IE April Security is Now Available

The IE Cumulative Security Update for April 2008 is now available via Windows Update. Alternatively, you can receive this and all other Microsoft updates via the new Microsoft Update. I encourage you to upgrade to Microsoft Update if you haven’t already to ensure that you receive the latest updates for all Microsoft products.

This update addresses 1 remote code execution vulnerabilities. This security update addresses this vulnerability by modifying the way Internet Explorer handles HTML and validates data. For detailed information on the contents of this update, please see the following documentation:

This update is rated “Critical” for IE5.01, IE6 Service Pack 1 on Windows 2000, IE6 on Windows XP, IE7 on Windows XPSP2 and IE7 in Windows Vista, IE6 on Windows Server 2003, and IE7 on Windows Server 2003.

As a reminder, IE security updates are cumulative and contain all previously released updates for each version of Internet Explorer.

I encourage everybody to download this security update and other non-IE security updates via Windows Update or Microsoft Update. Windows users are also strongly encouraged to configure their systems for automatic updates to keep their systems current with the latest updates from Microsoft.

Terry McCoy
Program Manager
Internet Explorer Security

Comments (17)

  1. Tester says:

    Is IE8 Beta 1 not affected by the security bugs? I need to know, because if it is, I’m gonna uninstall IE8 Beta 1 and go back to IE7 with this month’s security update, can’t take any chances.

  2. IE8 Beta 1 is NOT affected by these issues. We incorporated the fixes before release.

  3. sonicdoommario says:

    To the IEBlog:

    Windows Update keeps freezing on me before I have the chance to choose Custom or Express updates. Another friend of mine did this and it froze. Also, I tried running with no add ons and it froze.

    Is this a problem on your end that you’re aware of?

  4. Glen Fingerholes says:

    Tony, how long have you guys been sitting on the fixes?

  5. @sonicdoommario

    Are you still having the issue? It seems to be resolved at least now.

    I can confirm that there have been some -ehm- delays right after the updates has been made available on Windows Update. But these delays aren’t caused by the updates themself since they also occured on systems that did *NOT* have the updates installed. Looking into the "windowsupdate.log" will indicate delays while checking the signatures of Windows Update Agent components:

    2008-04-08 21:00:21:202 3500 590 Misc Validating signature for

    2008-04-08 21:00:21:442 3500 590 Misc Microsoft signed: Yes

    2008-04-08 21:00:42:613 3500 590 Misc Validating signature for

    2008-04-08 21:00:42:623 3500 590 Misc Microsoft signed: Yes

    2008-04-08 21:00:42:673 3500 590 Misc Validating signature for

    2008-04-08 21:00:42:693 3500 590 Misc Microsoft signed: Yes

    2008-04-08 21:00:42:883 3500 590 Misc Validating signature for

    2008-04-08 21:00:42:903 3500 590 Misc Microsoft signed: Yes

    2008-04-08 21:01:12:886 3500 590 Misc Validating signature for

    2008-04-08 21:01:12:916 3500 590 Misc Microsoft signed: Yes

    So I’ld assume there have been issues on the Windows/Microsoft Update sites end which were not related nor caused by to the updates themself.



  6. BigBen says:

    After installing MS08-024 it will take several minutes for pages to load in IE7. While investigating the problem it turned out that this was caused by the google toolbar.

    Disable the google toolbar restores normal behaviour for IE7.

    Reinstalling the google toolbar (to ensure latest version 4.0.1602.1060) did not resolve the problem!

  7. sonicdoommario says:


    I’m not having the issue anymore, so I’m back up to date. Yay. 🙂

  8. Marc Derksen says:

    The update includes a fix for KB944397. Our web application assumed the previous behavior and now displays all sorts or errors.

    Is there a way to (temporarily) suppress the effect of 944397?

    The article mentions a feature FEATURE_THROW_NESTED_EXCEPTIONS_KB944397, but it doesn’t seem to work anymore. Maybe the name of the feature has changed?

    I realize that disabling this feature is not a permanent solution but it will help us getting our customers up and running again.

  9. Chris Hird says:

    I install all fixes as standard practice,  I also send feedback for all Microsoft errors which occur.  I have been having significant problems with IE7 where it would not close down and I had to result to using Task Manager to force an end of the program. Every time this occurred I sent off the information to MS. This has now been fixed by the latest update because it no longer connects to the internet at all! I am now trying to re-install the product and its fixes to see if this resolves it. My question is what is the point in sending out information when a product fails as IE7 has been, if you never hear back from MS as to whether its a problem with the OS or the environment its working in?

    This recent problem didn’t even give me the opportunity to send info in, it simply stopped serving any pages.  I am posting this note using Firefox which has been flawless and Opera also works just fine?


  10. @Chris Hird

    The issue may be related to third-party "security software" installed on the system:

    Which Windows version are you running IE7 on?

    Do you have a huge amount of entries in the "Restricted Zone" of IE?



  11. Monk says:

    My computer automatically downloaded and installed the April security updates the other day and after restarting, promptly stopped connecting to the internet. I’m still on XP w/IE 7 and each time I would troubleshoot my wired connection it tells me:

    Windows cannot connect to the Internet using HTTP, HTTPS, or FTP. This is probably causedby firewall settings on this computer.

    Check the firewall settings for the HTTP port(80), HTTPS port (443, and FTP port (21).

    It then says I might need to contact my Internet service provider (why and tell them what?) or the manufacturer of my firewall software (which is you, Microsoft) My other problem is, I turned off the firewall and it still doesn’t work. I restored to the day before and all is well. Anyone out there have any insight into this?????

  12. @Monk

    The issue may be related to third-party "security software" installed on the system:

    Which third-party firewall software are you using? Please name the exact product name and version.



  13. Blackymetal says:

    Our Web application used to work before this update on IE7, we use prototype.js  when we try to set a position with setStyle this simply doesn’t work, how can i avoid this update?

  14. gbarr7 says:

    I’ve been having the same problem that Monk and Chris have reported.  The April 8 update ("Hotfix for Windows IE & KB947864") loaded and now I cannot connect to anything on the internet.  I’m not a super-techie, but finally decided to uninstalled the update (from Add/Remove Programs in the Control Panel), disable my Windows Auto Updates, and now I’m OK.

    I’m on Windows XP, am using "Norton Security Online provided by ATT/Yahoo Online Protection", provided by my ISP.  Your reference to 3rd party firewalls is apparently not valid since Monk indicated he (she?) is using Microsoft’s firewall.

  15. @gbarr7

    I’m pretty sure it’s Symantec’s "Norton Security" to blame for the issue you ran into (once again). Have you double checked that it isn’t blocking the new version of iexplore.exe which comes with every new version of any cumulative update for IE7? See

    As for "Monk", he may use a antivirus application which does block iexplore.exe.

    An please reconsider to install KB947864 once again to not be affected by the security vulnerabilties which are fixed by KB947864.



  16. Gayle says:

    I followed the instructions in the link you provided, but they were incomplete.  After an hour of complete inability to access the internet (still without the 4/8 "fix", by the way), I am back on the internet, but too frustrated to continue.

    I was working fine without the "fix", now I need to re-establish all my program rules just to access the internet as I was able to on 4/7.  If I can get stable internet usage for a week, I’ll try to reload the "fix", but I’m keeping "auto updates" turned off until that time.

  17. Hi Gayle,

    sorry to hear you’ve issues with Symantec’s applications. I would recommend to uninstall "Norton Internet Security" completely, enable the Windows Firewall instead and use a free AV application (Avast Home Edition, Avira Antivir Free or AVG free for example) instead. You may want to use the "Norton  Removal Tool"

    to get rid of the "Norton" suite though.