IE 9.0.10 Available via Windows Update

Today we released
Security Update MS12-063
to address limited attacks against a small number
of computers through a vulnerability in Internet Explorer versions 9 and earlier.
We also released
an update
that addresses vulnerabilities in Adobe Flash Player in Internet
Explorer 10 on Windows 8. The majority of customers have automatic updates enabled
and will not need to take any action because protections will be downloaded and
installed automatically. For those manually updating, we encourage you to apply
this update as quickly as possible.

Microsoft Security Bulletin MS12-063

This security update resolves one publicly disclosed and four privately reported
vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow
remote code execution if a user views a specially crafted Web page using Internet
Explorer. An attacker who successfully exploited any of these vulnerabilities could
gain the same user rights as the current user. Users whose accounts are configured
to have fewer user rights on the system could be less impacted than users who operate
with administrative user rights. This security update is rated Critical for Internet
Explorer 6, Internet Explorer 7, Internet Explorer 8, and Internet Explorer 9 on
Windows clients and Moderate for Internet Explorer 6, Internet Explorer 7, Internet
Explorer 8, and Internet Explorer 9 on Windows servers. Internet Explorer 10 is
not affected. For more information about the vulnerabilities, see the
full bulletin
. This security update also addresses the vulnerability first
described in
Microsoft Security Advisory 2757760

Recommendation. Most customers have automatic updating enabled and will not need
to take any action because this security update will be downloaded and installed
automatically. Customers who have not enabled automatic updating need to check for
updates and install this update manually. For information about specific configuration
options in automatic updating, see
Microsoft Knowledge Base Article 294871
. For administrators and enterprise
installations, or end users who want to install this security update manually, Microsoft
recommends that customers apply the update immediately using update management software,
or by checking for updates using the
Microsoft Update

Microsoft Security Advisory (2755801)

Microsoft is announcing the availability of an update for Adobe Flash Player in
Internet Explorer 10 on all supported editions of Windows 8 and Windows Server 2012.
The update addresses the vulnerabilities in Adobe Flash Player by updating the affected
Adobe Flash libraries contained within Internet Explorer 10. For more information,
see the advisory.

—Tyson Storey, Program Manager, Internet Explorer

Comments (24)

  1. man man says:

    There was no fault.

    I will consider it as a report.

    The version was also reflected exactly.

    Thank you for the quick action.

    It is Windows 7.

  2. Gkeramidas says:

    I have issues with your ie updates. i'm running windows 8, but it happened in windows 7, too.

    after I install ie updates, you reset all of my bing search settings to defaults. I have to go in and change my safesearch settings and turn suggestions back off.

    Then, after I click ok, I'm returned to the bing homepage and then have to click the preferences button again to go in and change the web preferences to open links in a new browser window and limit my search to english. I set these on purpose and don't expect them to be changed every time you do an update.


    1. don't reset my ning search settings.

    2. on the preferences page, don't return to the bing homepage after clicking on save. stay in preferences.

  3. Xero says:

    @Gkeramidas, this is something we call IE amnesia –>…/ie-amnesia-forgets-all-user-preferences. This also happens when the system crashes, or there is power loss and system shut down unexpectedly, IE crashes unexpectedly (not always in this case).. The user-preference retention is somehow highly dependant on the "Saving Settings" when you shutdown windows! NEVER HAPPENED WITH FIREFOX or any non-IE browser.. Like it said, its termed as IE amnesia.

    Use case : "To ensure the user that their cookies are saved when they save them."

    Apparently IE team at Microsoft don't think its the issue worth spending time on (if you read the comments under the aforementioned bug report)

  4. Xero says:

    I have discovered another issue with IE9. I am working on steps of reproduction. If someone wana contribute, be my guest.

    So far, I have:

    Reproduction steps:

    1.Go to…/microsoft-hardware-announces-sculpt-comfort-keyboard.aspx

    2. You will find five images of the recently introduced keyboard for Windows 8 by Microsoft hardware.

    3. The "alt" and "title" attributes of all images except the first has spaces in it after "SONY DSC    "

    <img title="SONY DSC                       " alt="SONY DSC                    " …

    4: Click on the last four images.

    Expected result:

    The images should "always" open in next page

    Actual result:

    About 70% of the times I get "Internet explorer has stopped working". When this happen if I try again and again on the same image, it yeilds another nastiest tab crash error with the URL res://ieframe.dll/,…/microsoft-hardware-announces-sculpt-comfort-keyboard.aspx

    (The ieframe.dll/acr_error makes the current tab forgets the navigation history and we cant go back… which makes Windows Internet explorer the worse piece of software ever written by humanbeing!)

    Visual Studio 2010 Debugger results:

    Popup 1 "Unhandled exception at 0x77b8e6c3 (ntdll.dll) in iexplore.exe: 0xC0000374: A heap has been corrupted."

    Popup 2 "Windows has triggered a breakpoint in iexplore.exe. This may be due to a corruption of the heap, which indicates a bug in iexplore.exe or any of the DLLs it has loaded. This may also be due to the user pressing F12 while iexplore.exe has focus. The output window may have more diagnostic information."

    Output Window:

    The thread 'Win32 Thread' (0x1658) has exited with code 0 (0x0).

    The thread 'Win32 Thread' (0x17d0) has exited with code 0 (0x0).

    The thread 'Win32 Thread' (0x179c) has exited with code 0 (0x0).

    The thread 'Win32 Thread' (0x162c) has exited with code 0 (0x0).

    The thread 'Win32 Thread' (0x1754) has exited with code 0 (0x0).

    The thread 'Win32 Thread' (0x16a0) has exited with code 0 (0x0).

    Unhandled exception at 0x77b8e6c3 (ntdll.dll) in iexplore.exe: 0xC0000374: A heap has been corrupted.

    The thread 'Win32 Thread' (0x165c) has exited with code 0 (0x0).

    The thread 'Win32 Thread' (0x1674) has exited with code 0 (0x0).

    The thread 'Win32 Thread' (0x158c) has exited with code 0 (0x0).

    First-chance exception at 0x7593b9bc (KernelBase.dll) in iexplore.exe: Microsoft C++ exception: Js::JavascriptExceptionObject at memory location 0x02dbc460



    [PS, there's seriously something wrong with this comment textarea using IE9. Type two or more sentences, press Ctrl+Z, then again Ctrl+Z, then Ctrl+Y and see how it'll twist your text. Do the same in Firefox and you will realize "Oh its nothing wrong with the website.. yet another IE bug! nothing new.."]

    @ieblog, now you may ignore and/or delete this comment..

  5. Xero says:

    For the record I have reported three bugs in the last comments. I contribute bug reports whenever I find one. But looking at the years old bugs at Connect website, IE teams attitude of ignoring and yawning when someone report them bugs on Connect (and they tag it "By Design") and IE team's (or the entire Microsoft's) policy of being just "fair enough" (as opposed to "kill the crappy bugs once forever" agenda) sometimes compels me to join the anti-IE league.

    The E of Internet explorer used to be a brand.. in most parts of the world, E is going down in favor of G

  6. George says:

    @Xero – Interesting bugs (Can't test them, I upgraded to Windows 8 last month). However, the last two have been fixed in IE10. Well, at least on Windows 8 RTM. And most people don't know what a privacy hole Chrome is.

  7. Mitsuha says:

    Microsoft shoul clarify whether or not IE on Windows Phone 7 devices are affected.

  8. prashant bamne says:

    Very nice

  9. Lee says:

    @Mitsuha – they could but why waste the effort to inform the 13 users that have a Windows phone?! Just let the users upgrade to a better phone… Heck the users can't even update to windows 8 so why bother fixing a dead phone?!

  10. @Lee says:

    We as the 15 million Windows Phone owners using IE9 still like our Phone more than any  of the 150 million android 2.3 phones using the crappy android browser

  11. Yannick says:

    @'@Lee' – That's so true! By the way, aren't there more than 15 million Winodws Phone users?

  12. George says:

    @Lee & @Yannick – Yeah! A happy former owner of HTC Titan, a very happy owner of a Lumia 900 and an extremely excited owner-to-be of a Lumia 920 here! 😀

    @Mitsuha – WP 7.5 devices use the same layout engine as IE9, but otherwise different software. No, they're not affected.

  13. Mitsuha says:

    @George – I tried to use metasploit against IE on WP7, and it became very unstable. For example, after opening exploit page, it crashed when I tapped 'favorite'.

    Heap seems to be in inconsistency state, or corrupted. So I think it is also vulnerable.

  14. Eduardo Valencia says:

    Please,release Internet Explorer 10 for Windows 7!

  15. Urgent wish says:

    Please,release Internet Explorer 10 for Windows 7!


    1.Beta Version(Octorber)

    2.Release candidate(November)

    3.Final Version(December)

  16. great bug in windows xp says:

    in the windows xp start up exist one big bug !

    when i install visual studio 2010 or some softwares , windows start up become very slow ?!

    i can open my computer but don't allow to run antivirus and firewall or i can't open visual studio for 3 or 6 minutes !

    all this softwars await to run windows security alert .…/ke44mm8vf8hvgdfc9cv.png

    also this problem don't allow to user to open and connect to internet and web browser.


  17. Dale says:

    Can someone please clarify – is the Windows Phone vulnerable to this zero day IE security hole? or is it safe because it isn't really an IE9 browser (which explains why surfing on a Windows Phone is like torture).

    Also will Windows Phone 8 devices also suffer from this? or are they getting the full IE10 "metro" browser thus safe but stuck in usability hell?

  18. Block says:

    I have been blocked out of my hotmail account and do not even could re-intall IE9. The message indicate that IE9 could not open a "log" file. The account was hacked and was sending emials to all my contacts.

    How do I could install a new IE9 and fix the account issue? any suggestions?.   Using Win 7 Home Premium

  19. Victoria says:

    I noticed it.  I am having problem with Window Updating.  Can't figure it out.  I noticed yellow Question on bottom telling me to updating and I have done it.  It seem Window Update failed.  Wonder why.

  20. new zeroday! says:

    IE had information that new brittleness was found in all the versions.

    It is said that the before corresponding thing is on a separate charge.

    Please let me enough for a patch this month.

    Even so, it is found well.

    Is IE10 OK?

  21. new zeroday! says:

    It changed between comments.

    The administrator needs to delete.

    Thank you for your consideration.

  22. @great bug in windows xp says:

    its not the bug. You have turn off antivirus. Turn it on and plug the internet cable and try again.

  23. great bug in windows xp says:

    IT'S NOT TRUE.first install vs2010 then exam this problem.

    some API 's run after windows complete start up.

  24. Mihai says:

    I would suggest a major update/upgrade to IE9 . Uninstall it and install firefox, chrome or safari !