IE June Security Update Now Available


The IE Cumulative Security Update for June 2008 is now available via Windows Update. Alternatively, you can receive this and all other Microsoft updates via the new Microsoft Update. I encourage you to upgrade to Microsoft Update if you haven’t already to ensure that you receive the latest updates for all Microsoft products.

This update addresses 1 remote code execution vulnerability and 1 information disclosure vulnerability. This security update addresses these vulnerabilities by modifying the way Internet Explorer handles HTML and validates data. For detailed information on the contents of this update, please see the following documentation:

The security update is rated Critical for Internet Explorer 6 Service Pack 1; Internet Explorer 6 on supported versions of Windows XP; and Internet Explorer 7 on supported versions of Windows XP and Windows Vista. The security update is rated Important for Internet Explorer 5.01 on Microsoft Windows 2000 Service pack 4, and Moderate for all other supported releases of Internet Explorer. 6

If you are currently using Internet Explorer 8 Beta 1 for Developers, please see Microsoft Knowledge Base Article 951804 for update details. 

As a reminder, IE security updates are cumulative and contain all previously released updates for each version of Internet Explorer.

I encourage everybody to download this security update and other non-IE security updates via Windows Update or Microsoft Update. Windows users are also strongly encouraged to configure their systems for automatic updates to keep their systems current with the latest updates from Microsoft.

Terry McCoy
Program Manager
Internet Explorer Security

Comments (27)

  1. Tester says:

    Dear IE Team,

    What about KB938127 for IE7 on XP SP3 deployments? Still no updated installer so it will actually install on XP SP3? And the security bulletin is not updated to mention the caveats on XP SP3. This is starting to be ridiculous, how long does it take to re-release the security update? I would like to remind that it’s rated CRITICAL on the security bulletin.

    http://www.microsoft.com/technet/security/Bulletin/MS07-050.mspx

  2. Lionel says:

    Terry,

    Your post suggests that the update for IE 8 beta 1 will not be distributed via Windows Update, but it is not completely clear.  Could you please state it explicitly?  Thanks.

  3. Name says:

    [Dear IE Team,

    What about KB938127 for IE7 on XP SP3 deployments? Still no updated installer so it will actually install on XP SP3? And the security bulletin is not updated to mention the caveats on XP SP3. This is starting to be ridiculous, how long does it take to re-release the security update? I would like to remind that it’s rated CRITICAL on the security bulletin.

    http://www.microsoft.com/technet/security/Bulletin/MS07-050.mspx]

    According to http://support.microsoft.com/kb/946480/ the patch for security bulletin 07-050 is included with Service Pack 3.

  4. Terry McCoy [MSFT] says:

    @Lionel

    The update is only available from the Microsoft Download Center.  If you are running IE8, you should download and install these updates.

  5. Terry says:

    Cumulative Security Update for IE 7  for Windows XP (KB950759). I download it, and then I can never log onto IE. I cannot open my home page either. Why does it do this???????

  6. anony.muos says:

    First KB938127 was forgotten to be included in XPSP3. I can confirm from the actual file version number. Also, IEteam, installing the June IE7 Security Update on XP with the /B:SP3QFE or /B:SP3GDR switch is broken. For most updates, I use this switch and although without using this switch it installs fine on XPSP3 just like XPSP2, it only contains the SP2QFE/GDR branches defined, so my scripts all break when using the SP3QFE/SP3GDR switch.

  7. anony.muos says:

    Also does KB951978 apply to IE7 or not? It does not install on IE7 on XPSP3 and gives an error although my installed version is older than the one included in KB951978.

  8. rc says:

    OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY! OPACITY!

  9. Stifu says:

    @rc: I’m not sure that really helps our case, you know…

  10. Terry McCoy [MSFT] says:

    @someone

    KB951978 does not appear to affect Internet Explorer because IE is not listed in the Affected Software section. However, the KB is not clear in some places on which operating systems are affected.  I will followup with the KB owners on this.  

  11. Terry McCoy [MSFT] says:

    @someone

    The IE7 XP package would need to use the /B switch with either SP2GDR or SP2QFE.  If you notice in the expanded package, there is no SP3GDR/SP3QFE.  This is because of the process that is used to create the updates.  

  12. Greg says:

    I’m running IE 7.0 on XP SP2 and I’m getting: The version of Internet Explorer you have installed does not match the update you are trying to install.

    when installing KB950759.

    Irontically the IT team here on campus has a util that keeps telling me I need to update this… or else…

  13. anony.muos says:

    IE Team, KB938127 is a VML security KB, why wasn’t it updated on this month’s patch cycle?

  14. Shauntu says:

    At home, I have the IE8 Beta 1 installed, and after the Tuesday Windows Updates from 6/10 auto-applied, both IE8 Beta 1 and Live Mail Desktop have developed a strange problem: Live Mail Desktop, when run, shuts down before displaying any email, and IE8 (running in Emulate IE7 mode) shuts down if I try to expand any folders in the RSS Feed view (which I would need to do to open RSS Feeds that are organized in folders).

    The thing is, the shut down is extremely fast, no hanging. There is no prompt to send crash data either. When IE8 is restarted, it does ask if I wan’t to go back to last session though. Current problem thus is that I can’t use my organized RSS feeds anymore.

    I tried System Restore to before the 6/10 patches, and the problem has NOT gone away. I downloaded and installed Windows XP SP3 manually (it hadn’t shown up in Windows Update on that computer yet), and the problem has NOT gone away. Without the ability to send in the crash data, I decided to bring up the problem here.

    Thanks,

    Shauntu

  15. Jennifer says:

    June 10 2008, Terry wrote: "Cumulative Security Update for IE 7  for Windows XP (KB950759). I download it, and then I can never log onto IE. I cannot open my home page either. Why does it do this???????"   I downloaded the same and now IE7 won’t access the internet at all! I give up. IE7 is off my PC for good! Firefox never has these problems.

  16. Shauntu says:

    Problem fixed: The ‘expand folder containing RSS feeds and IE7 crashes, and Live Mail Desktop always crashes at startup’ problem is fixed. I ended up realizing that it was one specific folder that had the problem, and even trying to delete it would cause the sudden crash.

    So I went to userLocal SettingsApplication DataMicrosoftFeeds and deleted the folder there. One of the feeds in it was ‘in use’ (it was a ‘Monitor in Favorites Bar’ feed). Removed it from the monitor bar. I was then allowed to delete the folder.

    And behold, Live Mail Desktop now starts up without crashing too! I guess I will re-subscribe to those feeds…

  17. Jim Pollock says:

    REPEATING:

    # re: IE June Security Update Now Available

    Friday, June 13, 2008 3:13 PM by Jennifer

    June 10 2008, Terry wrote: "Cumulative Security Update for IE 7  for Windows XP (KB950759). I download it, and then I can never log onto IE. I cannot open my home page either. Why does it do this???????"  

    I have the same problem.  After installing the update, I get DNS errors.  My network adapter is working properly, as Outlook and IM programs still operate correctly.  For now I have uninstalled the update, but am concerned about leaving my PC vularable to the Remote Access risk corrected by the critical security update.

  18. Adi says:

    Same problem with KB950759 – instalation stops IE working – comes up with res://ieframe.dll/dnserror.htm#

    Switched off Panda firewall and it worked – So uninstalled KB950759 switched the firewall back on and IE works!

    So when is someone going to fix the update as it obviously doesn’t work

  19. Terry McCoy [MSFT] says:

    @Adi

    You should use the instructions documented in http://support.microsoft.com/kb/926431 to help diagnose connection issues.  

    The issue you might be encountering might have more to do with the firewall.

  20. Mike says:

    Curious – I read the issues below and I have the same thing, can’t even open IE7 – hourglass flashes and disappears – but why no answers to this problem.  This happened to me once before as it related to a prior update and someone ran me through an extensive process of changing registries or something like that.  What about a quick fix?? C’mon.

    June 10 2008, Terry wrote: "Cumulative Security Update for IE 7  for Windows XP (KB950759). I download it, and then I can never log onto IE. I cannot open my home page either. Why does it do this???????"   I downloaded the same and now IE7 won’t access the internet at all! I give up. IE7 is off my PC for good! Firefox never has these problems.

  21. Ted says:

    Adi: To say what Terry won’t, the problem is that Panda is too stupid to release that the new iexplore.exe is the legitimate IE executable (as the hash got updated).  Ask Panda how they’re going to fix that.

  22. Pork Chop says:

    I run Vista Home Premium and the KB950759 update is junk. IE stopped working and I followed the MS step by step troubleshooting guide and NOTHING! The only way to get IE working again was to uninstall the said update. This needs to be fixed…I only run Vista Certified software. Go figure. I want my XP back!!!

  23. Touwanda says:

    Hi,

    I am having a problem with KB950759 as well. When I go to microsoft downloads, there are two identically looking downloads, both called the same and as far as I can tell with the same description. However, the downloaded files have different names and different sizes:

    WindowsXP-KB950759-x86-ENU.exe (4,719,144 bytes)

    IE7-WindowsXP-KB950759-x86-ENU.exe (8,914,472 bytes)

    The first fails to install saying "The version of Internet Explorer you have installed does not match the update you are trying to install." The second runs much further giving me the install wizard and the license agreement and then fails right after the license agreement saying "Files from the package are incompatible with files on your system."

    My system is a windows XP professional OEM installed from a CD with SP3 and all current security updates slipstreamed into it. It’s preactivated using the OEMBIOS.* method. IE7 itself was installed using this command line:

    D:SetupIE7-WindowsXP-x86-enu.exe /passive /update-no /nobackup /norestart

    from the [SetupParams] section in the winnt.sif file (equivalent to the unattend.txt but for CD installs as far as I know)

    Can anyone shed some light on this?

    Also as a side note: when I run the upgrades with /? they claim to have an /integrate option similiar to what windows XP security updates have, but I presume thats for slipstreaming them into the main IE7 installation?! If so can anyone point me to some info on how to do that?

    Thanks a lot in advance

  24. George says:

    I had same problems with IE not working after 6/10/08 updates.  Firefox works fine so it is not a connection problem.  It is elated to IE and these updates.  Restored system to 6/9/08 and IE works fine.  I’l wait until MS gets its act together.

  25. Ted says:

    George: You almost certainly have a buggy 3rd party firewall installed.  see http://support.microsoft.com/kb/926431

  26. Dallas says:

    KB950759

    I install the update restart my computer then five minutes after working on windows the same update appears. i have installed it 5 times already and it still keeps popping up…however i am not experiencing any problems with Internet Explorer…..  why.. help please? I am running windows xp

  27. IEBlog says:

    Today we released the IE June Cumulative Security Update for Internet Explorer 8 Beta 1 for Developers

Skip to main content