February 2013 Internet Explorer updates


Today we released two critically rated bulletins and one security advisory for Internet Explorer.

Microsoft Security Bulletin MS13-009- Critical

This security update resolves thirteen privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

This security update is rated Critical for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, and Internet Explorer 10 on Windows clients and Moderate for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, and Internet Explorer 10 on Windows servers. For more information, please see the full bulletin.

Microsoft Security Bulletin MS13-010 – Critical

This security update resolves a privately reported vulnerability in the Microsoft implementation of Vector Markup Language (VML). The vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

This security update is rated Critical for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, and Internet Explorer 10 on all supported releases of Microsoft Windows. For more information, see the full bulletin.

Microsoft Security Advisory (2755801)

Microsoft is also announcing the availability of an update for the Adobe Flash Player in Internet Explorer 10 on all supported editions of Windows 8, Windows Server 2012, and Windows RT. The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10. For more information please see the full advisory.

Recommendation. Most customers have automatic updating enabled and will not need to take any action because this security update will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually. For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871.

For administrators and enterprise installations, or end users who want to install this security update manually, Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service.

— Tyson Storey, Program Manager, Internet Explorer

Comments (58)

  1. Anonymous says:

    Please release IE10 for Windows7 early.

  2. Anonymous says:

    @Hamakaze:

    I think you mean "please release an updated pre-release version, and only release the final version when it is bug-free".

  3. @Arieta:

    No, I think he means "please release IE10 for Windows 7 ASAP, given that it's been in "preview" now for the past 3 months!! …and if there's bugs, simple – just release regular updates – like ALL the other major browser vendors do!!"

  4. Anonymous says:

    Re: the VML attack, might IE someday be configurable to disable legacy document modes, to reduce attack surface area?

  5. Anonymous says:

    How does any of this get the IE Blog comment form fixed?

    #MicrosoftCompetentcy–;

  6. Anonymous says:

    How does any of this get the IE Blog comment form fixed?

    #MicrosoftCompetentcy–;

  7. Anonymous says:

    Why are Flash security updates published as security advisories? Confusing.

  8. Anonymous says:

    @anon Because Microsoft is responsible for releasing updates for Modern IE's Flash Player, not Adobe.

  9. Anonymous says:

    @Jo: please read the anon's question again

  10. Anonymous says:

    Good that you're updating IE10, but as far as I'm concerned, IE10 is not even released yet.

    Yes it's in Windows 8, but Windows 8 is a tablet OS (and a jokingly bad one at that), so IE10 is not yet available for normal computers, so to speak.

    Release it already.

  11. Anonymous says:

    Disabling old legacy formats would be a good IE feature.   These could be marked as depreciated with the next standards update for html 5.  Prompting the user to accept/reject old legacy format content would be good as well

  12. Anonymous says:

    @Martijn: Where are you talking about? Windows 8 is the best Versio of Windows I've ever seen, and I thougth Windows 7 was already awesome. That you think it's not that gold, doesn't maan everyone else thinks that. Anyway, I also think that it is the best OS For tablets yet.

  13. Anonymous says:

    This is trash development assuming every user has time to digest this stupid dependency. For goodness sake keep the it simple stupid!

  14. pmbAustin says:

    If you'd just log in with your microsoft account (and why are you even here if you don't have a microsoft account), you wouldn't have any problems with the comment form.  You log in once, and it keeps you logged in all the time.  It's not an effort.  And you'll stop being frustrated, and we can stop being forced to listen to your constant bitching.

  15. Anonymous says:

    @Yannick – you live on a very lonely island.  I don't know anyone (I see hundreds daily) that thinks windows 8 is better than 7. Not One.

    The only people I know promoting it either work for Microsoft or are a 3rd party developer trying to help push sales of their apps that they've ported to the windows 8 platform from android, blackberry or iOS. (And I understand why… My reports are that the sales are downright pitiful not even a percent of the sales on other platforms).

    @pmbAustin – you're absolutely right! Why should Microsoft fix the major bug in their blog that stops users from actually posting comments?

    Lets count the ways shall we?

    1.) this blog is about the web, standards etc. by Microsoft not showing enough competence to host a working blog why would anyone take any of their articles seriously?

    2.) this blog is built on/running on Microsofts own stack (windows/ASP/.net) having a major bug on your prized web property due to a bug in your "supposedly" good platform is one heck of a bad publicity issue and will not convince a soul that Microsoft has made a decent web stack.

    3.) it's been F—ing years! Since this bug was noted, tested, and documented (both on this blog AND on the legacy ASP Postback issue in the platform itself) ignoring it does not make it go away, ignoring it shows everyone that Microsoft has a lack of commitment.

    4.) the 30second bug fix for this issue has been identified AND posted on the IE Blog itself NUMEROUS times! Microsoft can't even suggest they are working on the issue (well, first they'd have to acknowledge it) since they've already been handed the fix on a silver platter!

    5.) by not addressing the issue they've made the IE Blog hostile with developers and readers alike constantly complaining that the blog is broken and that precious responses keep getting lost because Microsoft refuses to fix the issue.

    6.) by not fixing the issue, the constant complaints in the comments make it near impossible to have a decent conversation about a topic

    7.) the "email the blog author" sends emails to an account that either doesn't exist or never gets read.  In a day and age where communication and correspondence occurs in real time Microsoft can not afford to not reply to requests to help fix the issue.

    8.) Telligent, makers of the original blog software are stuck with a flagship install with glaring errors and a client (Microsoft) that refuses to deal with the issue.

    Personally if I was a Microsoft employee in any way related to the Internet Explorer Team, the HTTP Networking Stack, Public Relations, Developer Relations or anyone that cares about the image of Microsoft I would make it my first priority tomorrow to find out who is in charge of this blog, and get a fix in place ASAP!

    I would then ensure that the IE Team/Blog Maintainer posts an update indicating that it has been fixed… I would also make an apology for taking so long in doing so since an olive branch is long overdue.

  16. Anonymous says:

    I love Windows 8…no probs at all!

  17. Anonymous says:

    Actually Windows 8 is an excellent tablet OS.

    Much beter than something like Android which usage and inconsistentie in apps and gestures in apps often feels awfull on tablets.

  18. Anonymous says:

    Stop whining.

    Also, email the blog author works.

  19. Anonymous says:

    @"@Jaimes" no the email link doesn't work. I've sent several emails to them for important issues that should be addressed.

    I respectfully requested that even if they were not interested in an explanation of the issues to at least send a courtesy response back indicating that the message was at least received.

    In the past 2.5 years I have had ZERO responses.  The Email link must go to Dev Null. Can't say I'm surprised – every comment to Microsoft on this blog goes to the same bottomless pit of *ignored*.

  20. Anonymous says:

    @rst I did. What am I misunderstanding?

  21. Anonymous says:

    I agree with jaimes Im sooooo sorry I purchased windows 8 and now I've lost all my old apps and cannot even download my flash player

    every0thing I soooo complicated…..I wish I could go back to windows 7 and my money back

  22. Anonymous says:

    I works because I have gotten multiple replies.

  23. Anonymous says:

    @(@Nathan) congrats! But I think you are alone.

    I've posted email questions to the blog author multiple times also but I never got any responses.

    Based on the complete lack of feedback and responses from Microsoft in the comments on this blog I'm much more likely to believe that Microsoft doesn't respond.

    We've told them about this broken blog since before IE7 was even announced yet not once have they even acknowledged the bug.

    Lets not forget we are talking about the company that blamed Google for introducing security holes into IE when they created Google Chrome Frame to overcome the gaping holes in web standards that Internet Explorer didn't support.

    I wouldn't currently trust Microsoft any more than the spam emails I get for questionable medication.

    Microsoft has completely failed at providing developer confidence by being silent rather than responding ***promptly*** to issues.

    As a result no mobile developers (moving from web) have any interest in supporting the windows 8 platform. Microsoft dug their own hole on this one which is so sad because it looks like there are actually some people at Microsoft that care still.

  24. Anonymous says:

    @(@Nathan) congrats! But I think you are alone.

    I've posted email questions to the blog author multiple times also but I never got any responses.

    Based on the complete lack of feedback and responses from Microsoft in the comments on this blog I'm much more likely to believe that Microsoft doesn't respond.

    We've told them about this broken blog since before IE7 was even announced yet not once have they even acknowledged the bug.

    Lets not forget we are talking about the company that blamed Google for introducing security holes into IE when they created Google Chrome Frame to overcome the gaping holes in web standards that Internet Explorer didn't support.

    I wouldn't currently trust Microsoft any more than the spam emails I get for questionable medication.

    Microsoft has completely failed at providing developer confidence by being silent rather than responding ***promptly*** to issues.

    As a result no mobile developers (moving from web) have any interest in supporting the windows 8 platform. Microsoft dug their own hole on this one which is so sad because it looks like there are actually some people at Microsoft that care still.

  25. Anonymous says:

    Internet Explorer 10 for Windows 7 reportedly coming in late February

    http://www.windows8core.com/internet-explorer-10-for-windows-7-reportedly-coming-in-late-february

    ——————————————————–

    Really?Microsoft.

  26. Anonymous says:

    09032055330h

  27. Anonymous says:

    If that late february release is correct, that would mean that the IE team is already in the late phases of development, and critical bugs like the memory leak one would not get fixed.

    Oh well.

  28. Anonymous says:

    hghhhhh

  29. Anonymous says:

    Well, Microsoft aren't even admitting that there *is* a memory leak problem with IE10, so I can't see how they're going to fix it.

    Once IE10 is released, I will install it and see how it performs – if there are any performance problems, I will revert back to IE9.  If there is a major problem, I will switch to Firefox or Opera instead.  You'd think with all of Microsoft's software developers they'd be able to get a browser out on time, especially when they know how much browser competition there is out there.  The Windows 8 version of IE10 has been out since 26 October 2012, yet still no Windows 7 version has been released – especially when they promised it would be the other way around.  I have always just gone along with Microsoft updates before, but I'm not so sure this time.  I don't even think I'll upgrade my laptop to Windows 8, since there is no Start button in Desktop Mode – the UI in Windows 8 is very dumbed-down from the user's perspective – for the 'mobile phone generation' (big buttons, bright colours, with no depth to functionality, and very limited configurability).  If Windows 8 is the way in which Microsoft operating systems are going, then I might have to stay with Windows 7 for now, but eventually move away from Microsoft software…

  30. Anonymous says:

    Please add automatic updates (like chrome) that don't require windows update. now that you have detached the browser from the OS…

  31. pmbAustin says:

    I too prefer Windows 8 to Windows 7.  I didn't at first.  But now that I've tweaked it for the various platforms (tweaked one way for desktop non-touch, another for a laptop with touchpad, and another way for SurfaceRT) it works great.  In fact, it's kind of annoying to go back to Win7 in many ways, as I miss some of the new Win8 features.

  32. Anonymous says:

    don't like it got to sign on to everything and does not recognize my passwords.

  33. Anonymous says:

    wish they would get the bugs out first……………………….

  34. Anonymous says:

    I need to upgrade to Adobe 10 can you help?

  35. Anonymous says:

    Can we please have the name of the developer that first implemented document.getElementById(id); in IE?

    We are setting up a site like TheDailyWTF and we want to provide an award named after the Microsoft developer that checked in this fluster cluck.

    It is the pinnacle of software failure in a single method where not only was the spec for the implementation right in the name of the method but the bug it introduced was the catalyst that caused the stalling of web advancement for an entire decade!

    We know who made the 2nd worst IE bug (innerHTML) but it is frustrating to not know number 1.

    Greg

  36. Anonymous says:

    Hello, fellows.

    Am I the only person who has IE10 preview broken after security updates? My IE10 on Win7 now cannot open any sites, is stuck at "Waiting for …" forever. I have to use Chrome now, which does not make me happy 🙁

    Best regards,

    Rustam.

  37. Anonymous says:

    Blog comments are still broken!

    1.) Please acknowledge the bug

    2.) Please fix the bug

    Nothing else on this blog matters until this is resolved!

  38. Anonymous says:

    When is the final release of IE 10 going to be available for windows 7?

  39. Anonymous says:

    God knows, I hope it's next week.

  40. Anonymous says:

    Internet Explorer Still Sucks.  It don't have official WebM support built in from you guys.. Firefox, google chrome, opera, and safari all have it.  Internet Explorer is falling behind once again YAR HAR Internet Explorer needs to die and go away forever!   Also with Windows 8 being confusing Windows might be coming to a end.. A lot people around where i live has macs now because they used windows 8 and confusing it was to them!! HAHAHAHAHAHA!!! MACS FOREVER!!

  41. Anonymous says:

    Why should MS ditch an excellent update delivery mechanism for something else?

    @Firefoxlover1993  

    Install WebM codec on your computer and IE10 will support it just fine. Stop whining.

    Also, firefox is a crap browser.

  42. Anonymous says:

    Internet Explorer 11 Beta Concept Imagines the Windows 9 Browser……

    news.softpedia.com/…/Internet-Explorer-11-Beta-Concept-Imagines-the-Windows-9-Browser-330359.shtml

    comments ple…………

  43. Anonymous says:

    I have the problem that I can,t pay my bills on-line since I install IE10, I have removed to allow pop-ups and still can't pay my bills. Can you help, PLS.  jessejm@prtc.net    787-359-3262

  44. Anonymous says:

    Blog comments are still broken!

    1.) Please acknowledge the bug

    2.) Please fix the bug

    Nothing else on this blog matters until this is resolved!

  45. Anonymous says:

    You are right.

  46. Anonymous says:

    good

  47. Anonymous says:

    Blog comments are still broken!

    1.) Please acknowledge the bug

    2.) Please fix the bug

    Nothing else on this blog matters until this is resolved!

    Here's the code fix for you:

    <input type="submit" value="Submit"/>

    We expect that to apply the patch should take no more than 5min for any developer that should be allowed to touch code. 😉

  48. Anonymous says:

    twitter.com/…/305331422137315330

    "Full useragent: Mozilla/5.0 (IE 11.0; Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko"

    twitter.com/…/305331296291401729

    "One cute detail about IE 11: the UA no longer contains 'MSIE', but 'IE' instead and is 'like Gecko'. And Windows Blue is version 6.3."

    Wow MS, do you have no shame at all? Your inferior Internet Exploder is nothing like Gecko at all.

  49. Anonymous says:

    Will IE11 use the Webkit engine instead of Trident? That would be awesome!

  50. Anonymous says:

    IE better runs with Trident. Keep your crippled Webkit, stay away from Microsoft network and enjoy your beloved ChromeOS.

    ~ M for Microsoft, Metallica and Nothing Else Matters…

  51. Anonymous says:

    So if MSFT is already working on IE11 (even though they haven't shipped IE10 on their #1 OS yet!) then Microsoft has ample opportunity to fix up a ton of usability issues with the IE interface that users have been complaining about for over a decade?!

    1.) the whole options dialog has been listed in every usability fail blog out there… Massive scroll lists in tiny windows, total chaos of all the content as it was grafted on after every IE release.

    2.) security zones that no user understands or wants to

    3.) print preview that looks like it was written by Borland C++ programmers in 1998!

    4.) right click context menu (where the F—! Is the option to VIEW A PICTURE!!!!!!!!! Like you can do in EVERY OTHER BROWSER!!!!!

    5.) iframes! Why can users not do anything with iframes in IE!

    6.) why do they readonly properties dialogs have Apply and Cancel buttons?!

    7.) why have the developer tools not seen any improvements since the original VB6 looking crud we still see today?! Again the issues with every aspect of the developer tools has been discussed over and over! You won't get a single developer to use IE as their default dev browser until the tools in IE get a MASSIVE OVERHAUL!!!!

    8.) there is still nothing in the user agent that indicates if the browser is running in Mehtro or the real, usable IE browser. How are we supposed to tell users they need to switch browsers?!

  52. Anonymous says:

    I only come to this blog for the full on crazy so keep it coming.  The comments are absolutely hilarious.

  53. Anonymous says:

    @IE11 & WebKit – it's funny how you say M is for Microsooft and Metallica when Metallica has publicly complained about Microsoft not following open standards especially after DRM turned out to be a useless fiasco.

    WebKit is the dominant mobile Browser engine and has no major competitors outside of Firefox and Firefox is not out for profit only to better the web.

    On sites I run with 100,000+ hits a month not even 0.1% of the mobile/tablet traffic comes from Trident.

    When Microsoft ditched development of their browser back in IE6 they set themselves on a path of destruction that to this day has caused every browser version to shrink the IE market share and with they're mobile browser only hitting the market in late 2012 they've officially secured the dead last position.

  54. Anonymous says:

    IE switching to Webkit would essentially lead to a monogamous browser market. There are already talks of browsers adopting the -webkit- prefix for CSS because many site authors use "bleeding edge" not-yet-standards designed for Chrome, and forget or refuse to include proper CSS once these features become actual standards. Plus, Webkit requires a LOT of hacks as well.

    IE switching to Webkit would lead into a new IE6 situation.

  55. Anonymous says:

    1 print preview and

    2  Saving of page too slow than chrome ,also it must save the web pages in background like chrome so that we can browse web…..

    3 please, update whole UI of  IE 11 …………..

     what say guys…………….

  56. Anonymous says:

    IE 10 for windows 7 has been released!

    go to windows.microsoft.com/…/download-ie – Update Browser