IE October Security Update is Now Available
The IE Cumulative Security Update for October 2007 is now available via Windows Update. Alternatively, you can receive this and all other Microsoft updates via the new Microsoft Update. I encourage you to upgrade to Microsoft Update if you haven’t already to ensure that you receive the latest updates for all Microsoft products.
This update addresses 1 remote code execution and 3 spoofing vulnerabilities. This bulletin also includes killbits for some vulnerable ActiveX controls. For detailed information on the contents of this update, please see the following documentation:
This Update is rated “Critical” for IE 5.01, IE6 Server Pack 1 on Windows 2000, IE6 on Windows XP, IE7 on Windows XPSP2 and IE7 in Windows Vista; “Moderate” for IE6 on Windows Server 2003 and IE7 on Windows Server 2003.
As a reminder, IE security updates are cumulative and contain all previously released updates for each version of Internet Explorer.
I encourage everybody to download this security update and other non-IE security updates via Windows Update or Microsoft Update. Windows users are also strongly encouraged to configure their systems for automatic updates to keep their systems current with the latest updates from Microsoft.
Terry McCoy
Program Manager
Internet Explorer Security
Comments
Anonymous
October 09, 2007
PingBack from http://www.slowfive.com/?p=3455Anonymous
October 09, 2007
Yet another post. Yet another post without info about IE8. How many more are we going to have suffer through?Anonymous
October 09, 2007
Sigh, must every blog entry have people trying to threadjack the comments to ragging on Microsoft for the lack of info IE8, updates for asian versions, etc.? Now, can someone explain to me why there are updates for IE 5.01, but not for 5.5? Why is 5.01 even being supported still? If they're going to still support it why can't we get VMs with it on for us to test on? It seems odd to me they're saying it's market share is enough that they still need to provide security updates for it, but not enough that people should test their designs in it.Anonymous
October 09, 2007
support for each ie version is linked to some degree to os ie5 is still supported because it was version shipped on windows 2000 ie5.5 is not supported anymore because it shipped on windows me which is no longer supported plus it was replaced by ie6/7 on all other platforms support for ie7 on vista will remain as long as vista os support exists but support for ie7 on windows xp will end 12 to 24 months after release of ie8Anonymous
October 09, 2007
windows home server what version of ie is shipping with it ie7 or ie6Anonymous
October 09, 2007
IE October Security Update is Now Available The IE Cumulative Security Update for October 2007 is nowAnonymous
October 09, 2007
@commentform "How many more are we going to have suffer through?" As I repeatedly state, we will hear nothing new at last in the year or two.Anonymous
October 10, 2007
@IE Team Thanks for fixing the bug: 936949 Focus is not set to the Web page if you minimize the browser window and then maximize it from the taskbar in Internet Explorer 7 but I have now discovered another strange thing about how my toolbar is getting resized when IE7 is started and when the IE window is minimized: http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=2251792&SiteID=1 Link to other (unfixed) bugs I found: http://forums.microsoft.com/MSDN/Search/Search.aspx?words=viktor78&searchKey=&lcid=1033&searchscope=forumscope&siteid=1&ForumID=924&ForumGroupID=-1Anonymous
October 10, 2007
Finally comments about the development of IE8!!!!!! http://internetexplorer8.org/?p=13 has posted news about IE8!!!!!!!! Though I would have preferred to hear it here first from a an active Microsoft Internet Explorer Employee.Anonymous
October 10, 2007
It looks like the update for IE6 and Outlook Express/Windows Mail caused a problem on SBS 2003. Network clients were not able to access any websites at all. Uninstalled these updates from the server, rebooted and now able to browse the Internet from these clients again. Bad DLL in there somewhere?Anonymous
October 10, 2007
Hm... Not sure if that's just me but they are releasing more "Stuff" those days.Anonymous
October 10, 2007
The comment has been removedAnonymous
October 10, 2007
After running automatic updates my computer crashed and had to be restarted. Then the norton I security 2007 was deactivated and had to be reauthenticated - what's going on???Anonymous
October 10, 2007
@Snorthwood: Do you have a local non-Microsoft software firewall? We've heard of instances where such software needs to configured to permit IE to access the network after updates to iexplore.exe are made. @rc: You can repeat yourself as often as you like, but it won't make your statements any more accurate.Anonymous
October 10, 2007
I'm having an awful time getting IE7 to connect. Firefox will not even connect for me. I am using a wireless connection and IE just displays that the page cannot be displayed. This has happened since I updated. Any ideas?Anonymous
October 10, 2007
The comment has been removedAnonymous
October 10, 2007
Since i installed IE last update the browser didn't work... i can't access any websites... i had to use firefox and it works so the problem isn't the internet connection. What's happening?Anonymous
October 11, 2007
The comment has been removedAnonymous
October 11, 2007
After the update, I am now getting IE7 crashing everytime I visit some pages. Funny that when I log into windows live hotmail, I immediately get the "An unhandled win32 exception occured in iexplore.exe [2172]" (<- this is on a XP SP2 machine (laptop). On other XP machine, I am not getting this behavior. It is annoying that I am not able to read my hotmail on my laptop. Browing some other sites also randomly causes this same error. Yesterday, I disabled the JIT debugger, and forced to send logs to MS. Isn;t anyone hitting into this issue? When I specifially remove the update (KB939653), I am able to surf without a problem.Anonymous
October 11, 2007
@Ottmar: Please see http://blogs.technet.com/msrc/archive/2007/10/10/msrc-blog-additional-details-and-background-on-security-advisory-943521.aspx for more discussion.Anonymous
October 11, 2007
@Ivo Please see http://support.microsoft.com/kb/942818/en-us for the possible cause of the issue. @Eric Thanks, I've read the MSRC blog entry after posting my comment here. Anyhow "The final reason is we actually contributed to some of the confusion by providing an incorrect set of talking points to Heise." Ah ja, "incorrect set of talking points" says it all. Bye, FreudiAnonymous
October 12, 2007
The comment has been removedAnonymous
October 12, 2007
The comment has been removedAnonymous
October 12, 2007
We need a new versionnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn bring it on!!!!!!!!!!Anonymous
October 13, 2007
The comment has been removedAnonymous
October 13, 2007
@Ottmar: The URI handling issue is not related to the availability of IE7 on AU; as noted, the URI handling issue is a vulnerability in Windows, not IE.Anonymous
October 14, 2007
@Eric If it's not the URI handling issue which may be related to Windows and not IE7 bit is only present with IE7 beeing installed: What's the correct answer to the question, why IE7 isn't available on AU/WU/AU at the moment? TIA, FreudiAnonymous
October 15, 2007
Hi Eric, it's "unfair" to offer IE7 again via AU/MU/AU ;-) Honestly, I would have liked the idea to not distribute IE7 for Windows XP/2003 as long as the URI handling issue isn't fixed. FWIW, FreudiAnonymous
October 15, 2007
Is Digest Authentication broken after this update? My server challenges with the requisite 401/WWW-Authenticate but the new IE7 does not respond with the Authorization header! This used to work until last night, and my update seems to have gone on before I got in this morning! Can anyone throw light on the issue? I have Fiddler logs of the broken version if necessary... Please mail me at "john.azariah-at-gmail.com" if you think you can help or have the same issue. Thanks!Anonymous
October 16, 2007
Nice article on why MS ins't moving IE forward to use Web Standards. http://www.raizlabs.com/blog/?p=218Anonymous
October 16, 2007
1.) Quirks Mode, 2.) (business) 'Standards', and 3.) (actual) Standards modes. New rendering engine and a third opt-in mode. This makes the most sense right now I suppose but it's purely speculation. We know the XML declaration bug in IE6 was fixed in IE7 and you can run IE8 (speculation of course) in (business) standards mode with an XML declaration...if a true standards mode is being implemented then there would have to be either something present or not present to trigger this sort of true standards opt-in mode that Chris discussed earlier (thanks again to Tom for posting the clip). Keeping in mind that this is pure speculation if I was asked by Chris to take a good look at typical business sites and standards compliant websites and suggest common differences between business and standards site I would aim to make such a common difference possibly trigger a true standards opt-in mode. So in my mind the first few things I would look for on business sites are 1.) XML declaration, 2.) DTD declaration, 3.) xmlns XML namespace, all of which are present on my standards compliant website. If I wanted to look for a fourth I would personally detect if any child script elements in the body element though I think that would probably be over doing. Can anyone come up with a list of big business websites with IIS in the response headers using ASP/ASP.NET? Post some here, we can have a look at their clientside code, and maybe entertain ourselves for a bit. When people get bored with that please keep in mind Chris Wilson heads the IE team, not Microsoft and he has to plan in accordance to what the higher-ups dictate, not us.Anonymous
October 16, 2007
@John A. Bilicki III Why do you want links to IIS ASP sites? what is so special about their client side code? IMHO, ASP is usually a technology used by those that don't know about other options like Java and PHP. Or are you looking for badly generated tag soup? In which case you are likely right on target! The one thing to always remember though.. is that a given bussiness site might be "dying" to use a stricter doctype/coding on their site, but has been holding back due to bugs in IE. I personally haven't gone to an XML/XHTML declaration yet for exactly that reason. IE does a horrible job with DOM Attributes as it is with HTML, so I'm not updating to XHTML and namespaces until I know that IE is going to be ready to support them! normAnonymous
October 17, 2007
@Jazz: Haven't heard back from you.Anonymous
October 17, 2007
The comment has been removedAnonymous
October 17, 2007
@John A. Bilicki III: I think that sites using HTML4.01 Strict show more affection to standards compliance than those using (faux) XHTML.Anonymous
October 17, 2007
@Nicki See http://support.microsoft.com/kb/942818/en-us for a possible cause of the problem you have. Bye, FreudiAnonymous
October 17, 2007
After installing the October Updates we've got problems the the list of trusted sites. I deploy a list of trusted site by Grouppolicies. And every User can add additional sites. After the Update all Sites defined by the user are cleared and only the sites from the GPO is defined. Can somebody confirm this?Anonymous
October 18, 2007
Not sure if thats just me but they are releasing more "Stuff" those days !Anonymous
October 18, 2007
IE October Security Update is Now Available The IE Cumulative Security Update for October 2007 is now :)Anonymous
October 18, 2007
The comment has been removedAnonymous
October 18, 2007
The comment has been removedAnonymous
October 18, 2007
The comment has been removedAnonymous
October 18, 2007
The comment has been removedAnonymous
October 18, 2007
@ norm I picked up an ASP.NET book and discovered ASP.NET generates clientside code for you...really horrible code. These sort of books and this sort of "support" for clientside by serverside languages have really hurt professional web designers. @ Tino Your homepage is served as XHTML, uses text/html, contains document.write in JavaScript code completely located within the body element, and is lacking an alt attribute in order to validate. Since I (do not) have a(n) example(s) of your specialty in clientside code I am curious about why you think my XHTML 1.1 application/xhtml+xml, WAI AAA compliant site is faux?Anonymous
October 18, 2007
The comment has been removedAnonymous
October 18, 2007
The comment has been removedAnonymous
October 19, 2007
The comment has been removedAnonymous
October 19, 2007
The comment has been removedAnonymous
October 19, 2007
Everyone forgot IE7s birthday...Anonymous
October 20, 2007
Happy 1st Birthday IE7! Congratulations! You are now almost a member of the Modern Web Browser Club (MWBC)! To be a member of the MWBC, you'll need to start supporting DOM Properties & Methods properly, implement prototyping on DOM Objects, get some serious CSS support going, stop caching AJAX responses, fix Gamma on PNG images, fix favorites, printing, UI chrome issues, memory leaks, page zooming, deprecate security zones, active-x, & vbScript..... and we'll be glad to accept you with open arms! Congrats on the success so far! Only 1 more version to go, and you'll be there! Awesome! Can't wait for IE8, lets hope it gets here before Q3 2008! btw, any news on IE8? "we're listening"! Wow who would have imagined that 1 year after IE6 had died, that we would be this close! Excited with anticipation! MitchAnonymous
October 20, 2007
The comment has been removedAnonymous
October 20, 2007
It's been a YEAR now, and "Internet Explorer 7" is still only registering in the 30% range on most websites! Man, what could be wrong? Of course IE 7 is WAY better than IE 6 (I assume), but I guess people don't know that? It appears folks are still being heavily discouraged by webmasters from using IE. Why? Perhaps developers are still a bit traumatized by the whole IE 6 debacle? I think Microsoft's refusal to acknowledge and repair its rendering bugs in IE 6 must have damaged the trust people have in the product IE 6 developers figured out how to shut down their product's bug submission form, but alas doing so did not magically repair their bugs. Anyway, that's all. I'm done. But with errors.Anonymous
October 20, 2007
I've been having the ie7 icons covering the icons in the cd problem. I know that the icon size is the cause but is it possible to fix it? I would assume it be a problem with IE7 and not XP. And about the recent IE7 Update release (or re-release), do the current users uninstall the old release than install this new release? I read that the new release has another version number. ThanksAnonymous
October 21, 2007
The comment has been removedAnonymous
October 21, 2007
The comment has been removedAnonymous
October 21, 2007
@ John A. Bilicki III: I'm not sure which page you visited and perceived as being my homepage; besides my weblog I don't really have a homepage... If you're interested in my work please have a look at http://tweakers.net (still contains a lot of legacy code though) or http://gathering.tweakers.net (I redesigned the forum 3 years ago, but it is up for revision soon). My actual point was that people choosing a Strict DTD variant are often more well-informed than those using a Transitional variant (be it HTML or XHTML). As for 'faux XHTML' I actually did not meant your website in particular (although it may fall into that category). As you may know the fast majority of websites carrying an XHTML DTD don't even validate as XHTML or are not wellformed so they will fail when being sent as XHTML. The fact that they 'work' is all because they're being sent as text/html and thus are treated as HTML. Obviously those sites don't need the benefits of XHTML and thus XHTML is just the wrong choice. Some sites use accept-header negotiation, but even most of those sites just sent the same markup as text/html as they do for XHTML-capable clients (so there is no actual need to use XHTML in the first place). Even those sites that actually sent different documents often forget to vary on user-agent for proxies, causing loads of problems for clients behind (corporate) proxies.Anonymous
October 21, 2007
The comment has been removedAnonymous
October 22, 2007
Why was this not posted here! I can't believe it has taken a year to flush this little gem out! GET RID OF THE COMMAND BAR IN IE7! 1.) Open REGEDIT 2.) HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerCommandBar
- Create a new DWORD called "Enabled" with Value 0
- close regedit and restart IE7 Command Bar is Gone! This is very handy since with this useless toolbar removed, you can fit (+/-) 18 Tabs on the Tab row without having to scroll! There's also a registry item you can/should add to put the file menu back on top. (I'll post that one too if everyone doesn't already have that applied)
Anonymous
October 26, 2007
Hi, my name is Tariq Sharif and I am a program manager in the CardSpace team. After we released CardSpaceAnonymous
March 20, 2008
One problem with the original version of CardSpace was that it seemed to reject some legitimate SSL sites,