IE April Security Update Now Available

The IE Cumulative Security Update for April 2009 is now available via Windows Update or Microsoft Update.

This update addresses four privately reported vulnerabilities and two publicly disclosed vulnerabilities. The security update addresses these vulnerabilities by modifying the way that Internet Explorer searches the system for files to load, performs authentication reply validation, handles transition errors when navigating between Web pages, and handles memory object. For detailed information on the contents of this update, please see the following documentation:

• Microsoft Security Bulletin MS09-014
• Microsoft Knowledge Base Article 963027

This security update is rated Critical for Internet Explorer 5.01 and Internet Explorer 6 Service Pack 1,  Internet Explorer 6, and Internet Explorer 7 running on all supported editions of Windows 2000, Windows XP and Windows Vista.  For Internet Explorer versions running on all supported editions of Windows Server 2003 or Windows Server 2008, the update is rated Important.  For Internet Explorer Beta products, download locations are available in the Knowledge Base Article. 

IE security updates are cumulative and contain all previously released updates for each version of Internet Explorer.

I encourage everybody to download this security update and other non-IE security updates via Windows Update or Microsoft Update. Windows users are also strongly encouraged to configure their systems for automatic updates to keep their systems current with the latest updates from Microsoft.

Terry McCoy
Program Manager
Internet Explorer Security

Comments

• Anonymous
  January 01, 2003
  It's pleasing that this critical security update finally arrived after a long wait.

• Anonymous
  April 14, 2009
  PingBack from http://microsoft-sharepoint.simplynetdev.com/ie-april-security-update-now-available/

• Anonymous
  April 14, 2009
  ...and this is why IE8 should be opt-OUT by default.

• Anonymous
  April 14, 2009
  Is IE8 RTW (on all systems?) not affected by those issues? One more reason I'll install it on every computer I come across then.

• Anonymous
  April 14, 2009
  The comment has been removed

• Anonymous
  April 14, 2009
  The comment has been removed

• Anonymous
  April 14, 2009
  @Korina On your start menu, go to (all) programs, then accessories, then system tools, and find "Internet Explorer (No Add-ons)". Try running that and see if it works. If it does, then you have a bad add-on. You'll want to go into the manage add-ons interface and disable the bad add-on. To track it down, you can disable all of them, and then start enabling them until internet explorer starts acting up again. If that doesn't work, then you've got other issues with your install. You might have a malware infection.

• Anonymous
  April 14, 2009
  Thanks so much.  Will give that a try, think it could be Malware though.  What would the best course of action be if it is Malware? Thanks.

• Anonymous
  April 14, 2009
  @Korina A Windows reinstallation. Some might suggest getting some malware cleaning tools, but you should really be an advanced user to know how and which one(s?) to use... and even then, there's no 100% guarantee it will work. The best course of action would be (in that order) - back-up your data, reinstall Windows (or ask someone else to do so if you can't), install IE8, go to Windows Update and download all updates, install antivirus software. I'd reccomend Avira AntiVir as a good free antivirus (there are many payed ones, including ones from Avira, but I don't have an opinion as to which is best), update the antivirus, scan your system for malware, and if all is OK, restore your data.

• Anonymous
  April 14, 2009
  Thanks so much for your help. :-)

• Anonymous
  April 14, 2009
  Sadly, every problem IE8 has on users are caused by 3rd party add-ons, toolbars and other silly extensions.

• Anonymous
  April 15, 2009
  Yet, it is still IE's fault, SiSL. Reliability of its extension model is Microsoft's responsibility.

• Anonymous
  April 15, 2009
  "For Internet Explorer Beta products, download locations are available in the Knowledge Base Article." What beta products? There aren't any beta products anymore... OR ARE THERE? 8=]

• Anonymous
  April 15, 2009
  @John A. Bilicki III You think the IE8 should be OPT-out by default because it is not affected by any of the security isues in this bulletin ?

• Anonymous
  April 15, 2009
  @Roman Windows Vista SP2 and Windows 7 are both still in Beta.

• Anonymous
  April 15, 2009
  @boen_robot Internet Explorer 8 is not affected by any of the vulnerabilities addressed in this release.

• Anonymous
  April 15, 2009
  hmm, did someone say firefox...?

• Anonymous
  April 15, 2009
  The comment has been removed

• Anonymous
  April 15, 2009
  Why is IE8 jerky when viewing some animeted gif files like this one: http://i43.tinypic.com/302p18x.jpg

• Anonymous
  April 15, 2009
  This update addresses four privately reported vulnerabilities and two publicly disclosed vulnerabilities. Thanks for the great stuff.

• Anonymous
  April 15, 2009
  The comment has been removed

• Anonymous
  April 15, 2009
  Thanks for telling about the IE security updates. I will install it for better performance of computer.

• Anonymous
  April 15, 2009
  @hAL IE8 should download by default where (from the wording) you have to opt-in. Unless I've got it backwards? But yeah if people were updated to the latest versions of their software (minus corporates who used the delay tool or whatever) things would be better overall.

• Anonymous
  April 16, 2009
  Than I understand what you mean. In fact I noticed on the combination of Vista with IE8 there was no critical security update this month for me to download. Mayby make Vista an mandatory update as well...

• Anonymous
  April 16, 2009
  Why is Internet Explorer so far behind Google Chrome?  I'm not a Google fan at all but, come on, it is just so much more intuitive to use and the interface just looks so much nicer.  Please, your next browser has to really up the ante - IE8 just doesn't cut it.  Why doesn't it automatically provide search suggestions?  

• Anonymous
  April 16, 2009
  The comment has been removed

• Anonymous
  April 16, 2009
  Application error caused by iexplore.exe module urlmon.dll ver 8.0.6001.18702 error address: 0x0003e819 0000: 41 70 70 6c 69 63 61 74   Applicat 0008: 69 6f 6e 20 46 61 69 6c   ion Fail 0010: 75 72 65 20 20 69 65 78   ure  iex 0018: 70 6c 6f 72 65 2e 65 78   plore.ex 0020: 65 20 38 2e 30 2e 36 30   e 8.0.60 0028: 30 31 2e 31 38 37 30 32   01.18702 0030: 20 69 6e 20 75 72 6c 6d    in urlm 0038: 6f 6e 2e 64 6c 6c 20 38   on.dll 8 0040: 2e 30 2e 36 30 30 31 2e   .0.6001. 0048: 31 38 37 30 32 20 61 74   18702 at 0050: 20 6f 66 66 73 65 74 20    offset 0058: 30 30 30 33 65 38 31 39   0003e819 0060: 0d 0a       IE8 crashes opening sites like www.vonage.com I'm using Flash Player 10.0.22.87. IE8 crashes launching it in "no addons" mode too.

• Anonymous
  April 17, 2009
  Make the following UI changes in IE8 or IE9 The Back and Forward button should have Favicon inside the Circle buttons If the page doesn't have a favicon the default should be a circle Node not an arrow. The Home icon should be a Circle with a favicon also.

• Anonymous
  April 17, 2009
  @ Michael Wez i disagree the arrow is far more usefull

• Anonymous
  April 17, 2009
  The comment has been removed

• Anonymous
  April 17, 2009
  @Dan, i uploaded it as a gif file but i guess tinypic changed extension or something. open it up in firefox 3 and see how faster it is compared to IE8.

• Anonymous
  April 17, 2009
  @Olivier: I have this problem on two machines (XP and Vista). It seems to be a quite common issue: http://www.google.com/search?q=urlmon.dll+0003e819

• Anonymous
  April 17, 2009
  @JD Which security/anti-malware software are you using ?

• Anonymous
  April 17, 2009
  Simply Avira Antivir PE, Advanced System Care 3 and SpyBot 1.62

• Anonymous
  April 17, 2009
  The comment has been removed

• Anonymous
  April 17, 2009
  The comment has been removed

• Anonymous
  April 18, 2009
  @JD Both Spybot and Advanced Systems Care can overpopulate your restricted sites list. Have you switched of the features of both tools doing that and emptied your IE8 restricted sites list ?

• Anonymous
  April 18, 2009
  @Anonymous your instructions will make IE8 unsafe. Don't follow them.

• Anonymous
  April 18, 2009
  April 17, a little before midnight, Microsoft update on Vista; many applications no longer work, control panel is empty, cannot access internet from that machine. Sending this on a Mac! I am restoring to previous date and hoping for the best. Not the first time an update has such an effect. Why can't Microsoft test its updates properly before letting them loose o the world?

• Anonymous
  April 18, 2009
  Francine, rather than whining on the IE team's blog, you should probably contact Microsoft Product support, since they can actually help you.  http://support.microsoft.com

• Anonymous
  April 18, 2009
  IE7 on Win XP after install MS09-014 don't work. IE7 display blank window for any web sites, in XP the Guide and Support is impossible and is display the error mshtml.dll image not valid. If uninstall the MS09-14 all rework fine.

• Anonymous
  April 18, 2009
  The comment has been removed

• Anonymous
  April 18, 2009
  Stefan, the moderators are probably going to come delete your comment; foul language (even self-censored) violates the standards of this blog. You almost certainly have a buggy addon or possibly are using SpyBot, and that's causing your performance issue. IE8 is faster than IE7.

• Anonymous
  April 18, 2009
  @hAL: I just verified that the problem refers to Zedo (www.zedo.com). When Zedo is in "Restricted Sites" list IE8 crashes. I had no problem with IE7. WHY IE8 CRASHES? As I said, these crashes with pages that use Zedo code seem quite common!

• Anonymous
  April 18, 2009
  @JD I added *.zedo.com to the restricted sites (it was the only entry) restarted IE8 and visited vonage.com with out crashing. I can still visit zedo.com though (seeing restricted sites in the status bar). Your anti malware software might use the resitricted sites list in IE8 as a blocking list and have more strict blocking on it ?

• Anonymous
  April 20, 2009
  @JD : ok, I didn't know the problem was from zedo.com which was blocked on my computer. I unblocked it and added it in the restricted sites. Visiting zedo.com is OK. Visiting vonage.com is impossible : domain blocked by my company... :-/ I'll try tonight at home. PS : On this computer I've Spybot 1.6.0.

• Anonymous
  April 20, 2009
  We are using Zedo.com to show adv banners on our website. We are also receiving some e-mail from readers that cannot access our website with IE8 final (the browser always crashes). The clients use many configurations (for example many totally different Internet security suite) so we weren't able to establish the offending application/libraries/functionalities... However we know that removing *.zedo.com and www.zedo.com from IE8's restricted sites list, users can visit our website with IE8 again. If they add *.zedo.com and www.zedo.com, IE8 crashes again. We were not able to reproduce the issue. :(

• Anonymous
  April 20, 2009
  The comment has been removed

• Anonymous
  April 20, 2009
  @Glen To remove all sites from the restricted sites list: http://www.mvps.org/winhelp2002/DelDomains.inf

• Anonymous
  April 21, 2009
  The comment has been removed

• Anonymous
  April 21, 2009
  Thank you so much Laurence!! Removing zedo.com from restricted sites, IE8 does not crash anymore. BUT WHY DOES IE8 CRASH WITH A SUCH SETTING? I never experienced this trouble with IE7 and IE8 RC. I'm using PC Tools Interne Security (6.0.0.383)