July 2013 Internet Explorer Updates


Microsoft Security Bulletin MS13-055 – Critical

This security update resolves seventeen privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited the most severe of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

This security update is rated Critical for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, and Internet Explorer 10 on Windows clients and Moderate for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, and Internet Explorer 10 on Windows servers. For more information, see the full bulletin.

Recommendation. Most customers have automatic updating enabled and will not need to take any action because this security update will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually. For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871.

For administrators and enterprise installations, or end users who want to install this security update manually, Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service.

Microsoft Security Advisory (2755801)

Today, we also announced the availability of an update for Adobe Flash Player in Internet Explorer 10 on all supported editions of Windows 8 and Windows Server 2012. The details of the vulnerabilities are documented in Adobe security bulletin APSB13-17   

The update addresses vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10.  For more information, see the advisory.

Most customers have automatic updating enabled and will not need to take any action because this update will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually. For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871.

— Ceri Gallacher, Program Manager, Internet Explorer

Comments (20)

  1. k says:

    How to enable plugins in pinned sites?

    Youtube started showing 2 minute longs ads before all videos so viewing anything without adblock is impossible, but you made it impossible to use adblock…

  2. Craig says:

    Thanks for the updates. It is nice to know that vulnerabilities are being managed.

  3. IE rocks says:

    To Blink and Webkit fanboys, look at that ***: cpcbox.com/blink-bug.htm

    At least, IE stays on its feet there.

  4. IE4ever says:

    This one is good too: http://cpcbox.com/bench.htm

    Chrome is completely crushed by IE and Firefox!

  5. zuad says:

    جزاكم الله خيرا

  6. Torbjörn Andersson says:

    @IE4ever

    It's not really surprising if Chrome does badly on http://cpcbox.com/bench.htm since it was apparently created as a test case for this bug report:

    code.google.com/…/detail

    The only thing that may be slightly surprising is that it's *still* doing badly on it, since it was reported last summer. But they gave it medium priority, so I guess they figured it doesn't have that much impact in most cases. I wouldn't know, I don't use Chrome much myself.

    (I hope this doesn't turn up twice. I tried posting it the first time hours ago.)

  7. Arieta says:

    OK, here's an interesting problem.

    I've previously had Windows running with UAC disabled. I've then enabled UAC, and all cookies, DOM Storage, and my previous browser session was forgotten by IE.

    How would I go about recovering all of these? I could find the previous session of tabs after looking around in AppDataLocalMicrosoftInternet ExplorerRecovery, and I can selectively restore the DOM Storage for one site by copy over files from LocalMicrosoftInternet ExplorerDOMStore to LocalLowMicrosoftInternet ExplorerDOMStore, But, is there a way to copy over everything in one go?

    Something indexes the cookies and the contents of the stuff under Local (non-uac) and LocalLow (uac), because simply copying files over from one to the other does not work, only selectively.

  8. EricLaw [ex-MSFT] says:

    @Arieta: Alas, no, there's no supported or automated process for migrating all of the browser's forms of state between Integrity Levels or AppContainer levels.

  9. faramarz bagheri says:

    internet explorer

  10. Charles says:

    Your latest security bulletin: technet.microsoft.com/…/ms13-055 including the security update KB 2846071: support.microsoft.com/…/2846071 to fix the security hole exhibited by spider.io http://www.spider.io/…/internet-explorer-data-leakage broke lots of legitimate uses: stackoverflow.com/…/did-windows-update-2846071-break-break-the-handling-of-window-event-clientx-clie

    When you blocked reporting of coordinates outside the browser viewport (in particular when IE did not even have focus!) you also blocked all of the legitimate coordinate tracking from within the browser.

    2 Things:

    1.) If you are ever in future going to change your APIs like this – please advise up front so that the 1,000s of us that depend on them have a chance to react.

    2.) Why on earth are you blocking the x,y info from within the browser when the browser is active? Is drag&drop, and drawing functionality not something you want IE to be capable of?

    @Dean Hachamovitch it is 2013 – you have a handle on Twitter @DeanHach which you've effectively **NEVER** used. You (or a reliable member of your team) needs to be on Twitter to be able to handle issues that rise up – especially when those issues arise from your automatic updates going out borking IE for unsuspecting users and developers.

    Do not pass go! do not collect $200! #BadIETeam #BadDeanHachamovitch

  11. Arieta says:

    By the way, I just found this; it might be helpful in tracking those handle leaks.

    home.wanadoo.nl/jsrosman

  12. Marc says:

    Please fix your drag n drop bugs! Focus on the conformance tests you are still missing.

  13. George says:

    Can we get confirmation that there is a fix coming for the [X,Y] coordinates thing that your latest patch broke? It is fine if you want to hide coordinates outside the browser viewport but not returning them anywhere within the browser viewport is just ridiculous and is causing lots of frustration for developers (especially now that IE10 has auto update enabled!)

    Auto Updates are great but you should really TEST your patches thoroughly before releasing them in the wild.

    You failed on 3 levels!

    1.) MSFT Developers didn't test their code properly

    2.) MSFT QA Testers didn't catch the bugs introduced

    3.) MSFT Managers let this patch release go out with neither of the 2 items above being covered!

  14. pmbAustin says:

    Maybe someone else can tell me what's going on, but a recent update to the Twitter.com website has made IE10 function really poorly for me (both Win7 and Win8 versions)…

    Clicking in the text box to type a status frequently doesn't work (I have to click multiple times… sometimes it seems to try to select the box itself).  And while typing, the 'character count' doesn't update unless I click out of the box and back in… THEN it starts working.

    I've done it side by side in both IE10 and Chrome, and Chrome doesn't have any of these issues.

    I have no idea if it's bad coding on the site, or issues with the way IE10 handles things, or what, but it is very annoying, and since it only affects IE, it is PERCEIVED to be a problem with the browser regardless.

    Anyone else notice these issues?  I haven't had a chance to dig in to see what's actually going on, HTML-wise, but I'm sure someone reading this is interested enough to figure it out.  At any rate, I sure hope that IE11 doesn't suffer these constant "issues" I always seem to experience on sites…

  15. Guest says:

    Remove that retarded grey background on active links please! Why you alaways have to break things?

  16. Steve says:

    @Guest I just noticed that even on Windows 7 the IE10 browser adds that gray background on active links.  Not just ugly, but totally un-necessary. Once again Microsoft keeps messing things up!

  17. Christian Stockwell [MSFT] says:

    @Guest & @Steve: Thank you for your  feedback and kind words of encouragement. When you upgrade to IE11 you'll be happy to note that we've removed the default active highlight for mouse interaction (we've kept the background highlighting for touch to let users disambiguate the active link).

  18. Christian Stockwell [MSFT] says:

    @pmbAustin: I'm not a member of the Twitterati, but several members of the IE team are. I've filed a bug to see if one of them can reproduce the problem you've described in IE10 and IE11. One thing that I'd always recommend is that you let the site know in case the problem's on their side. I presume (without investigation, mind you) that their support team is only a tweet away 🙂

  19. Martijn says:

    Yawn.

    More security fixes. That's good and all, but how about fixing some regular bugs as well? Then webdevelopers don't have to deal with IE8/IE9/IE10 weirdnesses (which there are a WHOLE FLIPPING LOT of) till the end of time.

    That, or update the browser with a whole new version every six weeks on every platform from Windows XP and up. Ha, like that's gonna happen. At least Mozilla and Google pull it off, why can't Microsoft?

  20. PhistucK says:

    @Martijn –

    Actually, one of the posts states that Internet Explorer will not be ported to older version, simply because some features rely on improvements that were only implemented (or backported) to the supported operating systems (Windows 7 and later). Instead of supporting everything in every platform, other browsers support only what is possible to support and so fragmentation happens between operating systems in the same browser version. For example, WebGL was not supported in Windows XP for some time, at the beginning.