IE 9.0.11 Available via Windows Update

Microsoft Security Bulletin MS12-071 – Critical

This security update resolves three privately reported vulnerabilities in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

This security update is rated Critical for Internet Explorer 9 on Windows clients and Moderate for Internet Explorer 9 on Windows servers. For more information, see the full bulletin.

Recommendation. Most customers have automatic updating enabled and will not need to take any action because this security update will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually. For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871.

For administrators and enterprise installations, or end users who want to install this security update manually, Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service.

  • Tyson Storey, Program Manager, Internet Explorer
Comments (35)

  1. Nacimota says:

    I currently have the IE10 Release Preview on Windows 7 which was recently released. Am I correct in assuming this vulnerability is not present in this version of IE? The security bulletin only lists IE10 for Windows 8/RT/Server 2012 in the non-affected list; the pre-release version of IE10 for Windows 7 does not appear to be listed anywhere on the page.

  2. Yannick says:

    @Nacimota – Since Internet Explorer 9.0.11 is released on the same day as the IE10 Release Preview, probably, this is already patched.

  3. I love Metro style says:

    Please complete the release of Wave 5 updating Windows Calendar to the new interface metro. I can not see such inconsistency of styles. Metro is beautiful.

  4. David says:

    Not showing up for me??? Windows 7 X64, IE 9.0.8, All updates installed

  5. @David says:

    Check the "Update versions"; the second line.

  6. Enterprise says:

    I have a question about future browser versions.

    In the Compatibility View settings menu, the option "Display intranet sites in Compatibility View" defaults to checked.  Will there be a future version of Internet Explorer, perhaps IE11, which keeps the option but has a default setting of unchecked?

    I hope so, it will help intranet applications shift to web standards, and allow them to do so at their own pace.

    Many thx.

  7. WbDvlpr says:

    Will IE EVER work right? I mean all of it? Why other browsers work on W3C standards and NONE of IE versions seems work right? If I meet any of U I'll punch U in the face!

  8. Jackie says:

    @WbDvlpr, IE complies with W3C and ECMA (JavaScript) standards. In fact, Microsoft is one of the first organizations complying with these standards back in 1997 (when W3C was established at the time of IE4). And you consider yourself as a "web developer"? For starters, try out the official ECMA test on every browser you know of and compare the conformance results. As of today, the scores out of 11571 are:


    Pass: 11563 | Fail: 8

    Firefox 16.0.2

    Pass: 11400 | Fail: 171

    See how IE punched Firefox in the face?

  9. gabriel morrow says:

    id like to know how/what changed to intruduce this secuirty bug into ie9 since ie8 was not effected etc that be intresting to know

  10. PhistucK says:

    @Enterprise –

    Intranet sites use compatibility mode as long as they do not add the X-UA-Compatible header with ie=edge as its content. It is a single line (either as a meta tag or as an HTTP header) that says, "hey, I know about this compatibility thing, let me use the latest anyway".

    So I do not think that the fact that it is not the default is a real obstacle here.

  11. Mark says:

    How many usability experts does it take to determine Windows 8 is an Epic Failure?

    Just 1.…/windows-8.html

    Jakob Nielson breaks down all the flaws with Windows 8 and indicates how it is a major regression for everything Microsoft ever did to make Window(s) a great platform.

    Its just sad that Microsoft threw away years and years of research just to get a tablet to market and try and gain some traction.

  12. Arieta says:

    Will memory usage be improved in IE10 for Win7? Right now it shoots up to 1gb+ in an hour or so of browsing. It seems to never empty any displayed content from memory, or it's just leaking ram outright (I haven't tested for that). IE9 used much less memory.

    Also, there is a bug when if IE runs out of video card ram, it'll start drawing blank graphics and images will just display the "not loaded" empty frame. This happens in IE9 too.

  13. Tim says:

    I got a MicroSoft surefarce for testing but I have to say the experience is pretty disappointing so far.

    Browsing the web is slow and the rendering is not as nice as on any Apple or Android device – are you guys not using WebKit for your metro browser?!

    The gestures are ok once you learn them but man they are really un-discoverable!

    Testing our apps was a pain too… Since there is no debugging for metro and the dev tools on the desktop are still 2-3 generations behind firebug and web inspector.

    It isn't obvious in metro what is a button or clickable vs plain text or static graphics – a big sign of a lack of usability experts in your dev process.

    Overall I'd rate the microsoft surefarce 2 out of 10 stars.  It was a very good alpha attempt at a tablet but unfortunately the major issues with it just make it a pain to use.

    Is there a way to quickly drain the battery before I put it into storage?

  14. @Tim says:

    It's pretty obvious you're trolling

  15. Ron Cope says:

    I have a new computer and want to access BBC iplayer but havbe not got the p[rogram to do it please help

  16. Brianary says:

    Only strawman criticism gets past moderation here?

  17. Brianary says:

    @Jackie: That test is incomplete, as it says, and only for ECMAScript.

    For a more complete picture of HTML5 support, see or…/desktop.html

  18. Brianary says:

    Personally, my biggest frustration with the IE team is the complete disregard for HTML5 Forms support.

  19. @Brianary says:

    lol @ tests showing "complete" picture. Please. Go educate yourself first.

  20. @Arieta says:

    Good question, IE9 memory usage wasn't great for me after it had been open a while, but IE10 is looking even worse so far on Windows 7, not sure how it is on Windows 8.  It used to be Firefox that had the bad reputation for memory usage but for me current versions of Firefox seem to use much less memory than IE10.  Hope there will be some improvement before final version, but since IE10 doesn't have as far as I know any equivalent to about:memory it is much more difficult for anyone outside the dev team to try and help track down the issues.

  21. PhistucK says:

    @Brianary –

    While they have implemented a lot (half? maybe more? not sure) of HTML5 Forms, which is a very good start – I agree that Internet Explorer still lacks a lot HTML5 Forms support.

  22. PhistucK says:

    *a lot of

  23. Rex says:

    The biggest failure was Microsofts lack of an HTML5 date control!

    I would not have even shipped a single tablet without it! That's the major product failure.

    (Well that and the usability failures of a dual OS with zero discoverability in the one that is brand new! — Steve Krug would slap you with a wet fish if given the chance!)

  24. Casey says:

    This new patch introduces a potential security exploit and with just CSS, JS, and HTML I can crash the browser every single time I execute a particular set of events. This is code that works fine in IE7,8 and IE9-pre-patch. Who do I talk to about this?

  25. gabe says:

    @casey…/ff852094.aspx read that

    also not all crashes are a secuirty exploit

  26. Brianary says:

    I said "more complete". As in "more complete than an incomplete test of a small part of the specs that make up HTML5."

    Please educate me! Or at least let me know what you're on about.

  27. Brianary says:

    @PhistucK: Yes, I'm glad validation, datalist, several new form CSS selectors, autofocus, pattern, and placeholder will be in IE10 for future generations. There isn't any sign of date inputs (!), scoped styles, or oninvalid eventing, though.

    Unfortunately, my organization is still using IE8.

  28. Brianary says:

    I love that spam and abuse gets through just fine, but critique is disallowed.

  29. @Brianary says:

    Probably due to a long standing known issue with comments here that MS doesn't seem interested in fixing.  If you are not signed in and have had the blog page open for too long, any comment you enter will be lost.

  30. vanvoorde says:

    okay all rights

  31. winston says:

    I am running Windows 8 pro

  32. Ale P. says:

    After upgrading IE to 9.0.11, a couple of my pages get an alert at the bottom "A problem displaying localhost caused internet explorer to refresh the webpage using compatibility view", and it refreshes my page using compatibility view. This is not acceptable for the end user, not only it refreshes the page, but when working with tabs or jquery dialogs, it loses track of where the user was. IE 9.0.10 works fine. I have nothing special in my page besides some simple jquery, jquery ui controls, and in one of those 2 pages I have a RadAjaxPanel and a RadScriptBlock. The rest of the pages are working fine. Any ideas of what could be causing this or what should I look for in my code?

    Thank you!

  33. Typhoon87 says:

    Are there any non security updates in in this update?

  34. SBaron says:

    After a pc crash, restored pc to original factory condition.  IE 7 is installed on Windows Vista Home Premium.  I have tried several times to download IE 9 without success.  Error: IE not supported …get updates.  After getting windows updates, still unable to download IE 9.  Now I am not receiving all emails sent to me.  Should I download IE 10 instead?  Please advise.