Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This morning we re-released three versions of our August 2006 cumulative security update (MS06-042). As I had written about before, the original release of MS06-042 introduced a new security vulnerability for IE 6.0 SP1 users which we addressed in a subsequent re-release. However, with the increased scrutiny this release received, a security researcher responsibly disclosed to us that a similar vulnerability was also discovered in IE5.01 on Windows 2000, IE 6.0 SP1 (in a different location), and the original release of Windows Server 2003 (not SP1). This re-release fixes that vulnerability.
This update is available through all of our normal release channels including Windows Update, Automatic Update, Download Center and our deployment tools such as WSUS. We recommend all affected customers install the update immediately. Users running Windows XP SP2, Server 2003 SP1 or any of the IE7 betas, IE7 Release Candidate 1, or Windows Vista are not affected and do not need to take action.
This release and the need for subsequent re-releases have certainly been a learning experience for us. This update cycle has not been an example of our best work, but as I mentioned earlier we have used this experience to improve our processes and increase transparency to ensure all of our releases are of the quality we expect and our customers deserve.
Tony Chor
Group Program Manager
edit: removed Download Center link
Comments
Anonymous
January 01, 2003
The hotfix for the popup window issue, described in MS KB 923996, has been made publicly available for download from Microsoft.
The URLs are:
For Windows XP SP2 - http://www.microsoft.com/downloads/details.aspx?FamilyId=FF9BC431-01F3-48E8-9A58-D701D2E60C1D&displaylang=en
For Windows Server 2003 SP1 - http://www.microsoft.com/downloads/details.aspx?FamilyId=4AE4AA58-97FB-4CCF-ABA4-F9271A9282E2&displaylang=en
For Windows Server 2003 SP1 (ia64-bit) - http://www.microsoft.com/downloads/details.aspx?FamilyId=E9E5A987-A833-45B7-9127-8B812B27F44C&displaylang=en
For Windows Server 2003 SP1 (x64-bit) - http://www.microsoft.com/downloads/details.aspx?FamilyId=2B7B1D5B-0B08-432A-B552-857997513476&displaylang=en
I hope this information is useful to some folks here.Anonymous
January 01, 2003
Hotfix 923996 available now in DownloadCenter.
For Windows XP SP2:
http://www.microsoft.com/downloads/details.aspx?FamilyID=ff9bc431-01f3-48e8-9a58-d701d2e60c1d
For Windows Server 2003 SP1:
http://www.microsoft.com/downloads/details.aspx?FamilyID=4ae4aa58-97fb-4ccf-aba4-f9271a9282e2
For Windows Server 2003 SP1 x64:
http://www.microsoft.com/downloads/details.aspx?FamilyID=2b7b1d5b-0b08-432a-b552-857997513476
For Windows Server 2003 SP1 Intanium Edition:
http://www.microsoft.com/downloads/details.aspx?FamilyID=e9e5a987-a833-45b7-9127-8b812b27f44c
FWIW,
FreudiAnonymous
September 12, 2006
Correct me if im wrong, but there is no new release (Sept 12th) for the issue discussed in http://support.microsoft.com/kb/923996/ for Windows XP SP2 with IE 6. (The latest version in general release).
We use SharePoint alot in our organisation and all our site administrators are encountering exactly this problem (as are we).
Why was this not fixed and re-released when the other V3 releases of MS06-042 were released?Anonymous
September 12, 2006
Hello,
 
This is Christopher Budd.  I wanted to take a moment to let you know that we've...Anonymous
September 12, 2006
always up grade sp1 if you know wat it is forAnonymous
September 12, 2006
http://blogs.msdn.com/ie/archive/2006/09/12/750815.aspx#750992
Marcus you are correct, you still have to call for that hotfix
I don't know why.Anonymous
September 12, 2006
Regarding hotfix 923996.
Why on earth isn't this hotfix included in this updated update for IE?? The hotfix was ready in August.
I just checked with Microsoft and we cannot release the 923996 hotfix on our website to our customers. Many of our customers is affected by this serious bug from Microsoft. This means that they all have to call Microsoft to obtain this hotfix.
I am very dissapointed with the way Microsoft has handled this bug and how hotfixes and updates to IE are released.Anonymous
September 12, 2006
OK, I just installed IE7 and freaked out! Please, oh please, make ALL TOOLBARS and ALL BUTTONS movable!!! It's SO FRUSTRATING not be able to move main menu over the address bar, or toolbar at the right corner of tabs bar to somewhere else... or favorites button to another toolbar... you get the point!Anonymous
September 13, 2006
I had to reinstall windows 98 se and know my printer won't install because I need a higher verson of internet exployerAnonymous
September 13, 2006
The comment has been removedAnonymous
September 13, 2006
Some of you guys can't stay on topic to save your life, haha. This topic has nothing to do with IE7.
I have to wonder how much more effective these complaints would be if they weren't all convoluted like this.
I'm going to go off topic for a second to illustrate my point. Several months ago I submitted a bug to Internet Explorer Feedback on Connect ( https://connect.microsoft.com/IE/ ). It was a bug concerning an application I wrote which wouldn't function properly when IE7 was installed. It took a few weeks, but Microsoft investigated the problem and contacted me about it. They pointed me to a solution, I fixed the problem in the application and my customers are happy again. Had I complained about it here, I would have never had that level of support.Anonymous
September 13, 2006
P.S.
The "Rules for Comments on the IEBlog" and "What We Talk About on IEBlog" links to the right explain it best.Anonymous
September 13, 2006
The Steve:
You forgot the most important rule of UI design, people don't read. If it looks like a textbox then they'll type in their complaint no matter what kind of rules are posted.Anonymous
September 13, 2006
a note about hotfix 923996...this hotfix has been applied to a number of our systems and are encountering a new problem as a result (javascript error regarding 'Permission denied..'). So it may be that further regression testing is going on before it's rolled into the cumulative update.Anonymous
September 13, 2006
The comment has been removedAnonymous
September 13, 2006
Simple Questions...
Does this issue affect Windows 2000 SP4 running IE 6?
It seems like a simple questions but when you start looking into the document, more and more you should become confused. In the re-re-release of this only the .dll's (urlmon) of Win 2003 were changed to reflect the current date of Sep-2006, no other .dll's were changed in Win 2000/XP.
When I read titles and caveats that say.."On September 12, 2006, this Security Bulletin and Internet Explorer 6 Service Pack 1, Internet Explorer 5.01 Service Pack 4, and Internet Explorer 6 for Microsoft Windows Server" is Win 2003 the only affect OS or should we be applying this patch to everything?
Thanks for any help..Anonymous
September 13, 2006
windows internet explorer for updateAnonymous
September 13, 2006
@Itsme
Have a look into the IE6.0sp1-KB918899-Windows-2000-XP-v3-x86-ENU.exe once again and don't be surprised to see the urlmon.dll in there beeing dated August 31th with file version 6.0.2800.1572. Version 2 of KB918899 for IE 6 SP1 included version 6.0.2800.1567 of urlmon.dll, dated on August 4th. Conclusio: version 3 of KB918899 updates IE 6 SP1 under Windows 2000 and Windows XP SP1 too and should be applied.
For Windows Server 2003 version 3 of KB918899 is relevant if you don't have applied SP1 for Windows Server 2003 yet.
Bye,
Freudi (who's quite wondering, why those revisions, at least version 3 of KB918899 which has been released on regular Patch Day doesn't show up with a new KB number and a "individual" Security Bulletin to minimize the foreseeable confusion)Anonymous
September 13, 2006
The comment has been removedAnonymous
September 14, 2006
Anyone having problems with WSUS or WSUS3 beta rolling out 918899 to Windows 2000 or 2000 server? WindowsUpdate.log shows numerous attempts to download but download fails. Ended up manually installing file that I copied from the WSUS3 beta contents directory so I know the download file is not corrupt.Anonymous
September 14, 2006
In Korean Win2K3 Ent, I can't run the IE 7.
First I downloaded IE7 from MS site.
Install the IE 7. it's correct. next reboot.
I tryed to log in.
The message appeared, that is (by translate to korean) "User32.dll System DLL realloc to memory. Applications has not to run not correct. "C:WindowsSystem32SHLWAPI.dll" DLL is allocated memory space reservced by Windows NT System DLL. You can receive ....."
Why the message appeared?Anonymous
September 15, 2006
Performance is also an issue comparing to Firefox browser.
Internet Explorer RC1 takes 30MB RAM space while firefox takes 19MB when opening only one tab with the page www.google.com.
I think Internet Explorer 7 is very friendly for users and feature-rich. But hope the performance could be better as well.Anonymous
September 16, 2006
PingBack from http://newsbreaks.net/archives/7172Anonymous
September 19, 2006
Next try, the first comment didn't make it through:
KB923996 has been released to the public via DownloadCenter the other day.
Bye,
FreudiAnonymous
September 19, 2006
update the internet explore 6.0Anonymous
October 02, 2006
PingBack from http://felitti.wordpress.com/2006/10/03/frases-tony-chor/Anonymous
July 26, 2008
PingBack from http://masonhome.gigazu.com/ie60.htmlAnonymous
May 29, 2009
PingBack from http://paidsurveyshub.info/story.php?title=ieblog-update-available-for-ie-5-01-ie-6-0-sp1-and-ie-6-0-on-serverAnonymous
May 31, 2009
PingBack from http://woodtvstand.info/story.php?id=4440Anonymous
June 15, 2009
PingBack from http://einternetmarketingtools.info/story.php?id=1269