October 2013 Internet Explorer Updates


Microsoft Security Bulletin MS13-080 – CriticalThis security update resolves eight privately reported and two publicly disclosed vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited the most severe of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

This security update is rated Critical for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, and Internet Explorer 10 on Windows clients and Moderate for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, and Internet Explorer 10 on Windows servers. For more information, see the full bulletin.

Recommendation. Most customers have automatic updating enabled and will not need to take any action because this security update will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually. For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871.

For administrators and enterprise installations, or end users who want to install this security update manually, Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service.

Update for Flash Player (2886439)

On October 8th, an update for Adobe Flash Player in Internet Explorer 10 and 11 on supported editions of Windows 8, Windows 8.1 and Windows Server 2012 and Windows Server 2012 R2 is also available. The details of the bug fixes and new features are documented in Adobe release notes for Flash Player 11.9.

Most customers have automatic updating enabled and will not need to take any action because this update will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually. For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871.

— Wilson Guo, Program Manager, Internet Explorer

Comments (15)

  1. Real McCoy says:

    Here is a JavaScript optimization challenge for Microsoft compiler guys connect.microsoft.com/…/ie-performance-dom-manipulation-tests

    IE 10 and 11 takes 550ms to perform these basic operations nontroppo.org/…/Hixie_DOM.html (stress testing cases writing some 12 years ago). On same machine, edge version of Chrome takes 27ms.

    Guys please share some C++ compiler optimization magic with JavaScript team (for try-catch, string perpend, index..), make it fast so all sub-tests are completed under 10ms and make the JS compiler the most efficient. Though 500ms looks small, but its still greater than all edge versions of all major browsers (Chrome, Firefox, Opera and Safari).

    Here are the try-catch and few other tests: newilk.com/…/SpeedTest1

    Reminds me of a quote from Fast and the Furious movie: "It doesn’t matter if you win by an inch or a mile – winning is winning."

    That's true. So please apply greedy algorithm here and save every bit where you can to be a winner. We know you can. All you need is to spare some magnificent brains for few hours and you will get sorted it out. For old times sake.. :-)

    Thank you! :)

  2. hAl says:

    @Real McCoy

    You have no idea of what the test does you are linking to. It contains one incredibily specific and fairly extreme usage of a dom method that you are never going to find in real world situations. I dare you to find a site that uses that method in de same way and same number of times as that test does.

    Even an often critized test like Sunspider (test made by Mozilla) does test a more broad spectrum of basic javascript features most of which are very commonly used in webpages.

    And in Sunspider Internet explorer is miles faster than any other browser.

    Also for the newer Kraken performance test made by the Mozilla team which tests does test possible real world script simulations in IE11 is the fastest

    You can also try the conformace ECMAScript Language test262 on

    http://test262.ecmascript.org/

    IE11 scores not high standard conformance on standard javascript but also does finish this real world testframework faster than any other browser.

  3. Real McCoy says:

    @__hAl__,

    Thanks for the comment. Normally, I make the one making such supportive comments. I like the spirit.

    Btw, Sunspider is made by webkit and Apple teams. Mozilla introduced Kraken. And yes IE11 is fastest.

    Also, ecmascript test is the conformance test not the performance test.

    Anyway, my point is, the kind of optimization VC (C++) team at Microsoft is working on and have delivered so far, for them suppressing the time and noise by such brute-force test is a tiny fun job.

    If the compiler optimization teams at Microsoft collaborate a little more, we can get extra boost in every segment of the company. Be it a millisecond save, its still better than before. (and its 27ms vs 550ms! which means there is a room for improvement.. perhaps a better algorithm).

    I agree with the notion: "if its not broken, don't fix it". But do you think it should never get fixed? With webGL and 3D gaming on web, we can encounter have such exhaustive script, may be a poor way of implementing some sort of shader.

    Though, its not the priority but it must be in the backlog of the guy who crave for optimization.

    For the record, there are the tiny bugs in IE11 since IE6, which were never resolved. (like connect.microsoft.com/…/printing-attribute-value-change-triggers-change-in-ux-behavior). They must be resolved some day soon. Certainly not another 15yrs from now.

  4. yuhong2 says:

    Looks like this IE update for IE11 adds back full support for switching to older document modes.

  5. yuhong2 says:

    Using the F12 developer tools.

  6. Arieta says:

    Odd, for me the latest causes IE to go in a non-stop crash cycle on some websites (and RSS feeds). And also when attempting to use any of the dropdowns in the document mode in Developer Tools.

  7. Louis says:

    I'm really failing to understand why Microsoft is able to push out security updates for a 13-year old browser, but they can't push out updates to correct faulty implementations of JavaScript and CSS features.

    For example, why can't you push out an update that allows IE8 to support rounded corners, box shadow, transitions, etc? Legacy apps can still function even with those things.

  8. yuhong2 says:

    @Louis: I don't think MS does things like this probably as a matter of policy. Closest I have been get is this but that is because I found a security bug: yuhongbao.blogspot.ca/…/how-i-found-cve-2013-1310.html

  9. Stifu says:

    @Louis: and that's a good thing. IE8 is basically set in stone (except for some rare, specific cases), and its bugs are known. We don't have to bother with IE8 sub versions, and the same goes for other major IE versions. If each of them were moving targets, it'd be a maintenance and support nightmare.

  10. pmbAustin says:

    Now if only sites would stop browser-sniffing and treating IE 9/10/11 as if they were IE6/7/8,it would be really nice.  I'm looking at you Facebook, Google, and other MAJOR sites with crappy code.

  11. Robert says:

    IE 11 Does not reset the RSS feed when the feed is read. Is this a bug? If so please repair this Microsoft. If not please tell me how to fix it.

    Thanks.

    Robert

  12. Arieta says:

    @Robert: This seems to happen in a few custom RSS feeds, I've seen it happen in Feedburner feeds using IE11 previews. They don't even render in the IE feed view layout, but redirect to their own one (in previous IE versions, they used the internal viewer). You can manually set their status to "already read" with right click though.

    Speaking of which, the internal RSS reader seems to be using X-UA-compatible = IE7. What's up with that?

  13. Nate says:

    @Robert, please send me the connect.micrsoft.com/…/Feedback link so I can up vote!

  14. Rawrz says:

    IE11 may be the fastest currently but its still the most memory hungry software of all the other browsers. With multiple tabs opened that contain flash or other forms of video being played and left on for a few days, they'll eat up much more memory. Heck just open 15 tabs from HuffingtonPost and you'll see it start eating memory like mad and leave it for a few days opened as well. One IE tab instance can reach up to 1gb and the rest 200+mb per tab.

  15. Gopal says:

    Thank you