IE February Security Update Now Available


The IE Cumulative Security Update for February 2009 is now available via Windows Update. Alternatively, you can receive this and all other Microsoft updates via the Microsoft Update. I encourage you to upgrade to Microsoft Update if you haven’t already to ensure that you receive the latest updates for all Microsoft products.

This update addresses two privately reported vulnerabilities. The security update addresses these vulnerabilities by modifying the way that Internet Explorer handles the error resulting in the exploitable condition. For detailed information on the contents of this update, please see the following documentation:

This security update is rated Critical for all supported versions of Internet Explorer 7 running on supported editions of Windows XP and Windows Vista.  For Internet Explorer 7 running on Windows Server 2003 and Windows Server 2008, the security update is rated Moderate. For Internet Explorer Beta products, download locations are available in the Knowledge Base Article. 

IE security updates are cumulative and contain all previously released updates for each version of Internet Explorer.

I encourage everybody to download this security update and other non-IE security updates via Windows Update or Microsoft Update. Windows users are also strongly encouraged to configure their systems for automatic updates to keep their systems current with the latest updates from Microsoft.

Terry McCoy
Program Manager
Internet Explorer Security

Comments (10)

  1. Robear Dyer, MS MVP says:

    <QP>

    For Internet Explorer Beta products, download locations are available in the Knowledge Base Article.

    </QP>

    I don’t see them in KB961260 Revision 1.0, Terry

  2. Terry McCoy [MSFT] says:

    ~robear dyer

    The links are in-fact missing. We will work to get that problem resolved.  

  3. Patcher says:

    If you’re running IE8 on XP SP3 or Vista SP1, it’s easier to just update to IE8 RC1. For Win7 users running that older build of IE8(pre Pre-RC1?), the patch is below.

    Win7 x86

    http://www.microsoft.com/downloads/details.aspx?FamilyID=ac779505-3e59-43a7-9252-ccefec93bf89&DisplayLang=en

    Win7 x64

    http://www.microsoft.com/downloads/details.aspx?FamilyID=008cf3aa-2bc2-4451-a525-a04991005eb0&DisplayLang=en

    There’s updates for Win Server 2003/2008 and Win 7 server/2008 R2, but I’m not gonna link those, you can still find them on MS Download Center if you want.

  4. Frustrated Developer says:

    Finally figured out why Web Slices DO NOT WORK.

    Since IE sends the GET requests to attempt to update via its RSS user-agent (which has no session matching the one I’m browsing with)

    Therefore I get ZERO UPDATES because the RSS user-agent gets a redirect due to not being authenticated.

    So I looked in the properties dialog for some sort of auth. options… tada! there is a username/password option… bingo!

    So I type my details in, and… Nada!

    still gets redirected to the login page, and doesn’t login.

    So now I’ve got 2 questions:

    1.) How is this username/password supposed to work?… cause I don’t think it works.

    2.) As a developer, do I have to do something special to make my login pages more accessible to web slices?

    Currently I see Web Slices as a big flop if they can’t handle logging into a site, or at least sharing any open sessions from the browser.

    e.g. I’m on my companies "project/sales  management" web application, which of course requires a login (every site I care about requires a login) but as I move about the site, I don’t see updates on the specific project I’m tracking with my web slice.

    Is there documentation that goes beyond the limited MSDN docs on this?

    Frustrated Developer

  5. Robear Dyer, MS MVP says:

    Thanks, Terry. KB961260 Revision 2.0 now has all of the download links.

  6. Terry McCoy [MSFT] says:

    Thanks Robear for bringing that to our attention.  

  7. randal says:

    @Frustrated Developer – I feel your pain too.  None of the Web Slices I created for my application work either.

    I have no intention of exposing a GET request URL to the slice that contains the username/password just to get around this bug so it looks like I’ll have to drop Web Slices until this is fixed.  Too bad though, because conceptually I really liked the idea.

  8. Catto says:

    Hey Now,

    Windows Update time.

    Thx 4 the info,

    Catto

  9. Mike says:

    In:

    http://support.microsoft.com/kb/961260

    …There are still links missing for IE7 on W2K8SP1 ("S-P-ONE").