July 2013 Internet Explorer Updates

  • 發行項

Microsoft Security Bulletin MS13-055 - Critical

This security update resolves seventeen privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited the most severe of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

This security update is rated Critical for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, and Internet Explorer 10 on Windows clients and Moderate for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, and Internet Explorer 10 on Windows servers. For more information, see the full bulletin.

Recommendation.  Most customers have automatic updating enabled and will not need to take any action because this security update will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually. For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871.

For administrators and enterprise installations, or end users who want to install this security update manually, Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service.

Microsoft Security Advisory (2755801)

Today, we also announced the availability of an update for Adobe Flash Player in Internet Explorer 10 on all supported editions of Windows 8 and Windows Server 2012. The details of the vulnerabilities are documented in Adobe security bulletinAPSB13-17   

The update addresses vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10.  For more information, see the advisory.

Most customers have automatic updating enabled and will not need to take any action because this update will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually. For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871.

— Ceri Gallacher, Program Manager, Internet Explorer

Comments

  • Anonymous
    July 09, 2013
    How to enable plugins in pinned sites? Youtube started showing 2 minute longs ads before all videos so viewing anything without adblock is impossible, but you made it impossible to use adblock...

  • Anonymous
    July 09, 2013
    Thanks for the updates. It is nice to know that vulnerabilities are being managed.

  • Anonymous
    July 09, 2013
    To Blink and Webkit fanboys, look at that ***: cpcbox.com/blink-bug.htm At least, IE stays on its feet there.

  • Anonymous
    July 09, 2013
    This one is good too: http://cpcbox.com/bench.htm Chrome is completely crushed by IE and Firefox!

  • Anonymous
    July 09, 2013
    جزاكم الله خيرا

  • Anonymous
    July 10, 2013
    @IE4ever It's not really surprising if Chrome does badly on http://cpcbox.com/bench.htm since it was apparently created as a test case for this bug report: code.google.com/.../detail The only thing that may be slightly surprising is that it's still doing badly on it, since it was reported last summer. But they gave it medium priority, so I guess they figured it doesn't have that much impact in most cases. I wouldn't know, I don't use Chrome much myself. (I hope this doesn't turn up twice. I tried posting it the first time hours ago.)

  • Anonymous
    July 10, 2013
    OK, here's an interesting problem. I've previously had Windows running with UAC disabled. I've then enabled UAC, and all cookies, DOM Storage, and my previous browser session was forgotten by IE. How would I go about recovering all of these? I could find the previous session of tabs after looking around in AppDataLocalMicrosoftInternet ExplorerRecovery, and I can selectively restore the DOM Storage for one site by copy over files from LocalMicrosoftInternet ExplorerDOMStore to LocalLowMicrosoftInternet ExplorerDOMStore, But, is there a way to copy over everything in one go? Something indexes the cookies and the contents of the stuff under Local (non-uac) and LocalLow (uac), because simply copying files over from one to the other does not work, only selectively.

  • Anonymous
    July 11, 2013
    @Arieta: Alas, no, there's no supported or automated process for migrating all of the browser's forms of state between Integrity Levels or AppContainer levels.

  • Anonymous
    July 13, 2013
    internet explorer

  • Anonymous
    July 15, 2013
    The comment has been removed

  • Anonymous
    July 15, 2013
    By the way, I just found this; it might be helpful in tracking those handle leaks. home.wanadoo.nl/jsrosman

  • Anonymous
    July 16, 2013
    Please fix your drag n drop bugs! Focus on the conformance tests you are still missing.

  • Anonymous
    July 16, 2013
    Can we get confirmation that there is a fix coming for the [X,Y] coordinates thing that your latest patch broke? It is fine if you want to hide coordinates outside the browser viewport but not returning them anywhere within the browser viewport is just ridiculous and is causing lots of frustration for developers (especially now that IE10 has auto update enabled!) Auto Updates are great but you should really TEST your patches thoroughly before releasing them in the wild. You failed on 3 levels! 1.) MSFT Developers didn't test their code properly 2.) MSFT QA Testers didn't catch the bugs introduced 3.) MSFT Managers let this patch release go out with neither of the 2 items above being covered!

  • Anonymous
    July 17, 2013
    The comment has been removed

  • Anonymous
    July 17, 2013
    The comment has been removed

  • Anonymous
    July 19, 2013
    @Guest I just noticed that even on Windows 7 the IE10 browser adds that gray background on active links.  Not just ugly, but totally un-necessary. Once again Microsoft keeps messing things up!

  • Anonymous
    July 20, 2013
    @Guest & @Steve: Thank you for your  feedback and kind words of encouragement. When you upgrade to IE11 you'll be happy to note that we've removed the default active highlight for mouse interaction (we've kept the background highlighting for touch to let users disambiguate the active link).

  • Anonymous
    July 20, 2013
    @pmbAustin: I'm not a member of the Twitterati, but several members of the IE team are. I've filed a bug to see if one of them can reproduce the problem you've described in IE10 and IE11. One thing that I'd always recommend is that you let the site know in case the problem's on their side. I presume (without investigation, mind you) that their support team is only a tweet away :)

  • Anonymous
    July 21, 2013
    Yawn. More security fixes. That's good and all, but how about fixing some regular bugs as well? Then webdevelopers don't have to deal with IE8/IE9/IE10 weirdnesses (which there are a WHOLE FLIPPING LOT of) till the end of time. That, or update the browser with a whole new version every six weeks on every platform from Windows XP and up. Ha, like that's gonna happen. At least Mozilla and Google pull it off, why can't Microsoft?

  • Anonymous
    July 21, 2013
    @Martijn - Actually, one of the posts states that Internet Explorer will not be ported to older version, simply because some features rely on improvements that were only implemented (or backported) to the supported operating systems (Windows 7 and later). Instead of supporting everything in every platform, other browsers support only what is possible to support and so fragmentation happens between operating systems in the same browser version. For example, WebGL was not supported in Windows XP for some time, at the beginning.