November 2013 Internet Explorer Updates


Microsoft Security Bulletin MS13-088 – CriticalThis security update resolves ten privately reported and one publicly disclosed vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited the most severe of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

This security update is rated Critical for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10 and Internet Explorer 11 on Windows clients and Important for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11 on Windows servers. For more information, see the full bulletin.

Microsoft Security Bulletin MS13-090 – Critical

This security update resolves one publicly disclosed vulnerabilities in Internet Explorer. The vulnerability could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited the most severe of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

This security update is rated Critical for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10 and Internet Explorer 11 on Windows clients and Moderate for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11 on Windows servers. For more information, see the full bulletin.

Recommendation. Most customers have automatic updating enabled and will not need to take any action because this security update will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually. For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871.

For administrators and enterprise installations, or end users who want to install this security update manually, Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service.

Security Update for Flash Player (2898108)

On November 12th, a security update for Adobe Flash Player in Internet Explorer 10 and 11 on supported editions of Windows 8, Windows 8.1 and Windows Server 2012 and Windows Server 2012 R2 is also available. The details of the vulnerabilities are documented in Adobe security bulletin APSB13-26. This update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash binaries contained within Internet Explorer 10 and Internet Explorer 11. For more information, see the advisory

Most customers have automatic updating enabled and will not need to take any action because this update will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually. For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871.

— Wilson Guo, Program Manager, Internet Explorer

Comments (20)

  1. ppp says:

    Contribution of a report, too early !

  2. JulienM says:

    Any specific reason about disabling EPM on IE/desktop by default on windows 8.1 in this update? 🙁

    the EPM had the (positive) side effect of disabling legacy ActiveX controls, which means the CardSpace flaw didn't affect win8.1 by default, and win8.1 users would have been protected against future 0day flaws in legacy ActiveX controls when EPM is enabled.

  3. Donn Edwards says:

    IE11 screwed up: I wasn't aware it was being installed, and the installation is now broken: won't install or uninstall.

    I guess I won't be using IE11 on Win7 after all.

    Thanks for breaking my PC

  4. pmbAustin says:

    So I had another issue last night with the cookies disappearing and losing my session and login (and auto-complete) information.

    I was using Facebook, and I'm set to "stay logged in".  I closed the window, and then some time later (about half an hour) I opened a new tab and went to facebook… and was prompted to log in again.  It then prompted me whether I wanted it to remember my password (which it should have had recorded).  There was no auto-complete for the fields.  It was like I was hitting this page for the very first time.

    I wasn't aware of any pages crashing, and I didn't exist IE11 Desktop at any point in time.

    This sort of thing seems to be happening more and more often… more frequent in IE10 than IE9, and noticeably more frequent since updating to IE11.  And it's getting to be exceedingly annoying.  It happens on any number of sites.  Suddenly it just forgets that I've ever visited the site before, passwords are forgotten, auto-fill form entries are forgotten, the works.

    I really hope this is a top priority to fix in an update, because it's just beyond frustrating and annoying.

  5. SharePoint John says:

    Any reason why SharePoint 2013 functionality isn't compatible with IE 11? I'd expect Firefox or Chrome updates to kill SharePoint functionality, but IE??

  6. Akibob says:

    How do I remove VeriSign from IE 11, it will not let me enter passwords !

  7. george says:

    go hawks

  8. __hAl__ says:

    Hmmmm, at pwn2own a group of security expert demonstrated a hack on IE11 on a surface pro.

    http://www.pcworld.com/…/researchers-hack-internet-explorer-11-and-chrome-at-mobile-pwn2own.html

    Out of competition as the surface pro was not part of the pwn2own mobile competition.

    .

    Time to get out another security update…

  9. Since last week updates (I suspect that damn Adobe Flash update),  every time a Youtube page opens / refresh, the whole Surface RT is freezing  for 15-20 seconds (only the charm remains responsive, not even task switching swipe from left does work). Such freezes never happened on Win8 RT.

  10. Red Garnett says:

    How can I turn the automatic zoom adjust in IE 11 on Windows 8.1 (with two screens and different resolutions) off? This feature is so painfully annoying (and crappily implemented), I just can't find the right words to describe it. Who specs features like that?

  11. xpclient says:

    Is the Internet Explorer 11 team aware that they inadvertently broke gadgets on Windows 7 when the DPI is higher than 100%? (social.msdn.microsoft.com/…/gadgets-not-working-with-ie11-win7-pro-sp1-not-win81-preview). Kindly fix this with a patch or update. Gadgets are a Windows 7 component and shouldn't be ignored by MS on that platform.

  12. Embedded Youtube Videos are blank says:

    Anyone know what's going on here?  Since updating my Surface Pro to Windows 8.1 and IE11, all YouTube videos just show black when I click play.  The sound is fine, and if I set it to run full screen, it plays fine, but if it's embedded in a page, it's just blank.  Any clues on how to fix this?  It feels like a video driver thing (and I've had other symptoms that seem video driver related… flashing of the screen sometimes (like the driver reset), and some weird rendering artifacts on some pages (like vertical lines on Twitter.com that come and go).  Is this a known issue?  It's a Microsoft Surface device, so I'd expect it to work flawlessly…

  13. Micheal says:

    I really hope this is a top priority to fix in an update

    plz care tech at http://www.tech-reviews.info

  14. Howard says:

    IE11 is brand new. I just got an email last week about the final release for Win7. Now seeing this, and once again the IE browser is nothing but swiss cheese.

    How can I ununstall IE completly but yet have outlook connect to exchange??

    I had a user the other day that uses FF for browser and Outlook would not connect to exchange.

    Turns out that I opened IE and it was foobarred. Hence Outlook would not connect. That is rediculous. What great bonehead decided to tie Outlook to the Internet settings confirgured in the IE frigging browser?

    These are two completly seperate programs and do completely different things. How friggin stupid!!

    What a waste of my time trying to keep windows running…

  15. Forhad says:

    my in explorer not working

  16. Melkom says:

    IE is the best browser in the speed, not crash,user friendly and etc .

    s11.postimg.org/…/388.jpg

  17. Peter says:

    Why does IE11 crash that often while browsing a random github repository or even the main project pages?

  18. Gavin says:

    Microsoft is quickly becoming rife with incompetence.

    I cannot believe the mistakes that are being made.  It's like amateur hour.

  19. vthomas@legacypca.com says:

    can someone tell me how to make Carnegielearning work in internet explorer  When we log in as soon as it tries to open it closes the window

  20. Jackson says:

    Microsoft, please do the world a favor give up development of IE.  For years, it has stifled advancement of web development.  If you insist on having a Microsoft branded browser in your operating system, there are plenty of far superior open source (gasp!) alternatives for rendering, JS, etc.