IE June Security Update is Now Available


The IE Cumulative Security Update for June 2007 is now available via Windows Update. Alternatively, you can receive this and all other Microsoft updates via the new Microsoft Update. I encourage you to upgrade to Microsoft Update if you haven’t already to ensure that you receive the latest updates for all Microsoft products.

This update addresses  5 remote code execution vulnerabilities and 1 spoofing vulnerability. For detailed information on the contents of this update, please see the following documentation:

This update is rated “Critical” for IE 5.01, IE 6 Service Pack 1 on Windows 2000, IE 6 for Windows XP, IE 7 on Windows XP and IE7 in Windows Vista. For Windows 2003 Server with IE6 or IE7, this update is rated “Moderate” due to Enhanced Security Configuration.

As a reminder, IE security updates are cumulative and contain all previously released updates for each version of Internet Explorer.

I encourage everybody to download this security update and other non-IE security updates via Windows Update or Microsoft Update. Windows users are also strongly encouraged to configure their systems for automatic updates to keep their systems current with the latest updates from Microsoft.

Terry McCoy
Program Manager
Internet Explorer Security

edit: title correction; changed “Server Configuration” to “Security Configuration”

Comments (32)

  1. TMaster says:

    Notice: the June 2007 CSU does not appear to address the vulnerability found via this page:

    http://it.slashdot.org/article.pl?sid=07/06/05/0046258

  2. ie developers says:

    REQUEST FOR TOPIC:

    ==================

    Subject: Public Bug Tracking

    Content: When, Where

  3. carlos b. says:

    [quote]

    REQUEST FOR TOPIC:

    ==================

    Subject: Public Bug Tracking

    Content: When, Where

    [/quote]

  4. anonymous says:

    Shouldn’t Vista not require updates like this, or have a lower rating?  I thought it’s verion of IE7 was supposed to be more secure because of the OS it runs on.

  5. luc says:

    Remote code execution on Vista has no critical impact on the system because UAC

  6. Keith says:

    After installing this update on Vista, I could no longer browse the internet. I could resolve addressed, but could not reach any addresses using IE. I rolled the updates back and am now fine. Has anyone else had this problem?

  7. steve says:

    @luc, you are implying that all users are using UAC.  Since I’ve only heard horror stories of annoyance and errors, I suspect the rumors are true, that well over 75% of users have turned it off.

    steve

  8. luc says:

    @steve

    you heard horror stories from trolls. UAC is the best, no other OS has a so good implementation

  9. Jeff says:

    I have found the same connect problem with the auto update for june on the internet explorer using windows xp.I ran the system back to the previous day and all is fine.I have tried this twice and the same results happen. Does anyone have or know of the fix?

  10. Ken says:

    I believe this latest update is causing problems with viewing on-line videos including from MSN.com.  Even the advertisements.  When they play, audio is fine, but all I get is a big grean box where the video should be.  Any suggestions??????

  11. jkb2007 says:

    –After june 13th updates IE 7 :

    1-Conflicting behaviour with Flash

    2-Conflicting behaviour with sun java

    3-Pointer stucks and roams erratically

    4-Moving the mouse whilst the pointer

    is glued causes browser window resizes

    also changes desktop icons

    positions

    5-It is like an alien entity

    hijacked the pc

    6- Only functioning windows key on the keyboard

    and manually up and down alternating keys to

    either shutdown or restart OS

    7-For now these are the issues experienced

    as not much time has been spent

    yet but still to come a lot of

    troubles

  12. luc says:

    I noticed a speed improvement in IE7 for Vista, after I applied this patch

  13. dev says:

    Hey,

    I am trying to develop a simple web-app which will have Javascript signing of text. I was wondering whether you could tell me of some way of doing stuff similar to crypto.signText of Mozilla… so that the user signs text using his browser’s crypto store.

    Regards,

    duryodhan

  14. richard emery says:

    I have been searching forums to help me…I have now come to the conclusion that the latest security updates are causing a problem with IE7 and Flash. IE7 keeps closing down. There is a conflict here…..

  15. Ket says:

    Following the update IE7 does not display pages at all, although the Internet connection is present (I am writing this via Firefox)

  16. richard emery says:

    sorry, I should have added my details…I am running vista (home premium). I have uninstalled flash (using adobe uninstaller prog from their website) and then reloaded flash. It is Flash9c.

    Still crashing IE7….is it Flash9c or is it security update??? I think it is the security update because the log points to that timing.

    I have now disabled flash….rollon final version of safari…

  17. richard emery says:

    sorry, I should have added my details…I am running vista (home premium). I have uninstalled flash (using adobe uninstaller prog from their website) and then reloaded flash. It is Flash9c.

    Still crashing IE7….is it Flash9c or is it security update??? I think it is the security update because the log points to that timing.

    I have now disabled flash….rollon final version of safari…

  18. Dale Wade says:

    I too have had problems with both Outlook and IE7 under Vista Home Premium after the June 13th upgrades.

    I first noticed that I hadn’t received any email after early on June13th.  Tried to send/receive and the connection to the Charter mail server failed.  Called Charter and they said they were ok.  Suspeced an update and checked, sure enough there was an update the morning of the 13th.  While trying to diagnose and fix the problem I found that uninstalling Norton Internet Security or rolling back the Outlook 2007 patch would fix the connectivity problem to Charter.  Note that I did not have to change the Outlook account settings.  It’s definitely the patch.

    Whilst trying to browse my bank site with IE7 to pay some bills I found that I couldn’t access secure sites.  Finally just decided to back out all of the June 13th updates and everything seems to be as it was the day before. I’ve also now disabled auto-update and am waiting to see what Microsoft has to say before updating further.

  19. Adsa75 says:

    Same issue, IE7 can no longer browse the internet after 933566 is installed, uninstall it and all works well again.

    Is there a fix yet?

  20. Since applying this update (last night), IE has slowed to a crawl and does not load the imaages on many web pages. It seems to only affect certain web sites such as CNN, CNET.com

  21. Carol says:

    I am unable to use IE because of the update.  I spent 7 (yes, seven, I am not a techie)hours yesterday doing every fix listed in Microsoft, doing a system restore to a week earlier, deleting IE7 (going back to IE6), and still can’t use IE.  Help, please!

  22. Jimmy says:

    Microsoft has a big problem with this security update. Half of the computers in my company have automatic update active and installed this security update. Now none of those can use internet explorer. I.E. 7 with this update give a DNS error. But all other software on the PC’s that use the Internet work fine. I am having to go back and manualy reinstall I.E.7 and turn off the automatic updates on their PC’s. Microsoft you Tech’s you need to get this issue fixed quick.

  23. Ben says:

    After installed this update, I.E 7 keeps crashing. I prefer IE much better than Firefox but I can’t tolerate with the blue-screen-of-death-liked that IE keeps throwing at me.

  24. Amber says:

    Microsoft, please fix this problem.  Several of websites I utilize require IE.  And, now I can’t use them.

  25. Mark says:

    I am also having issues with this update, as I cannot access certain, not all HTTPS websites, and if I roll back prior to June 13th all is well.  Nothing regarding this issue has been listed by Microsoft on their site!  

  26. Mustapha says:

    For people having problems navigating to sites, can you list a few of these sites? Also which platform are you seeing this on?

    For people seeing IE crashes, does the crash repro in IE7 in no add-ons mode? (to run IE in no add-ons mode go to Start | All Programs | Accessories | System Tools | Internet explorer (no add-ons). If you see no repro in no add-ons mode, then the crash is most likely is in one of the add-ons installed on your system.

  27. allorge1 says:

    I can’t access any website.  Sometime when I type in my website and press enter it seems that IE searches documents, not internet.

  28. Eduardo Valencia says:

    We need a new build of IE&,firefox 3 will be out soon with new features!

  29. Mustapha says:

    allorge1, have you checked your LAN Settings? Set your LAN Settings to "Automatically Detect Settings" from Tools | Internet Options | Connections | LAN Settings.

  30. Bill says:

    This update crashed both my Outlook and IE7.  Working with Microsoft to correct this problem was a 26 business hour nightmare.  Thankfully I did not have to pay the $49.00 an hour charge to correct the problem.  Most of the fix attempts seemed to cause further problems which bounced me from department to department.  More often that not seemed to think that this update was not the cause of my problem especially with the IE& department.  The last fellow that I spoke with is the IE^ deparment finally said that this update was a problem for both IE and Outlook in that they were connected with both appplications in some way.  I was told that it would take two to three weeks to correct this update. I also think that MS should work on the time it takes when they transfer you from one department to another. One time it took over 48 minutes on hold to reach the next person who was not able to help me.  Is this a tactic used by MS to get you to hang up? You would think that the Program Manager, MS Internet Explorer Security would pay some attention and react to this blog where the problems with this update seemed to show up almost immediately.    I will never trust automatic updates again.  I will always google them a week after they come up to be sure that there are no problems installing them.  Since MS did fix my problems by mid afternoon yesterday (I starteed with the on Friday) I would rate this experience a F+.  The + is because my system works again.

  31. allorge1 says:

    All connections are set up correct.  IE did 2 auto-updates yesterday and everything is working properly now.

  32. SUC says:

    @Eduardo Valencia

    the Internet Explorer 8 Beta is set to begin when Vista SP1 ships later this year.