custom update btw

Skip to main content