IE April Security Update Now Available


The IE Cumulative Security Update for April 2009 is now available via Windows Update or Microsoft Update.

This update addresses four privately reported vulnerabilities and two publicly disclosed vulnerabilities. The security update addresses these vulnerabilities by modifying the way that Internet Explorer searches the system for files to load, performs authentication reply validation, handles transition errors when navigating between Web pages, and handles memory object. For detailed information on the contents of this update, please see the following documentation:

This security update is rated Critical for Internet Explorer 5.01 and Internet Explorer 6 Service Pack 1,  Internet Explorer 6, and Internet Explorer 7 running on all supported editions of Windows 2000, Windows XP and Windows Vista.  For Internet Explorer versions running on all supported editions of Windows Server 2003 or Windows Server 2008, the update is rated Important.  For Internet Explorer Beta products, download locations are available in the Knowledge Base Article. 

IE security updates are cumulative and contain all previously released updates for each version of Internet Explorer.

I encourage everybody to download this security update and other non-IE security updates via Windows Update or Microsoft Update. Windows users are also strongly encouraged to configure their systems for automatic updates to keep their systems current with the latest updates from Microsoft.

Terry McCoy
Program Manager
Internet Explorer Security

Comments (51)

  1. qualitydirectory says:

    It’s pleasing that this critical security update finally arrived after a long wait.

  2. …and this is why IE8 should be opt-OUT by default.

  3. boen_robot says:

    Is IE8 RTW (on all systems?) not affected by those issues?

    One more reason I’ll install it on every computer I come across then.

  4. Korina says:

    Hi,

    Can someone help please?

    IE8 not working, can’t get into it.  Everything else seems fine.  Can’t access Internet Options either.  Bith IE8 & IO flash up for a second then disappear!  Absolutly any advise would be fantastic.

    Thanks

  5. Korina says:

    Hi,

    Can someone help please?

    IE8 not working, can’t get into it.  Everything else seems fine.  Can’t access Internet Options either.  Bith IE8 & IO flash up for a second then disappear!  Absolutly any advise would be fantastic.

    Thanks

  6. To Korina says:

    @Korina

    On your start menu, go to (all) programs, then accessories, then system tools, and find "Internet Explorer (No Add-ons)". Try running that and see if it works.

    If it does, then you have a bad add-on. You’ll want to go into the manage add-ons interface and disable the bad add-on. To track it down, you can disable all of them, and then start enabling them until internet explorer starts acting up again.

    If that doesn’t work, then you’ve got other issues with your install. You might have a malware infection.

  7. Korina says:

    Thanks so much.  Will give that a try, think it could be Malware though.  What would the best course of action be if it is Malware?

    Thanks.

  8. boen_robot says:

    @Korina

    A Windows reinstallation. Some might suggest getting some malware cleaning tools, but you should really be an advanced user to know how and which one(s?) to use… and even then, there’s no 100% guarantee it will work.

    The best course of action would be (in that order) – back-up your data, reinstall Windows (or ask someone else to do so if you can’t), install IE8, go to Windows Update and download all updates, install antivirus software. I’d reccomend Avira AntiVir as a good *free* antivirus (there are many payed ones, including ones from Avira, but I don’t have an opinion as to which is best), update the antivirus, scan your system for malware, and if all is OK, restore your data.

  9. Korina says:

    Thanks so much for your help.

    🙂

  10. SiSL says:

    Sadly, every problem IE8 has on users are caused by 3rd party add-ons, toolbars and other silly extensions.

  11. Don Reba says:

    Yet, it is still IE’s fault, SiSL. Reliability of its extension model is Microsoft’s responsibility.

  12. Roman says:

    "For Internet Explorer Beta products, download locations are available in the Knowledge Base Article."

    What beta products? There aren’t any beta products anymore… OR ARE THERE? 8=]

  13. hAl says:

    @John A. Bilicki III

    You think the IE8 should be OPT-out by default because it is not affected by any of the security isues in this bulletin ?

  14. Terry McCoy [MSFT] says:

    @Roman

    Windows Vista SP2 and Windows 7 are both still in Beta.

  15. Terry McCoy [MSFT] says:

    @boen_robot

    Internet Explorer 8 is not affected by any of the vulnerabilities addressed in this release.

  16. hmm, did someone say firefox…?

  17. Sprinkle says:

    After installing IE8 and doing this several times, to attempt to fix the problem, it still exists.

    When I start IE8 normal, or without any addons, I get the following error:

    The instruction at "XXXXXXX" referenced memory at "XXXXX".  The memory could not be "written".

    Click on OK to terminate the program

    Click on CANCEL to debug the program

    In the event viewer, it shows:

    Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x001ba360.

  18. Zam says:

    Why is IE8 jerky when viewing some animeted gif files like this one:

    http://i43.tinypic.com/302p18x.jpg

  19. Login says:

    This update addresses four privately reported vulnerabilities and two publicly disclosed vulnerabilities. Thanks for the great stuff.

  20. Anonymous says:

    Pertaining to:

    http://blogs.msdn.com/ie/archive/2009/04/14/ie-april-security-update-now-available.aspx#9552144

    I found out the problem.  It was Anonymized and the IE Protected memory option in IE.

    See here:

    http://www.anonymizer.com/consumer/support/

    Which states:

    Anonymous Surfing and Internet Explorer 8

    Updated: April 8, 2009

    Posted: Nov 18, 2008

    Anonymous Surfing is currently supported and compatible with Internet Explorer 7. To use Internet Explorer 8 with Anonymous Surfing it is necessary to uncheck the box “Enable memory protection to help mitigate online attacks” . This is found by going to Tools-> Internet Options-> Advanced. In Windows Vista it is necessary to Right click Internet Explorer and Run as Administrator. Please note Internet Explorer 8 will not be fully supported until a new version of Anonymous Surfing is released.

  21. Rakesh says:

    Thanks for telling about the IE security updates.

    I will install it for better performance of computer.

  22. @hAL

    IE8 should download by default where (from the wording) you have to opt-in. Unless I’ve got it backwards? But yeah if people were updated to the latest versions of their software (minus corporates who used the delay tool or whatever) things would be better overall.

  23. hAl says:

    Than I understand what you mean.

    In fact I noticed on the combination of Vista with IE8 there was no critical security update this month for me to download.

    Mayby make Vista an mandatory update as well…

  24. Joe says:

    Why is Internet Explorer so far behind Google Chrome?  I’m not a Google fan at all but, come on, it is just so much more intuitive to use and the interface just looks so much nicer.  Please, your next browser has to really up the ante – IE8 just doesn’t cut it.  Why doesn’t it automatically provide search suggestions?  

  25. Dan says:

    Zam, I don’t know why you’ve created a 2+ megabyte animated GIF and renamed it to .JPG, but it looks fine on my computer.

    Joe, maybe you missed the memo, but IE’s search box DOES provide search suggestions.  Simply add a provider (google, live, etc) with suggestions and away you go.  IE also has images in search suggestions, which is pretty cool.

    Don Reba, crappy Firefox addons break Firefox too (Google for Firefox slow or Firefox crash).  Simple fix: Don’t install crappy addons, for either browser.

  26. JD says:

    Application error caused by iexplore.exe module urlmon.dll ver 8.0.6001.18702 error address: 0x0003e819

    0000: 41 70 70 6c 69 63 61 74   Applicat

    0008: 69 6f 6e 20 46 61 69 6c   ion Fail

    0010: 75 72 65 20 20 69 65 78   ure  iex

    0018: 70 6c 6f 72 65 2e 65 78   plore.ex

    0020: 65 20 38 2e 30 2e 36 30   e 8.0.60

    0028: 30 31 2e 31 38 37 30 32   01.18702

    0030: 20 69 6e 20 75 72 6c 6d    in urlm

    0038: 6f 6e 2e 64 6c 6c 20 38   on.dll 8

    0040: 2e 30 2e 36 30 30 31 2e   .0.6001.

    0048: 31 38 37 30 32 20 61 74   18702 at

    0050: 20 6f 66 66 73 65 74 20    offset

    0058: 30 30 30 33 65 38 31 39   0003e819

    0060: 0d 0a      

    IE8 crashes opening sites like http://www.vonage.com

    I’m using Flash Player 10.0.22.87.

    IE8 crashes launching it in "no addons" mode too.

  27. Michael Wez... says:

    Make the following UI changes in IE8 or IE9

    The Back and Forward button should have Favicon inside the Circle buttons If the page doesn’t have a favicon the default should be a circle Node not an arrow. The Home icon should be a Circle with a favicon also.

  28. gabe says:

    @ Michael Wez i disagree the arrow is far more usefull

  29. Olivier says:

    @JD : I just visited http://www.vonage.com and IE8 didn’t crash.

    I’ve the same Flash player has you do, but I haven’t seen any Flash on the page.

  30. Zam says:

    @Dan, i uploaded it as a gif file but i guess tinypic changed extension or something.

    open it up in firefox 3 and see how faster it is compared to IE8.

  31. JD says:

    @Olivier: I have this problem on two machines (XP and Vista). It seems to be a quite common issue:

    http://www.google.com/search?q=urlmon.dll+0003e819

  32. hAl says:

    @JD

    Which security/anti-malware software are you using ?

  33. JD says:

    Simply Avira Antivir PE, Advanced System Care 3 and SpyBot 1.62

  34. Ray M says:

    IE 8 is a big disappointment.  Yahoo games (such as spades) no longer work.  The facebook picture loader/active X control will not install.  I finally got Adobe flash player to install, but not from the main download page.  It just locks up IE 8.  I even installed this on a fresh new XP system and have the same exact problems.  To add insult to injury, it also seems to run a bit slower.

  35. Ray M says:

    IE 8 is a big disappointment.  Yahoo games (such as spades) no longer work.  The facebook picture loader/active X control will not install.  I finally got Adobe flash player to install, but not from the main download page.  It just locks up IE 8.  I even installed this on a fresh new XP system and have the same exact problems.  To add insult to injury, it also seems to run a bit slower.

  36. hAl says:

    @JD

    Both Spybot and Advanced Systems Care can overpopulate your restricted sites list.

    Have you switched of the features of both tools doing that and emptied your IE8 restricted sites list ?

  37. ficus says:

    @Anonymous

    your instructions will make IE8 unsafe. Don’t follow them.

  38. Francine Houle says:

    April 17, a little before midnight, Microsoft update on Vista; many applications no longer work, control panel is empty, cannot access internet from that machine. Sending this on a Mac! I am restoring to previous date and hoping for the best. Not the first time an update has such an effect. Why can’t Microsoft test its updates properly before letting them loose o the world?

  39. Dan says:

    Francine, rather than whining on the IE team’s blog, you should probably contact Microsoft Product support, since they can actually help you.  http://support.microsoft.com

  40. Giancarlo says:

    IE7 on Win XP after install MS09-014 don’t work. IE7 display blank window for any web sites, in XP the Guide and Support is impossible and is display the error

    mshtml.dll image not valid.

    If uninstall the MS09-14 all rework fine.

  41. Stefan says:

    Did install IE8 on a clean XP SP3 with all updates (Swedish lang.). Everything goes in s-l-o-w-m-o-t-i-o-n !!! IE8 is pure crap ! I restored the computer to IE7, no problems. Installing IE8 again – same error…another restore and everything works fine. Test the sh*t before You release something… =(

  42. Dan says:

    Stefan, the moderators are probably going to come delete your comment; foul language (even self-censored) violates the standards of this blog.

    You almost certainly have a buggy addon or possibly are using SpyBot, and that’s causing your performance issue. IE8 is faster than IE7.

  43. JD says:

    @hAL: I just verified that the problem refers to Zedo (www.zedo.com). When Zedo is in "Restricted Sites" list IE8 crashes. I had no problem with IE7.

    WHY IE8 CRASHES? As I said, these crashes with pages that use Zedo code seem quite common!

  44. hAl says:

    @JD

    I added *.zedo.com to the restricted sites (it was the only entry) restarted IE8 and visited vonage.com with out crashing.

    I can still visit zedo.com though (seeing restricted sites in the status bar).

    Your anti malware software might use the resitricted sites list in IE8 as a blocking list and have more strict blocking on it ?

  45. Olivier says:

    @JD : ok, I didn’t know the problem was from zedo.com which was blocked on my computer.

    I unblocked it and added it in the restricted sites. Visiting zedo.com is OK.

    Visiting vonage.com is impossible : domain blocked by my company… :-/ I’ll try tonight at home.

    PS : On this computer I’ve Spybot 1.6.0.

  46. Laurence says:

    We are using Zedo.com to show adv banners on our website. We are also receiving some e-mail from readers that cannot access our website with IE8 final (the browser always crashes).

    The clients use many configurations (for example many totally different Internet security suite) so we weren’t able to establish the offending application/libraries/functionalities…

    However we know that removing *.zedo.com and http://www.zedo.com from IE8’s restricted sites list, users can visit our website with IE8 again. If they add *.zedo.com and http://www.zedo.com, IE8 crashes again.

    We were not able to reproduce the issue. 🙁

  47. Glen says:

    @hAl: "and emptied your IE8 restricted sites list" uhm yeah. Have you tried to erase 3,000 listings from the restricted zone dialog box?

    It will take you about a week – the interface for this action is horrible.

    There’s a registry hacker application out there that will wipe them all clean for you – but I can’t recall where I saw it.

  48. hAl says:

    @Glen

    To remove all sites from the restricted sites list:

    http://www.mvps.org/winhelp2002/DelDomains.inf

  49. Olivier says:

    @JD : I’ve just tried today at home with : XP SP3, IE 8.0.6001.18702, Flash 10.0.22.87, Spybot 1.6.2 (with thousands or URL in the restricted zone).

    zedo.com is unblocked on my proxy and it is present in my restriction zone : IE didn’t crash when visiting http://www.vonage.com.

    On Vonage.com, the only element grabbed from zedo was this image : http://c7.zedo.com/img/bh.gif?n=162&g=20&a=361&s=1&l=1&t=r

  50. Mark says:

    Thank you so much Laurence!! Removing zedo.com from restricted sites, IE8 does not crash anymore.

    BUT WHY DOES IE8 CRASH WITH A SUCH SETTING? I never experienced this trouble with IE7 and IE8 RC.

    I’m using PC Tools Interne Security (6.0.0.383)