IE 9.0.11 Available via Windows Update

  • 發行項

Microsoft Security Bulletin MS12-071 - Critical

This security update resolves three privately reported vulnerabilities in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

This security update is rated Critical for Internet Explorer 9 on Windows clients and Moderate for Internet Explorer 9 on Windows servers. For more information, see the full bulletin.

Recommendation. Most customers have automatic updating enabled and will not need to take any action because this security update will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually. For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871.

For administrators and enterprise installations, or end users who want to install this security update manually, Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service.

  • Tyson Storey, Program Manager, Internet Explorer

Comments

  • Anonymous
    November 15, 2012
    I currently have the IE10 Release Preview on Windows 7 which was recently released. Am I correct in assuming this vulnerability is not present in this version of IE? The security bulletin only lists IE10 for Windows 8/RT/Server 2012 in the non-affected list; the pre-release version of IE10 for Windows 7 does not appear to be listed anywhere on the page.

  • Anonymous
    November 15, 2012
    @Nacimota - Since Internet Explorer 9.0.11 is released on the same day as the IE10 Release Preview, probably, this is already patched.

  • Anonymous
    November 15, 2012
    The comment has been removed

  • Anonymous
    November 15, 2012
    Not showing up for me??? Windows 7 X64, IE 9.0.8, All updates installed

  • Anonymous
    November 16, 2012
    The comment has been removed

  • Anonymous
    November 17, 2012
    I have a question about future browser versions. In the Compatibility View settings menu, the option "Display intranet sites in Compatibility View" defaults to checked.  Will there be a future version of Internet Explorer, perhaps IE11, which keeps the option but has a default setting of unchecked? I hope so, it will help intranet applications shift to web standards, and allow them to do so at their own pace. Many thx.

  • Anonymous
    November 17, 2012
    The comment has been removed

  • Anonymous
    November 17, 2012
    @WbDvlpr, IE complies with W3C and ECMA (JavaScript) standards. In fact, Microsoft is one of the first organizations complying with these standards back in 1997 (when W3C was established at the time of IE4). And you consider yourself as a "web developer"? For starters, try out the official ECMA test http://test262.ecmascript.org/ on every browser you know of and compare the conformance results. As of today, the scores out of 11571 are: IE10: Pass: 11563 | Fail: 8 Firefox 16.0.2 Pass: 11400 | Fail: 171 See how IE punched Firefox in the face?

  • Anonymous
    November 17, 2012
    id like to know how/what changed to intruduce this secuirty bug into ie9 since ie8 was not effected etc that be intresting to know

  • Anonymous
    November 17, 2012
    The comment has been removed

  • Anonymous
    November 19, 2012
    How many usability experts does it take to determine Windows 8 is an Epic Failure? Just 1. www.useit.com/.../windows-8.html Jakob Nielson breaks down all the flaws with Windows 8 and indicates how it is a major regression for everything Microsoft ever did to make Window(s) a great platform. Its just sad that Microsoft threw away years and years of research just to get a tablet to market and try and gain some traction.

  • Anonymous
    November 19, 2012
    I don't understand your team. Please check this. social.msdn.microsoft.com/.../051888c4-0bb9-45ee-9770-eae814c33702

  • Anonymous
    November 19, 2012
    Will memory usage be improved in IE10 for Win7? Right now it shoots up to 1gb+ in an hour or so of browsing. It seems to never empty any displayed content from memory, or it's just leaking ram outright (I haven't tested for that). IE9 used much less memory. Also, there is a bug when if IE runs out of video card ram, it'll start drawing blank graphics and images will just display the "not loaded" empty frame. This happens in IE9 too.

  • Anonymous
    November 19, 2012
    The comment has been removed

  • Anonymous
    November 19, 2012
    It's pretty obvious you're trolling

  • Anonymous
    November 20, 2012
    I have a new computer and want to access BBC iplayer but havbe not got the p[rogram to do it please help

  • Anonymous
    November 20, 2012
    Only strawman criticism gets past moderation here?

  • Anonymous
    November 20, 2012
    @Jackie: That test is incomplete, as it says, and only for ECMAScript. For a more complete picture of HTML5 support, see http://caniuse.com/ or html5test.com/.../desktop.html

  • Anonymous
    November 20, 2012
    Personally, my biggest frustration with the IE team is the complete disregard for HTML5 Forms support.

  • Anonymous
    November 20, 2012
    lol @ html5test.com tests showing "complete" picture. Please. Go educate yourself first.

  • Anonymous
    November 20, 2012
    Good question, IE9 memory usage wasn't great for me after it had been open a while, but IE10 is looking even worse so far on Windows 7, not sure how it is on Windows 8.  It used to be Firefox that had the bad reputation for memory usage but for me current versions of Firefox seem to use much less memory than IE10.  Hope there will be some improvement before final version, but since IE10 doesn't have as far as I know any equivalent to about:memory it is much more difficult for anyone outside the dev team to try and help track down the issues.

  • Anonymous
    November 20, 2012
    @Brianary - While they have implemented a lot (half? maybe more? not sure) of HTML5 Forms, which is a very good start - I agree that Internet Explorer still lacks a lot HTML5 Forms support.

  • Anonymous
    November 20, 2012
    *a lot of

  • Anonymous
    November 20, 2012
    The biggest failure was Microsofts lack of an HTML5 date control! I would not have even shipped a single tablet without it! That's the major product failure. (Well that and the usability failures of a dual OS with zero discoverability in the one that is brand new! -- Steve Krug would slap you with a wet fish if given the chance!)

  • Anonymous
    November 21, 2012
    The comment has been removed

  • Anonymous
    November 21, 2012
    @casey technet.microsoft.com/.../ff852094.aspx read that also not all crashes are a secuirty exploit

  • Anonymous
    November 21, 2012
    I said "more complete". As in "more complete than an incomplete test of a small part of the specs that make up HTML5." Please educate me! Or at least let me know what you're on about.

  • Anonymous
    November 21, 2012
    @PhistucK: Yes, I'm glad validation, datalist, several new form CSS selectors, autofocus, pattern, and placeholder will be in IE10 for future generations. There isn't any sign of date inputs (!), scoped styles, or oninvalid eventing, though. Unfortunately, my organization is still using IE8.

  • Anonymous
    November 21, 2012
    The comment has been removed

  • Anonymous
    November 21, 2012
    Probably due to a long standing known issue with comments here that MS doesn't seem interested in fixing.  If you are not signed in and have had the blog page open for too long, any comment you enter will be lost.

  • Anonymous
    November 21, 2012
    okay all rights

  • Anonymous
    November 23, 2012
    I am running Windows 8 pro

  • Anonymous
    November 26, 2012
    After upgrading IE to 9.0.11, a couple of my pages get an alert at the bottom "A problem displaying localhost caused internet explorer to refresh the webpage using compatibility view", and it refreshes my page using compatibility view. This is not acceptable for the end user, not only it refreshes the page, but when working with tabs or jquery dialogs, it loses track of where the user was. IE 9.0.10 works fine. I have nothing special in my page besides some simple jquery, jquery ui controls, and in one of those 2 pages I have a RadAjaxPanel and a RadScriptBlock. The rest of the pages are working fine. Any ideas of what could be causing this or what should I look for in my code? Thank you!

  • Anonymous
    November 26, 2012
    Are there any non security updates in in this update?

  • Anonymous
    January 09, 2013
    After a pc crash, restored pc to original factory condition.  IE 7 is installed on Windows Vista Home Premium.  I have tried several times to download IE 9 without success.  Error: IE not supported ...get updates.  After getting windows updates, still unable to download IE 9.  Now I am not receiving all emails sent to me.  Should I download IE 10 instead?  Please advise.