IE May 2007 Security Update Available Now

Good morning everyone, I am pleased to announce that the IE Cumulative Security Update for May 2007 is now available via Windows Update. Alternatively, you can receive this and all other Microsoft updates via the new Microsoft Update. I encourage you to upgrade to Microsoft Update if you haven’t already to ensure that you receive the latest updates for all Microsoft products.

This update addresses 6 remote code execution vulnerabilities. For detailed information on the contents of this update, please see the following documentation:

This update is rated “Critical” for IE 5.01, IE 6 Service Pack 1 on Windows 2000, IE 6 for Windows XP, and IE 7 on Windows XP and Windows Vista. For Windows 2003 Server with IE6 or IE7, this update is rated “Moderate” due to Enhanced Server Configuration.

As a reminder, IE security updates are cumulative and contain all previously released updates for each version of Internet Explorer.

I encourage everybody to download this security update and other non-IE security updates via Windows Update or Microsoft Update. Windows users are also strongly encouraged to configure their systems for automatic updates to keep their systems current with the latest updates from Microsoft.

Geoffrey Silva
Program Manager
Internet Explorer Security

Comments (69)

  1. In the Microsoft Security Bulletin Summary , the information below is provided on the updates for May,

  2. lee sun sin says:

    for IE security,

    when will you autoupdate IE7?

    please say to me.

  3. james says:

    when will you autoupdate IE7 of china, korea ?

    please !!!!

  4. The security update changed my default browser from FireFox to IE:  it should not have done this.

  5. Anphanax says:

    Charles, you’re not alone (I wondered why it did that, and it’s not the first time either). I had some additional problems afterwards, where I tried to run programs only to see them not doing anything (including trying to launch task manager from the CTRL-ALT-DEL screen seen when that friendly crap is turned off). After several minutes everything suddenly happened and I had like 8 task managers come up. SQL Management Studio, Visual Studio, Outlook, Notepad… Only one that that seemed to open was cmd.exe and other console applications (e.g. taskkill, tasklist, tskill). Something seemed to be nailing the processor because the textboxes were taking forever to respond in the applications that were running before that … thing happened.

    I’ve had that… freeze thing happen on several computers and I’m curious if anyone here has any idea what that is (ShellExecuteEx not working right because of some hold up somewhere?)

  6. luc says:

    @lee sun sin

    IE is autoupdated via Windows Update. Updates are automatically downloaded and installed without user interaction

  7. t says:

    Just to applied the latest patch with Windows Update. Thanks so much for turning my English IE7 half Chinese (Main UI, menu, search settings) and half English (most of the Internet options pages).

  8. @luc says:

    when will you autoupdate IE7 in korea,china and japan?

    early in april?

    early in may?

    early in jun?

  9. Brian LePore says:

    So IE 5.01 is still used and is important enough that you put out security updates for it, but it’s not important enough that you think a VM for developers to test in makes sense?

    And where is the love for IE 5.5? Doesn’t that need updates?

  10. S.D.Maley says:

    After applying the cumulative patch (kb931768) for IE7, it gets lost if faced with more than one Tab.  

    It just seems to get lost. Sometimes it can be killed with it’s Close widget. Sometimes even TaskMan cannot kill it, and one must logoff/logon.


  11. Aedrin says:

    "So IE 5.01 is still used and is important enough that you put out security updates for it, but it’s not important enough that you think a VM for developers to test in makes sense?

    And where is the love for IE 5.5? Doesn’t that need updates?"

    There is no VM to test with IE 5.5 or 5.01 because they’re both -old versions-. Old as in shouldn’t be used any longer.

    The only reason people don’t always update is because everyone wants to support every single browser out there. There is no need to update if everyone is still out there trying to support you, is there?

    Software gets old, and needs updates. IE is free to update. If someone is unwilling to keep their system up to date, why would I want to do business with them?

  12. Diaw says:

    I have IE 7 performance issue after installing security update for IE 7(KB931768). It seem that memory usage has gotten higher for IE 7 and has been freezing, never had this before. Can you please check if there is a performance issue when installing this security update?

    I also notice that when several tabs is open  IE 7 would show some of the tabs as a separate IE 7 windows meaning the tab is showing up in the taskbars.

  13. Layla says:

    Ever since I got this update yesterday(KB931768), I cannot clear my Browsing History in IE7.  Where do I go for support?

  14. Diaw says:

    for got to mention that I’m using Window Vista Internet Explorer 7. Those issue need to be fix.

  15. Chris Dickerson says:

    When shouldn’t this update install on Windows Vista 32bit? (If you have another update this makes a fail situation..)

    Cumulative Security Update for Internet Explorer 7 in Windows Vista (KB931768)

    Failed: 1 update

    Error(s) found:

    Code 8007000B

  16. marcelo says:

    Charles A Upsdell said:

    >The security update changed my default browser

    >from FireFox to IE:  it should not have done


    charles, with my respect, don’t bother to update IE… just get rid of it and use Firefox ! Cheers


  17. Ogre says:

    Where’s this "new" Microsoft Update? The link you posted goes to the old/current Microsoft Update which still looks almost exactly like Windows Update. Am I missing something here? Is this maybe a Vista-only thing you speak of?

  18. TMaster says:

    Argh, my Internet Explorer changed language after this "update". How can I undo this, without changing any other system or software settings?

    I really prefer to have an English language browser. (I’m talking about the interface here. I know how to change my Accept-Language header.)

  19. Aaron says:

    I applied this patch on an XP sp2 box and IE will no longer run it launches then provides an error message.

    Do you really want to save thyis file?

    Name: navcancl

    From ieframe.dll

    error message: the file you are downloading cannot be opened by the default program. this happens on all website extentiosn aspx, html, htm….

  20. Vicki says:

    After the May 2007 update my screen size shrunk and changed shape.  How do I get it back?

  21. martin says:

    When are IE security updates going to STOP making IE my default browser?

    I dare say it has to be no coincidence that after applying each and every such update I have to instruct Firefox that yes, I do in fact want it to be my default browser the next time I start it up.

    Or does Firefox as a default browser now qualify as an IE7 security issue that needs resolving? 🙂

  22. Jeff Levin says:

    Ever since I installed this update, Windows Live Toolbar (03.01.0130, the latest version) and Java (1.6.0_01, the latest version) conflict with each other.  Unless you disable the toolbar in the add-ins section of IE7, you get a "the java runtime environment cannot be loaded" message on any page that employs Java coding.  When you disable it, Java works fine.  When you exit Explorer after getting the message, you get a critical "cannot read memory" error.

  23. Why is IE 7 rendering Content-Type text/plain .txt files as HTML?

  24. Steve says:

    If you get the "Do you really want to save this file? Name: navcancl" error try this:

    Uninstall MS07-027 (IE Cumulative Security Update for May 2007 ) to get IE7 working again.

    My flatmate had this problem right after the May 07 patches went in – After uninstalling MS07-027 his browser started working correctly.

    He was running Windows XP SP2 with IE7 installed.

  25. Heywood Jabuzzoff says:

    The automatic update kept looping on this patch (install, report that the same update is available after installation) on Win2K.

    It didn’t change my default (FireFox), but it DID remove its quick launch button from the taskbar…

  26. Chris says:

    I’m getting the same thing, update for IE6 on Win2k gets installed, then a few secs later pops up again saying a new update is avail

  27. Michael Kraft says:

    I am comparing the files installed by KB931768 on Win XP SP2 and what is

    listed on the page listed above and a number of files mismatch (ieapfltr.dat, ieapfltr.dll and ieudinit.exe), but one file, corpol.dll, listed as included in the patch wasn’t actually in it.  It was in the prior cumulative update so it seems like it should be in the update.

    Is the file manifest wrong or was this accidentally left out?

    Also the KB933668 patch for the Office 2007 Compatibility Pack lists that it

    installs Xl12cnv.exe. I could not find that file, but I did find

    excelcnv.exe which contains the same exact size, date, time and version

    number. I also found an updated Wordconv.exe and Wordconv.dll not listed on

    the web page.

  28. Stanoislav says:

    I also have the same problem after installing the patches from the windowsupdate this week

    IE is unusable, always brings up the following dialog.

    Do you really want to save this file?

    Name: navcancl

    From ieframe.dll

    The file you are downloading cannot be opened by the default program

  29. Holger says:

    My JAVA (jre1.6.0_01) stopped working after this update. IE7 just keep giving me an ‘X’ for all java applets under Vista. Java reinstallation + doublechecking all checkboxes that could prevent java to run didn’t help at all. Well, I changed to firefox once again.

  30. codemastr says:

    I thought it was IE7 *IN* Vista, Not on… If MS can’t get it straight how are we supposed to?

  31. Gregory Fala says:

    I am also getting the following error:

    Do you really want to save this file?

    Name: navcancl

    From ieframe.dll

    I am on a network at a University.  I tried uninstalling the update, but then my computer was automatically updated again.

    Do you guys at Microsoft test these updates before they go out?  I hope so.  Because with the error I am receiving, I am more inclined to use Firefox from now on.

    I hope you guys put out a patch for the patch soon!

  32. ST says:

    Aaron, Steve, Stanoislav, and Gregory Fala.


    Changed cache folder from default("Temporary Internet Files").


    Do not change cache folder from default("Temporary Internet Files").


    Check your cache folder’s NTFS-ACL.

  33. Peter Nimmo says:

    Ever since installing this update the last accessed dates in the history are always set to the time you look at them, even if it was days before so even my wednesday browsing shows the current date and time rather than the time I accessed it on the 09th

  34. FAW says:

    Ever since installing this update – nothing bad has happened. I do not get my default browser settings changed. I have no access issues with my machine. All of my programs work as they always did. None of my settings or preferences have been modified.

    I have an XP machine and a W2K machine, IE7 on the first, IE6 on the second. Updates went perfectly on both.  As an FYI, I use Mozilla as my default browser.

  35. Gregory Fala says:

    Could you provide more details on how to accomplish the workaround provided by the Hoax Knowledge Base for the "navcancl" issue?

  36. stanoislav says:

    The workaround suggesting problem with Temporary Internet Files didn’t work – I’m using the default location.

    However I have found a way to fix this problem – go to control panel, internet optios, advanced and under security set phishing filter to disabled. Your ie will start working again.

    I guess turning off a security feature isn’t the best workaround – but it will get you going until a better fix is available.

  37. Mary Kaspar says:

    Dear Mr.Geoffrey Silva:

    Your team screwed up big-time on this one.

    Everyone makes mistakes. What really counts is how someone remedies his mistakes.


    Mary Kaspar

  38. ieblog says:

    Thank you all for your feedback! The IE Team is investigating your reports.

  39. Pat CAdigan says:

    And when I applied the update for IE7, the browser could no longer access any websites. All I got were messages about how my connection seemed to be faulty or the website in question was down. I rolled back the settings to a previous restore point and, when the updates downloaded after reboot, I opted out of the IE update. Just to keep everything working properly.

    This latest update really sucks.

  40. Lee says:

    I have the same issue for downloading that navcancl file as well and internet explorer will not work so I restored my computer to a previous state before the update and turned windows update off, I hope you guys fix this soon because this is a royal screw up and I’m not the only one experiencing this problem. I am running Vista Ultimate 32 bit!!

  41. Ant says:

    Should it be of any help:- I had a variant of the "navcancl" issue after installing the patch; in my case it tried to save "Firefox Document" from and then closed. BUT, I am pleased to report that disabling the Phishing filter works fine. ( my TIF folder is "C:Temporary Internet Files" : I dont have any folders in the path where I believe the ‘default’ TIF folder belongs ).

  42. Arvid says:

    I also am having the navcnl problem and IE7 won’t run after installing the KB931768 update. I remove the update and everythings fine. I tried installing it three times with the same result each time. So I’m running without it and with Microsofts automatic updates turned off because they keep reinstalling it.  I’m running Win XP SP2.

  43. Annoyed says:

    Yes this has messed up my IE7 too.

    So the answer seems to be, from reading this website, is that you just un-unstall the latest update and that shoutl fix it ? How annoying of microsoft.

  44. ibn says:

    Since updating, I’ve been noticing evidence of hacker activity on my computer, but cannot find any log information that would indicate the access points or what programs were being run.  My Internet Explorer stopped working.  I had to get Firefox installed just to use the internet, no matter what I do, even using advice from Windows help I cannot get it to work.  So when I try to access features in Windows Live Onecare they won’t work because those features only work with Internet Explorer.  The big tip off was an error log to Company of Heroes that indicated the game failed on two occasions to load properly.  Both times I was no where near the computer and the game disc wasn’t even in the drive.  Checking the logs, the hacker altered the start-up files to get past game tutorials for a new user.  My settings on my Firewall are to block all outside access to my computer, and to not share any files with any computer.  Can Windows Live Onecare spot this activity, block it, and log it, so that I can be better prepared?  I like the way Windows Live Onecare runs, integrated and smooth.  A hacker got through my old firewall and installed a ton of programs on my system.  That time I reformatted the entire 300Gb drive just to get rid of the hacker.  Now I’m running Windows Live Onecare and I need to have confidence to stay with it.  I need to know more information of what activity is transpiring between my computer and the internet.  Please ask your tech guys to come up with an update to make this happen.

  45. Russ says:

    Same problem, Microsoft.  Only remedy that worked for me was a system restore, and disabling automatic updates.

  46. James Snell ( says:

    After installing Windows Update KB931768 I had the same problem, with IE7 opening, then immediately closing, and a dialog box appearing asking if I wanted to save navcancl. The only remedy I could find was doing a system restore to before installing the update. I’ve heard it suggested that the issue is related to having Temporary Internet Folders in a nonstandard location, which I did. I tried changing it back to the standard location, but when I did, most of the files that should appear there didn’t, though some did; so there’s no point in proceeding with that experiment. There’s also been a suggestion that the issue is related to running IE7 in protected mode. At this point my strategy is just to wait until MS releases a new update to fix the buggy one.

  47. Russ says:

    To add more helpful information for the IE Team:  I am using the default setting for the temp file location and do not have the phishing filter enabled, yet I continued to experience the navcanl issue reported by other posters. The only fix that worked was a system restore, and disabling auto update. Obviously this was a very poor example of regression testing by the IE team.  I fear they have become so hypersensitive to reports of security problems that they are releasing bad fixes before they’re fully verified.  I remember the bad old days when this was common…please say we aren’t going backwards, Mr Silva.

  48. koumalek says:

    After installing IE7 on WinXP SP2 X86, the system behaviour is changed. After clicking the icon on the desktop, the IE7 search,  not our manufacturing application at http:// warehouse.factory.local at intranet. Because address do not exist on the intranet, IR display error. If I find and click the small button "Home" at the IE panel, proper page is loaded.

    But, this is not acceptable behavior !! Our semi-skilled workers can not footle and expatiate screen. They are accustomed to big 1-2" characters on the screen, and to buttons sized as matchbox. Only operation they do out of intranet application is click to IE icon.

    Please, can you some tell me why IE7 force me go to pages which I do not need and which do not exists on the intranet ? Please, where is (in registry or elsewhere) possible to disable this fatal behavior ?

    This behavior not occurs with the normal internet connection. I assume that IE7 after starting is redirected on the and there do some unpublished actions. But this is fatal on the isolated intranet where msn.conm do not exists.

    Thanks for any suggestions.

  49. Russ says:


    I understand your situation, as we have a similar arrangement with line workers.  Unfortunately, Microsoft did not consider the impact on this customer base when it released IE 7.


  50. Lily Yee says:

    With Windows Autoupdate turned on, the IE7 Cumulative Security Update for Vista (KB931768) installed this morning at 3AM and broke IE7. Opening IE just results in a box where ieframe.dll wants to do something with navcncl. Uninstalling the update fixes the problem. Manually installing the update makes no difference, it still breaks IE7. So, for now, I’ve turned off Auto Update.

    Vista Premium 32-bit

    Office 2007

    IE7 Protected Mode=On

  51. Graham says:

    I also applied this patch on Vista home Premium and IE7 will no longer run it launches then provides an error message.

    Do you really want to save this file?

    Name: navcancl

    From ieframe.dll

    error message: the file you are downloading cannot be opened by the default program. this happens on all website extentiosn aspx, html, htm….

    I have Philshing Filter turned off

    I have the Default temp files

    I have Protected Mode::OFF

    So, all these suggestions made no different to me.

    Just uninstall the Patch, reboot, when Vista comes up to nag about installing again, open updates, right click and select Hide.

    **It’s a STINKER and NEVER should have been released. Luckily, I have Opera and Firefox, or I would not even be able to access the Net!

  52. DaMiaN says:

    I have a problem with IE7 a error message has come up telling me to save navcancl when will the next update come so I can use IE7 properly. At the moment im running it as administrator..

    Get us out of this mess…

  53. Mark says:

    Re Navcancl and non-default location for Temporary Internet Files Folder. To resolve the issue in Vista, make sure that "Authenticated Users" have "Full Control" permissions to the parent folder. Eg, if Temp internet files is D:CacheTemporary Internet Files, ensure "Cache" folder has permissions mentioned above.

    Once that is done, the patch does not cause a problem.

  54. John Gosling says:

    For the last few days a web application which has worked without problem for several years has developed intermittent problems with POST data not being received by the server. We have tried putting the application on a different server to rule out ISP problems but to no avail.  The problem is intermittent, with most POST data getting though but sometimes none.  The problem is being experienced by a variety of users in different settings.  The ONLY factor in this situation that has changed in recent days is the recent IE update and we suspect this is the cause.  Has anyone else exerienced the same thing?

    To be more specific, the data which should be posted is a mixture of button-array values mixed with occasional free text. We don’t know if it is particular text or character combinations causing the problem as the data never arrives at the server and our testing so far hasn’t been able to reproduce the problems our users are having.

  55. S Marsden says:

    Has anyone noticed that "Shrink to Fit" printing no longer works since applying the cumulative patch? We have many users that print large scanned images from IE. The prints no longer fit on one page automatically — users have to manually scale down to 30% in Print Preview and then print.

  56. Steve says:

    I would suggest technical proficient users also check to see where IE7 is actually putting new cookies and new cached files.  I found on Vista that the cookies were not where they should have been and IE was putting Temporary Internet Files in neither the default location nor the specified location.  A friend also reports his cookie store is in the wrong place.  It might take some detective work to find them in the /AppData/ structure!

  57. SS says:

    My RSS feeds in IE7 have not been automatically updating since updating my computer with this update (along with the other recommended updates for May).  I’m running Windows XP Pro SP2.  Is anyone else experiencing this problem or is my problem being caused by something else?  Thanks

  58. PS says:

    I applied this patch on my XP sp2 PC and IE& will no longer run, it launches then pops up an error message.

    Do you want to save this file?

    Name: navcancl

    From ieframe.dll

    error message: the file you are downloading cannot be opened by the default program. This happens on all websites

  59. @koumalek

    "Problem: IE always goes to instead of your homepage":

    Run this .reg file: (double clic -> Merge) … and reboot IE.

    " was created by Eric Lawrence, a program manager for the Internet Explorer project at Microsoft."

    See also:

    "The new Internet Explorer first run screen".

    "Fix: Internet Explorer 7 is stuck at the first run welcome page".

    Vincenzo Di Russo

    Microsoft® MVP – Most Valuable Professional

    Windows – Internet Explorer since 2003

  60. Adam says:

    This update installed automatically on all the machines of a medical clinic I support.  The clinic uses a web based practice management /billing system.  Several of the computers would not connect to any web site after this update.  IE would just spin its wheels saying "connecting" for 1/2 hr or so, and would try to go to what I think is the customize setting page. I don’t remember the full URL, but I believe it had fwlink as part of the URL.

  61. TRACY says:

    My computer was sold too me 2nd hand with XP loaded. As of a few days ago my internet explorer page won’t open up. I cannot install the service pack because the person who sold me the computer built in a bootleg copy of XP.

  62. Robear Dyer, MS MVP says:

    The "File Download – Security Warning" dialog box opens when you try to open Internet Explorer 7 (16 May-07)

  63. I read all of the comments posted here by people experiencing IE May 2007 Update problems, but did anyone have trouble executig Adobe Reader 8 after the update downloaded? I couldn’t get Adobe Reader to work and any time I clicked on a link in IE to open a PDF file and I got the message "connection can not be found. IE will now close….". A lot of sites that I use regularly would not open either. I unistalled all of the IE 7 updates via the Add/Remove programs feature and it fixed the problems, but I lost tabbed browsing features. I downloaded the update to fix that, but now Auto-update is bugging me to download the May07 update again. I disabled Auto-updater until I know these problems are solved.

    Thanks for a reply!   Wendy Ragsdale

  64. IE7 will not open web pages after the update was installed on XP SP2 I went to add remove programs and removed the up date and IE7 will now open web pages. Trouble is atuoupdate keeps installing it and Norton keeps turning autoupdate back on. HELP!

  65. SS says:

    You can have Automatic Updates on and tell it to not install a certain update.  This isn’t recommended, but it’s better than having Automatic updates off completely.

    Go to Windows Update (in Internet Explorer Click Tools -> Windows Update).  Click Custom.  After the pages loads, uncheck the update, and select "Don’t show this update again."

    Windows will still periodically remind you that you’ve hidden important updates, but not as persistently as it does when you turn off Automatic Updates completely.

    P.S. Anyone experiencing a problem with RSS feeds not automatically updating in IE7 after the May updates?  Thanks.

  66. Olivier B says:

    I finally got IE7 to work again. After updating Internet Explorer, I got the ‘navcancl’ problem mentioned in this blog. In my case, I had the temporary files folder on a partition other than the original location, namely "D:DownloadsTemporary Internet Files". I’ve had this folder at that location for years.

    Moving the temporary files to any other location works. It doesn’t have to be in the original location. The problem seems to be the "AntiPhishing" folder located, in my case, inside "D:DownloadsTemporary Internet Files". It’s one of those system folders that are utterly impossible to delete, rename, or move. Even my trusted friend Unlocker couldn’t do anything.

    It appears that the update has a problem with having the "AntiPhishing" folder inside the "Temporary Internet Files" folder. Turning off the phishing filter allows IE7 to bypass this problem, but I found a workaround.

    I was able to rename "D:DownloadsTemporary Internet Files" to "D:DownloadsIE7 Files", and that folder now contains "AntiPhishingAntiPhisihing" and "Temporary Internet Files". I also have the phishing filter on.

  67. John Gosling says:

    This is a follow-up to my post of May 15 6:26 AM above.

    Having not been able to determine the cause of the failure of POSTed data getting to the server, and having tried the application on three different servers at different ISPs, we completely re-wrote the application using an embedded Flash form rather than conventional HTML forms.  Exactly the same problems occurred with the data posted from Flash not being received by the server (although the URL was reached and the script in question was activated).

    After further investigation of the server logs we have now discovered the cause of the problem: namely that the POST requests are getting changed to GET requests!  This happens only intermittently and under circumstances which we cannot determine.  It is also happening for IE5, IE6 and IE7.  The problem is not specific to a particular user location as it has been experience by users from several quite distinct organisations. Since both versions of the application, HTML and Flash are explicitly sending the data via POST, the changing of POST to GET must be occuring either within the browser or by something at the server end prior to the data reaching the script.

    As I have been able to find no other occurrences of this problem reported on the web so far, it may be specific to the data that is getting posted.  Briefly, the data is around 1K in length, and consists of sequences of comma-separated numbers, textual comments, some data markers surrounded by angled brackets, a few $ signs, a few forward slashes and a few @ signs.  The problem occurs when this data is POSTed either as a single variable (in the Flash version of the application) or as a number of distinct variables in the original version.

    As mentioned in my earlier post, we first started seeing this problem around 10th May, shortly after the recent IE updates.  Aside from the IE update, absolutely nothing has changed from previously when it was working unproblematically (and had done so for six years).  For this reason, we suspect either the IE update as the principal candidate for the cause of this (though if by chance our ISPs have updated Apache over this period, that is also a candidate).

    As before, any further news about similar problems would be greatly appreciated.

  68. SS says:

    "My RSS feeds in IE7 have not been automatically updating since updating my computer with this update (along with the other recommended updates for May).  I’m running Windows XP Pro SP2.  Is anyone else experiencing this problem or is my problem being caused by something else?  Thanks"

    I’ve resolved this problem.  I’m not sure if this update brought about the problem, but evidently there was an issue with my local feed cache.  If anyone else is having a problem with the RSS feeds automatically updating, the Knowledge Base article at explains what to do.

  69. Tom says:

    With regard to the http post we are having the same problems.  They are intermitent in nature and occur on some clients while not on others.  We experience them with dropdowns, command buttons, and text.  The problems started after we installed the May 2007 patch.  We tried removing the patch but are still getting the problems.  The web page just hangs up.  Like the above comments from the other user, our code has been in production without a single problem.

    Any help is appreciated.