March 2013 Internet Explorer Updates


Microsoft Security Bulletin MS13-021 – CriticalThis security update resolves eight privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

This security update is rated Critical for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, and Internet Explorer 10 on Windows clients and Moderate for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, and Internet Explorer 10 on Windows servers. For more information, see the full bulletin.

Recommendation. Most customers have automatic updating enabled and will not need to take any action because this security update will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually. For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871.

For administrators and enterprise installations, or end users who want to install this security update manually, Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service.

Microsoft Security Advisory (2755801)

Today we also released an update that addresses vulnerabilities in Adobe Flash Player in Internet Explorer 10 on Windows 8. The details of the vulnerabilities are documented in Adobe security bulletin APSB13-09. The majority of customers have automatic updates enabled and will not need to take any action because the update will be downloaded and installed automatically. For those manually updating, we encourage you to read the advisory and apply this update as quickly as possible.

This update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash binaries contained within Internet Explorer 10. For more information, see the advisory.

— Tyson Storey, Program Manager, Internet Explorer

Comments (26)

  1. Martijn says:

    If a user downloads and installs IE (any version), why do these updates come after installing? Why are these so-called crtitical updates not made part of the installers?

  2. said says:

    I'm looking google player but it sn't working

    For me?

  3. "This security update is rated Critical for Internet Explorer 6, Internet Explorer 7…"

    So you mean this update patches IE6 and IE7?! – Why bother patching them!? …if you don't release patch these old/obsolete browser, it may just encourage the tiny minority of users using IE6 & 7 to actually update their browsers to at least IE8! By continuing to "patch" IE6 and IE7 Microsoft is sending out the message that it's fine to carry on using these browser indefinitely it would seem!!

  4. @GreatMarko says:

    The only way to get them to upgrade is to convince more websites to stop supporting them.  IE6 is basically dead anyway, but IE7 hasn't quite reached that point.  But yeah, leaving security issues in isn't going to convince them to upgrade because they don't know enough about computers to even update their browser once every 5 years.

  5. Gina says:

    Are the TextArea bugs in IE10 fixed in this release? If not when are they going to be addressed as my customers are finding it really annoying.

    We've told most that can that upgrading from IE10 to Google Chrome solves the problem but realistically IE10 shouldn't have shipped with such a major bug.

  6. Gina says:

    Oops forgot the bug link (in case you really were not aware of it!)

    Bug 571:

    webbugtrack.blogspot.ca/…/bug-571-ie-10-textarea-focus-is-broken.html

    It's not quite as bad as the iOS safari bug with TextAreas that renders the keyboard useless but still a major usability issue

  7. requester says:

    it would be nice not only to have critical updates and all the time stories about how fast IE is, but rather updates on usability like separators for bookmarks, humane bookmark-editor dialog (virtually unchanged for centuries), at all humane accesible bookmarks within modern ui version of IE, not to sort bookmarks alphabetically after an import and last but not least an ad blocker.

    Btw, are other browsers announced for RT?

  8. Tomislav says:

    When can we expect fix for tracking protection lists that are not automatically

    updating in IE10 (Windows 7 & 8) ?

  9. Jim Richardson says:

    Now that the MPEG LA has given up its attempt to control the VP8 license and walked away from it, all of Microsoft's questions about WebM (blogs.msdn.com/…/html5-and-web-video-questions-for-the-industry-from-the-community.aspx) have been answered. When can we expect WebM support to be built into both Windows and Internet Explorer? Further reading:

    blog.webmproject.org/…/vp8-and-mpeg-la.html

    blog.webmproject.org/…/onward.html

    http://www.w3.org/…/good_news_about_vp8_licensing.html

    http://www.robglidden.com/…/google-mpegla-vp8-mpeg-proposal

  10. yuhong2 says:

    @GreatMarko: I personally have a vulnerability report (14136wp) related to a security bug that only affects IE7.

  11. Colin Foot says:

    Since the latest updates went in this morning 13th March, only my home page opens in Explorer, and then not fully functioning,  No other sites will open from my favourites or from the frequent sites in a new tab. The only way to get another site is from a right click on the icon in that task bar and clicking a frequent from there. I am not even sure I will get back to this site to see if it a general or a specific problem

  12. Stuart says:

    There's something wrong with IE10/Windows Updates.  I am using Windows 10 RTM on Windows 7 SP1.  My Windows Update last installed 3 updates on 12/03/2013 (KB890830, KB2807986, and KB2791765).  This update (KB2809289) is not found by my Windows Update, so I cannot install it.  Have Microsoft definitely released this on Windows Update?  If so, what's wrong?  I am now concerned that Windows Update is now missing some updates.

  13. @stuart says:

    If you check the bulletin linked in the main blog post you will see IE10 on Windows 7 is not affected, though they should have made this clear in the blog.

  14. @Jim richardson says:

    Google and HTC are already in court about patent infringement for VP8.

    Nokia has sued them in Germany for patent infringement in androids VP8 implementation.

    The first of many such cases as the main video compression patentholders were never going to be in a patentpool for endorsing a proprietary Google video compression format.

    VP8 is dead in the water.

    An inferior codec, completly controlled by google, patentissues, lack of hardware support.

    Stop beating the dead horse.

  15. miyush pal sharma says:

    latest verson

  16. @@Stuart says:

    Sorry, my mistake, for not reading it well enough!  I'm not normally that daft!!!

  17. Gary Woodley says:

    As of yesterday March 14, 2013 I cannot open att.net mail in Internet Explorer.  I contacted my internet provider and they said to use Safari or google chrome to open the mail.  I have never used Safari for my mail but it worked.  Still not able to open mail in Internet Explorer – att.net mail.

  18. Dale says:

    How's the TextArea fix coming? IE10 seems pretty unpolished with glaring issues like this.

  19. henal says:

    the is very goog

  20. Bryan says:

    Can someone please tell me why Microsoft decided to create the "Compatibility Button"? I truly believe it is one of the biggest fails in browser history and has set back web design and development many years. Will IE 10 have this awful feature??

  21. rais says:

    I want active flash player

  22. ie man says:

    IE 10 is so slow.

  23. chriswong says:

    After these last IE updates on Win 8 Pro, sometimes when I try to open Metro IE, it will just hang at the splash screen, and somehow open the desktop IE in the background while staying on the Metro IE splash screen.  When I manually switch to the desktop, I'll see that desktop IE has a prompt to restore a crashed session.  I have to either shut down or restart in order for Metro IE to open properly…  🙁