December 2013 Internet Explorer Updates


Microsoft Security Bulletin MS13-097 – CriticalThis security update resolves seven privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited the most severe of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

This security update is rated Critical for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10 and Internet Explorer 11 on Windows clients and Important for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11 on Windows servers. For more information, see the full bulletin.

Recommendation. Most customers have automatic updating enabled and will not need to take any action because this security update will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually. For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871.

For administrators and enterprise installations, or end users who want to install this security update manually, Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service.

Security Update for Flash Player (2907997)

On December 10th, a security update for Adobe Flash Player in Internet Explorer 10 and 11 on supported editions of Windows 8, Windows 8.1 and Windows Server 2012 and Windows Server 2012 R2 is also available. The details of the vulnerabilities are documented in Adobe security bulletin APSB13-28. This update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash binaries contained within Internet Explorer 10 and Internet Explorer 11. For more information, see the advisory

Most customers have automatic updating enabled and will not need to take any action because this update will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually. For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871.

— Wilson Guo, Program Manager, Internet Explorer

Comments (12)

  1. fr says:

    Was hoping for more non-security fixes for IE11 as it seems pretty unreliable so far on Windows 7 at least.  Maybe there are some fixes that aren't listed in the KB.

  2. garyk says:

    I don't know which update fixed rss feeds in windows 8.1/ ie11, but thanks

  3. pmbAustin says:

    If you want a good example of how a site can bring IE to its knees… just go here:

    io9.com/which-tv-show-has-the-best-opening-credits-sequence-of-1480580802

    It starts out okay, but keep scrolling.  Memory use will balloon, and then rendering problems will start happening (page not rendering, hell, I've had it crash the video driver and even other applications).  Just keep scrolling down.

    Something about a lot of embedded YouTube videos drives IE insane… as there are in the comments section.

    If you really want to make IE better than the other Browsers, see what you can make it do about handling a page like this.

  4. Ethan says:

    @pmbAustin, believe it or not that infinitely scrolling page is INSANELY huge and heavy, with multiple instances of flash players! It brings any browser to its knees. Try on latest FF, it fails.. Would it be HTML5 players, it would work like a charm.

    Also, I would suggest you to immediately report these issues to Connect, as you encounter them. Old connect trend is gone and now they are taking it seriously. I reported some issues and they were resolved in those updates. The updates are labeled along the lines of "Update for Windows Operating System", because Windows team package those updates. I know back in the day, you stated that you don't file bugs on Connect anymore, and you are waiting for the time to come. You missed the BIG news.. Dean (the head) left IE team and now IE team is basically collection of several teams, so the change in behavior.

  5. Just give up says:

    It worked ok with Chrome.

    @Microsoft: Fork Chromium, change the icon to a blue "e" and call it IE12. Do the world a favor.

  6. Michael says:

    A minor frown…

    It would be nice, for those of us who have large set of "Home Pages" opening in various tabs when we start IE, if those URLs in the home page set were excluded from the "Frequent" window. Currently, it is full, and stays full, of all the home page set URLs, when I could wish it were populated with other things.

    Tried to find another way to suggest this, but it was hard to discover.

  7. Rick says:

    Was hopping that it would not CRASH so much

  8. Darren says:

    ex-Microsoft IE Team developer Eric Lawrence just posted his wish list for IE12 features and bug fixes:

    blogs.msdn.com/…/internet-explorer-12-wishlist-of-bug-fixes-and-new-features.aspx

    Needless to say he points out some good ones but more importantly other developers have added their own items to the wish list! I wonder if Microsoft will read and listen to these ideas over on his blog? (Since they typically ignore any constructive criticism posted on the IE blog)

  9. James S says:

    I know it's not quite on-topic for this particular post, but I would echo other comments here and say I was really hoping for some stability fixes in this batch of updates.  IE11 crashes *far* too frequently (perhaps even a dozen times each day for me on a brand new computer with a clean install of Windows), even on Microsoft-managed sites (such as TFS online).  I don't think TFS online uses any plugins, so I'm pretty sure the issue lies in IE itself.

    One of our customers is just starting to move away from IE7 on XP.  They had plans to upgrade to 11 on Windows 7, but decided on 9 instead (as 11 was so unstable).  Now it will be that many more years until they can get current; they will be on 9 for a long time.  Not acceptable.

  10. Andrew T. says:

    Windows automatically installed the update. Corrupted the computer and caused it to crash. Now in constant 'startup repair' searching for problems. At the end of that, '! Windows failed to initialize'. Gives me an option to do a system recovery. Proceed to that and computer then finds a problem and can't restore to a previous date. The next step is to do a system recovery to factory with saving my info, no avail. Final step, full factory restore, windows could not complete. Shut down…… go into startup repair diagnosis and repair details: root cause found – registry is corrupt. WHATTTTTTTT!!!!!!!!!!! all from a critical windows update.

  11. Andrew T. says:

    I guess my fault for turning my computer on and it automatically installing on Friday the 13th.

  12. Rico says:

    Having spent almost all night on "IE not functioning properly anymore" after the MS-Update, I switched to Chrome. And wait and hope for a better IE12!