Internet Explorer is releasing an out-of-band update available via Windows Update. Alternatively, you can receive this and all other Microsoft updates via the new Microsoft Update. I encourage you to upgrade to Microsoft Update if you haven’t already to ensure that you receive the latest updates for all Microsoft products.
This update addresses one remote code execution vulnerability. The security update addresses the vulnerability by modifying the way Internet Explorer validates data binding parameters and handles the error resulting in the exploitable condition. For detailed information on the contents of this update, please see the following documentation:
This security update is rated Critical for all released versions of Internet Explorer.
I encourage everybody to download this security update and other non-IE security updates via Windows Update or Microsoft Update. Windows users are also strongly encouraged to configure their systems for automatic updates to keep their systems current with the latest updates from Microsoft.
Terry McCoy
Program Manager
Internet Explorer Security
Where is the patch for IE8 Beta 2 and IE8 Partner Build 18343 Pre-RC1? I’ve search through the Security Bulletin article and the KB article and not even 1 link to this supposedly available patch for IE8.
@Patch: I was able to download the B2 patch (Security Update for Internet Explorer 8 Beta 2 for Windows Vista (KB960714))from Windows Update one hour ago (the patch was released 2 hours ago, as far as I’m aware). I can’t say for any Pre-RC versions.
Could some brave soul let Mike Reavey know that – at the last count – there was still more than a single [MS] security partner. Or maybe I got that wrong? "over 24 different security partner’s products".
@Patch
For IE8 Beta 2, the Downloads are still going live right now. They will be avaiable today.
For those participating in the IE8 Technical Beta Program, a new Partner build is available that addresses this issue.
@Martin Harvey
Mike is correcting the post now.
Terry – that was quick and impressive. These comments ARE acted on! [Hope the messenger wasn’t shot – I know what you NRA-types are like on your side of the big pond 🙂 ]
does this also apply to IE Mobile on Windows Mobile 6.1?
@alamfour
You should contact your mobile phone provider to see if there is an update available.
What is the build number for the fixed Partner Build release thats no longer vulnerable?
When will it be released through WSUS?
MS08-078 for IE8 Beta 2 is also available via the Microsoft Update Catalog: http://catalog.update.microsoft.com/v7/site/Search.aspx?q=kb960714
Should IE8b2 patch be up for Vista 64 bit with SP2 beta? Or is SP2 beta+IE8b2 not affected?
IE Beta 2 has a much faster starting time on my machine than it used to. Was this just a security update or did something else additionally get changed?
It was literally taking longer than Firefox 3 (with 15 add-ons installed). As it would sit there for up to 10 seconds before the UI became responsive.
THIS SUCKS! I updated and now NOTHING on my computer will open up without a pop-up that says (encountered a problem (said program) needs to close
I applied the update and when I tried to do ANYTHING on the internet the window just froze and nothing loaded. I had to go through system restore to get the internet back. What Gives!!
No update for IE8 Beta 2 in Vista SP2 Beta?
I agree with Jan Dzikowski… Terry – where is the patch for IE8b2 on Vista SP2 machines?????
The IE8b2 for Vista patch says it "does not apply"
Dear IE team, my feeds still not showing its favicon even I have te latest build of IE8 Partner Build!
image:http://img67.imageshack.us/img67/9828/46993780fu5.jpg
What of us old school system users before the 2000/XP/Vista Generation? I use IExplorer 6 Sp1 and find no applicable update to protect my system from the exploit.
My machine is already compromised and I’m finding no resources to correct the intruders ability to control my pc other than my Nortons web security firewall, with no gaurenteed certainty.
The new IE8 Partner build is 8.0.6001.18344. It contains the fix to this critical security bug. The previous build 8.0.6001.18343 is vulnerable.
Pre 2000 OS, you’re out of luck, MS stopped supporting and releasing updates for Win9x 2 years ago. Switch to another browser.
@Toni Albrecht: likely you have an incompatible extension. Go to Start, Accessories, System Tools, Internet Explorer (No Add-Ons). If it works, go to Manage Add-Ons and disable everything. Now enable them one at a time and see what breaks it. If you’re very unlucky it may be a combination of add-ons.
Adobe Flash, QuickTime, Sun Java and Adobe Reader are security bugfests. You MUST keep them up to date, in any case, or uninstall them. I would also strongly recommend uninstalling all toolbars: Google, Windows Live, MSN, Yahoo; the IE7 search box is adequate.
I also disable three of Sun’s Browser Helper Objects: anything called ‘SSV’ and also one that recently appeared, ‘JQSIEStartDetectorImpl’. Recent versions of Java also install a ‘Java Quick Starter’ service which is pointless and counterproductive (Windows will swap out the ‘preloaded’ files under memory pressure anyway). I’ve disabled that, too.
@ABE: I had something similar recently. It usually means something else trashed a system file (in my case, it appeared to be a Java update). Typically they shipped a Windows DLL with their install package which isn’t meant to be redistributed, and it was the wrong version. This may not have been incompatible with earlier versions of IE, but now is: it simply isn’t possible to test with all combinations of libraries.
Best approach – if you can get it to do it – is to run "sfc /scannow" to check and repair system files, assuming you’re on Windows XP or earlier. Windows Vista has a different approach to protecting system files that shouldn’t even allow it to happen, but sadly idiots are inventive and I’ve seen them asking how to do it on developer forums.
If even sfc won’t start – possible – then you’ll probably need to do a repair install of Windows.
Remember that all Microsoft security updates have FREE SUPPORT. Go to support.microsoft.com and ask for it.
IE8 RC1 – Open in new tab – not work – Ony Connecting … and freez .
Owa 2003 ( Exchange 2003 SP2 with all updates ) – not work
Tested on Vista SP1 / SP2 beta and IE8 RC1
"Open in new tab" is, as Szymon said, not working anymore in the very last build 18344 (it was working on 18343).
Either Ctrl + click or right click > open in new tab, nothing happens after a new tab is created, it remains blank. It makes this IE8 build almost unusable :-/
@18344 – I run ME. Likewise, MS stopped support recent as August. Can’t run FF. Recommendations on alternative Browser?
Pre2kOS, Windows ME isn’t safe… period. There’s nothing that you can install that will make it safe, short of a newer operating system which was designed with security in mind. Sorry for the bad news, but anyone that tells you otherwise is a fool or trying to sell something.
@Dave – Is there a way to transfer my Emachine XP OS to a non Emachine? I couldn’t get the Emachine to set up a second HDD I installed in it.
IE has updated KB 960714 to include the supported patches for Microsoft Beta Products with direct links to the packages.
Sorry to possibly ask a question already asked…but what about the IE 8 RC1 that was just released about a week ago? I ran Windows Updates on my Vista lastnight and it picked up the patch. So, am I OK now? Or am I reading there is a new IE8 RC1 out already from last week again?
I hope I’m making sense.
Regards,
Bob
@Jan Dzikowski
@Glen
Security is the priority here. If you are running Vista SP2 Beta with IE 8 Beta 2, I suggest you uninstall one of the two beta products to get a patch that will make you secure. Vista SP2 Beta was not a released product when IE 8 Beta 2 shipped. Technical issues prevented us from building a patch for this particular scenario.
Ok, so I updated my XP SP3 – IE8 PR1 build to IE8 PR1-Build 8.0.6001.18344 today (with the whole uninstall, reboot drama)
Now, I load up IE8… and discover this bug (I’m not sure if it existed in the previous IE8 build)
1.) Open a brand new tab.
2.) Click on a Bookmark (Favorite) on your Links toolbar, *That is IN a folder*, that opens a page with a login form (e.g. Gmail), that AUTOMATICALLY places focus in the first field (e.g. username)
Opening the page ANY other way works, but in IE8 if you open the page from a nested link in your bookmarks IE gives the LOCATION Bar focus() AND select() and the form on the page gets NO focus.
Essentially this makes bookmarks a step backward in usability. 🙁
thanks
Fixing typo.
@Bob: Please keep in mind: IE8’s RC build will be released in the first quarter of next year. I suspect that you’re referring to the "IE Partner Build" which you downloaded from Connect as a member of the tech beta. This build is not patched by WindowsUpdate.
The Partner build should be uninstalled (v18343) and the new partner build (v18344) should be installed from Connect.
@Ant: We’re not able to reproduce the issue you’ve reported. Does this problem reproduce in no-addons mode? www.enhanceie.com/ie/troubleshoot.asp#crash
Eric,
Thank you for the quick reply.
Yes, the Partner Bulid is what I refer too. I will get the new IE Partner Build V18344.
Odd then why did Windows Updates on Vista grab the IE patch yesterday for me with me runningn the v18343 Partner Build?
Regards,
Bob
> IE has updated KB 960714 to include the supported patches for Microsoft Beta Products with direct links to the packages.
I see there’s package for Windows 7 but not Vista x64 >>SP2 beta<< and the non-beta one doesn’t install.
@drd: http://support.microsoft.com/kb/960714 has links to the update for IE7 on Windows Vista SP2 Beta.
For IE8 on Windows Vista SP2 beta, please refer to Terry McCoy’s comment above.
Question:
Why within IE6 and IE7 (haven’t tried IE8 because I don’t want to create another Virtual Image for it) if you are submitting a form with 1 input for text and 1 input for a submit button? It will only post the 1 input value and not the submit value.
Yet, if you have 2 visible input text and 1 input for submit. You will post both input text boxes and the submit.
Firefox and all the other browsers will POST the submit value when there is only 1 input text within the form.
Thanks for making me waste an hour to find that out.
Oh, I forgot to add that this is only when you hit the enter key from the input text and not by mouse clicking the submit.
@Terry McCoy
There is more than one Glen here. I also asked a question 😛 (and I didn’t have any add-ons installed for IE – so I don’t think a bad add-on was to blame).
@Mikey
Oh the joys of writing HTML for IE. The character set sent to the client can affect font behavior for INPUT controls. MSIE 8 will support defineGetter/defineSetter, but only for DOM elements (which is the exact OPPOSITE of what Firefox did with 2.0). Gotta love the ugly stretched buttons, and stupid pop-up behavior (open document in new window, IE blocks download, and closes window without showing the bar at the top – which can be worked around but is still annoying that I had to waste time working around it) too.
At least it doesn’t have the bizarre issue Firefox 3 seems to have with it’s pop-up blocker where it all the sudden breaks and starts blocking ALL pop-ups when it’s OFF (only fix seems to be restarting the browser).
Although not strictly related to the post I wondered, when new VPC images for IE6/7/8 will be available. All three of them expire on 25th of December.
@Glen Fingerholz: re: "bizarre issue Firefox 3 seems to have" – must be quite bizarre because this is the first time I’ve heard about it and Firefox 3 has been out for like 6 months!
As for the stretched buttons in IE, man am I ever glad they fixed that – it looked/looks horrible!
Hi this is the first time i am writing on a blog. I have vista IE and it is keep stop working. I have tried everything but noting seem to work. Can anyone give me some advice to what to do? Thank you
Mets
@Mets: Buggy addons are the number one source of crashes. Please see http://www.enhanceie.com/ie/troubleshoot.asp#crash for info on troubleshooting.
I have a little problem with the Beta 2 connect build (18343)… When I use middle click for the sensitive scrolling, if I push the mouse too far, it will automatically jump to the beginning/end of a page. The previous beta 2 (and all other IE versions) just scrolled really really fast, which is what I would prefer. The margin for the auto-jump-to-top/bottom is also very low, so I often do it accidentally, which can be confusing when reading a longer page.
Is this a bug, or intentional? If it’s intentional, is there a way to revert to the older way it was handled?
Thanks Terry and Eric. Greatly appreciate your response in regards to IE8b2 on Vista SP2.
It would have been good if the KB article actually stated this outright 😉
Cheers, Glen
I love the new IE 8, but one feature I find missing and love in other browsers is multiple rows for tabs. The new commands for the tabs are a step in the right direction and it is much faster than Beta 1
The IE8b2 for Vista patch says it "does not apply"
It was the most compatible thing Microsoft has done for IE. It worked in IE 5,6,7 and 8!
I guess the Washington snow will probably hinder Microsoft employees somewhat ?
nothing changed really. i ask myself when it will have the ability to handle plugins like FF
I’m spamming: same was posted in the previous "CSS corner" IE blog post. Still, I’ve spell-checked and expanded this one.
Having downloaded the Partners Build (I’m not part of the program), I’m happy – and not.
Happy:
– the "onDOMmodified" scrolling bug (all scrollings are reset to 0 on DOM modification, including CSS changes on pseudo-elements like :hover) is gone. Yay!
– the problem of disappearing generated content when there’s a lot of it on a page seems gone. Yay²!
– negative margins and text indents on generated content (that one was mine, better explained then reported by G. Talbot) not applied bug is gone. Yay cubed!
BUT there is now a new problem that these bugs used to hide:
– negative bottom margins are not properly applied on generated content when parent content is resized without being followed by a screen repaint
Updated, simplified, one-file-does-all (using embedded base64 encoded image) test cases: http://moneyshop.perso.cegetel.net/moneyshop/testcases.html
Please note: IE 8 is incredibly slow compared with other browsers that are installed in this virtual machine… Could it be caused by a bad relationship with the generic VESA driver?
…to add to my above comment, it seems that margins are wrongly removed/packed/collapsed in some cases. Try the third test case and watch the last paragraph’s placement: it jumps around when you refresh the screen.
@Alan Adı
For IE plugins go to http://www.ieaddons.com/
@hAl: Actually, some are heroically driving to work through the snows, while others are able to work remotely through our VPN/RAS network — we use the Internet for more than just browsing. 🙂
@Eric
I did not think the IE team trusted the internet well enough to use it for accessing their work 😉
@EricLaw [MSFT]
Hi Eric, as my users are coming from all the wonderful browsers such as IE6, IE7, and IE8 (soon). I was wondering if your team will be able to compile a list of "features" that have been switched from IE7 to the new IE8 beta in a easy to search list. It will allow me and others to know what behaviors have been changed between IE7 and IE8 instead of having to transverse the blog (which doesn’t explain all the changes. e.g. Javascript, CSS, and HTML differences). Will we get a change log for IE8 soon, or if it has already been published, where can I find it?
@Mikey – a change log? from Microsoft? for IE?
ROFLOL!
Oh man wouldn’t that be amazing! Like a complete list of all the changes so we know which things are now broken, which ones are fixed, and which ones were untouched.
If you’ve followed this blog (and the comments on it (and in the IE chats)) since July 21, 2004
http://blogs.msdn.com/ie/archive/2004/07/21/190687.aspx
Lets see, that would be (carry the one) 4 and a 1/2 years ago… you’d know that there is a 0.0000000367% chance of a change log being announced.
More importantly there likely won’t be one because it exposes everything that was actually broken.
Most of the PR work for IE8 talks about "moving towards better interoperability" type stuff, not: we fixed over 2 dozen DOM method calls to actually do what they are supposed to according to the specs.
Don’t get me wrong I think IE8 is full of progress for moving towards standards compliance however I have major doubts that there will ever be a change log.
Moreso I fully expect that when IE8 RTM launches, it will launch as: "IE8 the most standards compliant browser" since they will likely be closest to a full CSS2.1 spec in terms of coverage… but this won’t cover the "yeah but" stuff, where CSS is great and all but we’d like to be able to set w3c event listeners, set .innerHTML without errors etc.
As for right now, we still have to force IE7 rendering for our sites because they fall apart in IE8 in "standards" mode.
http://www.me.com/ doesn’t work in IE8 Beta 2 or Pre-RC1 18344.
Could someone please confirm if the middle click scroll bug I mentioned happens in build 18344, don’t want to reboot 3 times in case its not working, thanks.
I’ve noticed some webpages don’t work in IE7 since the latest update. I think there’s a problem with certain javascript code. Seems to run fine in Chrome.
Can you view http://www.ted.com for example? I get a "dojo is undefined" error.
Have tried turning security settings down, etc.
paul i have same problem here http://www.ted.com give an error
@Paul/Gabe: Looking at the network traffic from Ted.com using Fiddler2, the URL: http://www.ted.com/js/dojo/dojo-3572873149.js is currently returning HTTP/404.
This happens regardless of browser (and also occurs for the /css/safari.css file).
Peter, rather than posting a senseless rant like this, why not explain exactly what happens? Did you try the "Reset IE to defaults" button on the Tools / Options / Advanced screen?
Of course the security update is rated critical, it’s a Microsoft product. That’s not to say all MS products are bad, they’re just incredibly sloppy. The manager of this IE8 project needs to be sacked as they have already cost themselves in marketing and respect from the community. A humiliating beta release and nothing on any professional level since.
It’s not tricky, guys. Just BUILD A GOOD PRODUCT and people will take it. But you can’t, can you? It’s eternally sad, so many resources but not a drop to write good code with.
I’m sure there are fantastic programmers working on this project, but the person making the calls needs to be shown to the door because they are consistently destroying any credibility that IE8 had, before we’ve even seen an official release.
ALL WE WANT IS A BROWSER THAT LETS US LOOK AT WEB SITES AND MOSTLY PLAYS WELL WITH OTHERS.
PLEASE.
totally agree with Andrew. manager must dismiss
BUG Report:
IE 8 ver 8344 does not remember my login id and pw for Twitter.com even if I check mark the box "remember me".
Also, on Facebook, the online chat function does not work in this IE 8. Also, other "friends’ cannot see me online on facebook.com
Thanks,
Bob
@Mikey
> submitting a form with 1 input for text and 1 input for a submit button (…) will only post the 1 input value and not the submit value.
Mikey,
I reported and filed a bug at connect IE beta feedback for you baesd on your excellent description. It must be said that such bug had been filed before (see bug 362726) and was closed (not reproducible) on august 27th 2008 and the original bug reporter did not reactivate the bug.
connect.microsoft.com/IE/feedback/ViewFeedback.aspx?FeedbackID=389736
If you can visit bug 389736 webpage and vote for that bug, it would help…
Bug entry:
http://www.gtalbot.org/BrowserBugsSection/MSIE8Bugs/#bug204
http://www.gtalbot.org/BrowserBugsSection/MSIE7Bugs/#bug173
Season’s greetings,
Gérard
.*. .* *MERRY*CHRISTMAS!*
AND
.*. .* *HAPPY*New*Year 2009*
IE8 Partner Release 1 has a bug when zooming text content it chops things off..
See the 404 that was listed above..
http://www.ted.com/js/dojo/dojo-3572873149.js
when the 404 page comes up, zoom in 2, 3 or 4 times with [ctrl] + [+].
The top/bottom of many lines of text gets chopped.
(this happens on lots of sites, but this sample is the easiest to find/see.
It’s the first time, where i visit this Blog.
I come from Germany and wish all the best for
2 0 0 9 !
What about SVG support ? I read that IE8 will not support it ? But SVG is a standard and all the other browsers already support it !
GabrielH, if you look at the charts, no popular browser fully supports SVG. Various addons are available for each browser to add SVG support. The SVG standards are EXTREMELY complicated and add a lot of redundant functionality. They’re a good example of a poor standard.
Since this out of band update IE7 has been taking up way more memory then usual on both XP(work machine) and Vista(home machine) I realize I probably keep my windows open way longer then normal (either until they crash or time for the new months round of updates, so nothing has changed Eric 😉 )
I hope to hear this story with the 2 fake papers in IEEE Conferences.
One fake paper was accepted in an IEEE Conference in February 2008 and another 20 days ago.
More details:
http://iaria-highsci.blogspot.com/
http://tinyurl.com/7dbpeq
http://tinyurl.com/95r5sm
http://sites.google.com/site/ieeeconferences/