Security Advisory 2755801 Updated to Address Adobe Flash Player Issues


Today we released an update that addresses vulnerabilities in Adobe Flash Player in Internet Explorer 10 on Windows 8. The majority of customers have automatic updates enabled and will not need to take any action because the update will be downloaded and installed automatically. For those manually updating, we encourage you to read the advisory and apply this update as quickly as possible.

This update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash binaries contained within Internet Explorer 10. For more information, see the advisory.

— Wilson Guo, Program Manager, Internet Explorer

Comments (41)

  1. Anonymous says:

    Will IE10 Windows 7 RTM improve on the memory leak problems that the pre-release has? It seems that IE does not unload parts of the site that has been closed, and once the browser reaches 1gb size in RAM, it implodes on itself: first, pages will start missing stuff in them, and then the entire thing crashes. There have been reports of this happening in IE10 Win8 too, though…

    Pretty major issue, and I don't see it mentioned much…

  2. Anonymous says:

    Please, just release IE10 for Windows 7.  Break the annoying silence, Microsoft, and treat your loyal customers right.

    There was no response to my previous post about the reported memory leak problems with IE10.  It seems that nobody from Microsoft will respond to a genuine concern, i.e. I don't want to install a browser that might cause stability issues.

  3. stuart: your two points are contradictory

  4. Anonymous says:

    My two points are not contradictory.  I am stating that Microsoft need to release IE10 for Windows 7.  Also, there was no response to my post on the other topic regarding the IE10 memory leakage issues reported by others – memory leakage can cause instability.  There is no contradition here – these are two independent statements.

  5. Anonymous says:

    I'm using IE10  on Windows 7 since its launch. Never feel that memory leakage.

  6. pmbAustin says:

    @Arieta, it totally happens on IE10-Windows8-Desktop.

    Keep enough tabs open for long enough, and suddenly things will stop rendering, even to the point of things in common open dialogs not rendering (like black squares instead of file thumbnails).  It'll hobble along like that for a while until it just crashes, or until you shut down and restart IE.

    It happens constantly to me… many times a week.  Just leave half a dozen or a dozen tabs open, through sleep/wake cycles, and you'll see it eventually.

  7. Anonymous says:

    Well understood.

  8. Anonymous says:

    I've seen the memory issues too (and on desktop Windows RT there is a battery drain too when you have many tabs open)

    The latter is a big pain because the Meh'tro browser is so frustrating to use and fails so badly on so many sites.

    However the more important and more frustrating issue is of course the broken comment form on this blog.

    Luckily we now have a theme to add to all of our

    Posts.

    Until the blog is fixed!

    #MicrosoftReputation–;

  9. Anonymous says:

    I've seen the memory issues too (and on desktop Windows RT there is a battery drain too when you have many tabs open)

    The latter is a big pain because the Meh'tro browser is so frustrating to use and fails so badly on so many sites.

    However the more important and more frustrating issue is of course the broken comment form on this blog.

    Luckily we now have a theme to add to all of our

    Posts.

    Until the blog is fixed!

    #MicrosoftReputation–;

  10. Anonymous says:

    Microsoft decided to share all their products with the world: msdn.itellyou.cn

  11. Without specific repro steps for the alleged "leaks," Microsoft will be hard-pressed to reproduce and/or address the problem. I've been using IE10 on both Win7 and Win8 for many months without encountering any such problems (with one possible exception; see below). I do run the desktop browser without browser add-ons (a huge source of problems in general) and with Flash disabled except on a per-site basis.

    If browser UI elements are failing to render, that sounds like a handle leak; you can use Process Explorer to get a better understanding of what's going on. If the handle-count is anywhere near 10000, that's the problem.

    The one exception I mentioned: If I leave the Pandora.com HTML5 website open, it eventually goes to the /inactive page with the "Are you still listening? We don't like to play to an empty room" text. This page slowly but continually leaks, and if I leave it open for a weekend, I'll come back to an iexplore.exe instance consuming 19GB of memory (I have EPM/64bit enabled). I haven't debugged this page yet but suspect there's actually a problem in the JavaScript on the page itself (e.g. it may be continually spewing logging information into a still-referenced-and-never-collected variable).

  12. Anonymous says:

    I can't really believe that Microsoft isn't already aware of some of the severe leaks, which I have also experienced regularly, so far it has been a big step back from IE9 in reliability.  For the average user of course it is very difficult to track what might be causing the leak, perhaps if IE had an about:memory equivalent it would help.  Your configuration does not sound like a common one, most average users are going to have Flash enabled on all sites and won't be using EPM.

  13. Anonymous says:

    I can't really believe that Microsoft isn't already aware of some of the severe leaks, which I have also experienced regularly, so far it has been a big step back from IE9 in reliability.  For the average user of course it is very difficult to track what might be causing the leak, perhaps if IE had an about:memory equivalent it would help.  Your configuration does not sound like a common one, most average users are going to have Flash enabled on all sites and won't be using EPM.

  14. Anonymous says:

    I have been using IE 10 Release Preview on Windows 7 64 bit since November on a daily basis. I have also been using IE 10 on Windows 8. I have EPM enabled on both and have ActiveX filtering enabled. I have also not experienced any issues or any memory leaks.

    If you wish Microsoft to respond to your concerns, please raise them in the dedicated feedback site at:

    connect.microsoft.com/ie

    EPM is one of the main features of IE 10. It is the reason I upgraded to IE 10. It seems strange that you don’t take advantage of it. Who wouldn’t want more protection for IE?

    There is little chance that a report of a memory leak will be addressed by posting about it in blog post related to a Flash Player update.

    With your bug report, please include as much information as possible especially concerning how you detected that a memory leak was occurring e.g. through Task Manager or Process Explorer etc. and please provide the steps (including the sites you were visiting) that you took in order to cause this memory leak so that it can be reproduced/replicated by Microsoft. Your post here does not provide enough information needed to address the issue.

    I hope this helps. Thank you.

  15. Anonymous says:

    Ohh wow! I <3 Windows Update on Win8, because I never see it 🙂

  16. Anonymous says:

    EPM is not enabled by default on desktop or Windows 7, it also makes many addons incompatable.  It is unlikely that a significant amount of Windows 7 and Windows 8 desktop users will start using it any time soon unless Microsoft decides to enable it by default in a future update.

  17. Anonymous says:

    I didn’t say EPM was the default setting, I said “I” had it enabled.

    If EPM is incompatible with your add-ons, that is an issue for the developers of those add-ins to address. I only enable Flash when I need to (it is disabled by ActiveX filtering). I use Silverlight 5.1 so little; it makes sense not to have it enabled all the time. These are the only add-ons I have.

    In my opinion, EPM is unlikely to be made the default settings due to the changes many plugins would need to support it.

    As for the memory leak, I hope that enough information can be provided to Microsoft by everyone who mentioned it here so that we can all benefit from an improved IE 10.

    Thanks.

  18. Anonymous says:

    Here I have IE10 on W7 continuously open for several weeks now and not experiencing any issues with memoryleak.

    Only addon in use is SimpleAdblock and with Tracking Protection Lists enabled (Easylist)

  19. Anonymous says:

    I am using IE10 on 7 and 8 on at least 4 machines on office and work. I have updated almost 20 laptops of my friends and family members. I have never heard such complaint.

    One thing in all those machines have in common is antivirus program, that is; Microsoft Security Essentials. If someone was installed Norton, I replaced it with MSE AV. Other than that I haven't heard of such complains in 32/64 flavors of Win7 (professional, home-basic and ultimate).

    So in your case, it could be some other program/service (which usually people don't have installed) is clashing with IE10's binaries.

  20. Anonymous says:

    Hi hAl and James,

    It’s good to hear that others are also finding that there are no memory leaks.

    James, for your reference I have Norton Internet Security 2013 (v20.2.1.22) installed and it is not causing any issues for me. All of its browser add-ons are 32 bit which don’t function in the 64 bit IE. In addition they don’t function since I have ActiveX filtering and EPM enabled. Having EPM enabled also means that the 32 bit version of IE is no longer accessible.

    Thanks.

  21. Anonymous says:

    @EricLaw: It is actually very easy to reproduce the problem.

    1. use the 32bit version, so the limit is reached faster

    2. set tabprocgrowth to 1, so IE only uses two instances – one "parent" and one actually running the applications. Again, this is so the limit is reached faster (and also to force compatibility with some older add-ons that give IE absolutely crucial functionality).

    3. watch 1080p videos in Youtube for an hour or so.

    But once it also happened to me while just browsing an ebay store and saving images… iexplorer.exe reached the ~1gb cap in a matter of MINUTES. I was browsing the store of hit-japan through RSS, saving certain images, and the cap was reached very fast.

    Add-ons do not cause this problem, though they might contribute to it. However even with all add-ons disabled, after an hour of watching 1080p youtube videos, IE reached the ~1gb memory cap and imploded on itself in the usual fashion.

    Of course using 64bit would alleviate the issue as the memory cap would be way, way higher. But 64bit IE is not an option to many because of incompatible add-ons.

  22. Anonymous says:

    Okay, tested some things around with process explorer. Using this ebay store:

    http://www.ebay.co.uk/…/_i.html

    Anything opened there seems to require a lot of memory, after 15-20 tabs IE10 reaches the memory cap and dies. It shows up as ~1gb in Task manager, but Process Explorer shows that the virtual memory nearing 2gb is the real culprit, taking 32bit limitations into account. Handles are around ~2600 when this happens; and they only ever go about a hundred below peak, but never substantially lower.

    This is using 32bit Internet Explorer 10, ver 10.0.9200.16438, on 64bit Windows 7.

    It seems IE just never empties the data loaded into memory when you close a tab. When opening a sale item on the above RSS link, the iexplore.exe*32 process grows in 70-100mbyte in size. But when I close the tab, it only decreases in 10-20mbyte. Handles go up by 100-150, but only decrease 20-30 upon closing. This just keeps adding up during normal browsing, and eventually the 32bit process runs out of memory. Depending on the sites you visit, this can happen in MINUTES in the worst case scenario – but even just a big enough Youtube video is enough to trigger it.

  23. Anonymous says:

    all cool

  24. Anonymous says:

    IE has always had issues with Mott/tab management ever since they duct taped it into the browser in IE7.

    However more importantly at the guy/girl above recommending to "file a bug on MS Connect" – please for the love of god do not recommend this to anyone… Ever!

    As it has been discussed here on the IE Blog dozens of times the IE Connect tool for tracking bugs has been revealed to be the worst bug tracking tool ever.

    Not only is the interface clumsy and error prone it has major issues in non-IE browsers due to being badly coded.

    There is no commitment from Microsoft to update the bugs, provide a status on resolutions or even triage the bug to determine the root cause.

    Best of all your hard work filing the bugs will be thrown away when the next release comes out… Just days after they do a mass update of all bugs in the system as "can't reproduce" or "as designed" or "possibly in a future release".

    Please don't waste a second of your time filing bugs on connect. File them right here on the IE Blog where they will get the most visibility, testing by your peers, and not erased from this blog nor the clones of it or the way back time machine.

    As an added bonus you can properly search for your bug reports through a little tool called Google.

    Again as it needs repeating: DO NOT EVER USE MS CONNECT! Or suggest that someone else should torture themselves with non-public, non-viewable test cases, worst bug tracking software ever designed – "MS CONNECT"!

  25. Anonymous says:

    can this be fix.

  26. Anonymous says:

    pleaces  I need help home xplorer

  27. Anonymous says:

    Will Flash on Windows 8 remain on 11.3 forever or will we eventually see an update to newer versions such as 11.5?

  28. Anonymous says:

    I don't know what a 'leak' is, but do know that IE10 crashes several times a day on my Windows 8.  It always claims that the website caused the crash, but after the first 10 websites were blamed I just ignore it.  If I move too quickly through the tabs or from full screen to small screen – it will crash.  It is very annoying.

  29. Anonymous says:

    i love internet explorer

  30. Anonymous says:

    Microsoft, do you now see why embedding Flash into the IE10 binaries was a horrible idea?

  31. Anonymous says:

    @Martijn If that was the case, then why did Google Chrome do it?

  32. Anonymous says:

    I just can't get it, all what windows 8 can offer to users it's redesign of UI, that's it?! Ok, it starts -10 faster, but performance is same, core is same, all is same, there's just new questionable UI.

    I mean, what the heck??? Old OS with new UI and new problems with flesh player, websites and problems with accessibility- looks like just "new" thing for some kids who clicks on every icon on screen and feels like some true hacker or something?

  33. Kazzan says:

    Will be there also update for new Adobe Flash from current 11.3.379.14 to newest 11.5.502.149? In Windows 7 I have option to update this separately, but on Windows 8 I must rely with Windows Update. I personally mean that central update is fine for this, bude what the latency of releases?

  34. Anonymous says:

    Since this is related indirectly to the windows 8 metro flash whitelist can you tell us how many sites/URLs gave in to your dictatorship and applied to be on the censorship whitelist?

    Is it 100's?

    Is it 1000's?

    Or has windows 8 sales been so lousy that site owners are unaware that their sites break in metro?

    Or have the site owners (like me) simply informed our users that metro IE is simply NOT going to be supported at all?

    Some stats would be welcome while you ignore our pleas to fix the IE Blog comments.

  35. Anonymous says:

    looks like a thing for every icon on the screen and know if there is a hacker

  36. Anonymous says:

    my adobe flash player do want to download to my laptop what do I do.

  37. pmbAustin says:

    "If browser UI elements are failing to render, that sounds like a handle leak; you can use Process Explorer to get a better understanding of what's going on. If the handle-count is anywhere near 10000, that's the problem."

    I've added handle count to the default list of things displayed by Task Manager, and will be keeping an eye on things for when I next experience this problem.

  38. Anonymous says:

    You can search for requiresActiveX=true (currently about 12k hits) ?

  39. Anonymous says:

    would you please update my adobe flash player most games say I need flash 10 thank you very much Linda Day

  40. Anonymous says:

    there was a lot of help  thank you