IE December Security Update Now Available

The IE Cumulative Security Update for December 2009 is now available via Windows Update or Microsoft Update.

This security update resolves four privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer.  The security update addresses these vulnerabilities by correcting the control and by modifying the way that Internet Explorer handles objects in memory.  For detailed information on the contents of this update, please see the following documentation:

• Microsoft Security Bulletin MS09-072
• Microsoft Knowledge Base Article 976325

This security update is rated Critical for all supported releases of Internet Explorer: Internet Explorer 5.01, Internet Explorer 6, Internet Explorer 6 Service Pack 1, Internet Explorer 7 (except when running on supported editions of Windows Server 2003 and Windows Server 2008), and Internet Explorer 8 (except when running on supported editions of Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2). For Internet Explorer 7 and Internet Explorer 8 running on Windows servers as listed, this update is rated Moderate.

IE security updates are cumulative and contain all previously released updates for each version of Internet Explorer.

I encourage everybody to download this security update and other non-IE security updates via Windows Update or Microsoft Update. Windows users are also strongly encouraged to configure their systems for automatic updates to keep their systems current with the latest updates from Microsoft.

Billy Rios
Program Manager
Internet Explorer Security

Comments

• Anonymous
  January 01, 2003
  i just wish the rss update issue would get fixed. my feeds will not update after i resume from sleep mode and i get tired of having to disable and enable msfeedsync so they will update on schedule, instead of 12 hours from now. this has been going on for a year now. please release the fix, that supposedly was checked in 3 months ago.

• Anonymous
  January 01, 2003
  thanks for your reminding

• Anonymous
  January 01, 2003
  Thanks for this. I got the automatic update, and I'm happy with the new features you have added, and the troubleshooting that was done.

• Anonymous
  January 01, 2003
  very nice...thanks for sharing..

• Anonymous
  December 08, 2009
  Thanks for sharing this update to ensure the safety of the IE users, in addition of windows security add-ons. In this regard, many users of IE now trust its service. Thanks to it.

• Anonymous
  December 08, 2009
  Thank you very much for sharing this update. By the way, how are you doing with SVG support in IE? Any plans , roadmaps ?

• Anonymous
  December 08, 2009
  IE Team, please fix the closures issue. No other browser has problems with their DOM and JS engines not talking to each other.

• Anonymous
  December 08, 2009
  Let me just speak for everyone who reads this blog:- Microsoft, fix every single issue with IE right now please. Microsoft, please add every feature that Chrome, Safari, Opera and Firefox have please.  Now would be good. Microsoft, please set in stone your plans and timetables for IE 9 and don't you dare change them without writing to everyone first.  Sometime around now would be good. SVG and rounded corners!!!  In the next update please. Did I forget anything? :-) (Yes I'm being completely sarcastic, I just get tired of hearing the same comments on posts that have nothing to do with those topics so I thought I'd just get it over with.)

• Anonymous
  December 08, 2009
  Phil: You forgot a few important ones. We need HTML6 support and CSS4. Backported to IE6, as well.

• Anonymous
  December 09, 2009
  Hi MSFT, I'm not sure which plugin is doing this but I'm finding in our in-house web app that IE8 will randomly open popup windows (as intended) but not "fetch" the page. (e.g. no HTTP Get request is ever sent (checked with Fiddler)) (so all you get is a blank white page) It is totally random, and the same link pasted elsewhere works fine and the popup works fine in all other browsers and IE6 and IE7. However once it does happen, loading that popup page will fail repeatedly until the browser is closed and restarted. There is no JS error (on the popup or the opener) I'm going to try turning off all addons and slowly re-introduce them but its a pain due to the random nature - I can only "verify" if the issue happens, not if an addon is "clean". Have other developers reported any issues like this? Since I've really only started seeing this in the past 2 months I suspect one of the developer addons like:

• AOL pagetest
• DynaTrace AJAX edition
• MyFast (MySpace YSlow equiv.)
• Google pagespeed
• IE developer toolbar (I don't think this has changed much recently - I'm just trying to use it more now to debug)
• Fiddler2 (I got some updates for this recently) I'm not finger pointing (I don't care which addon it is) I would just like to be able to isolate and remove the glitch from my dev environment(s) and test beds. Thanks Joel

• Anonymous
  December 09, 2009
  @Matt - Darn, you're right!  I did forget those - oh, and the ability to have IE 3, 4, 5, 5.5, 6, 7, 8 and 9 installed simultaneously without any kind of dll conflict.   Migrate to webkit too, in your own time MS, but now would be good :-) I bash MS just as much as anyone else but sometimes I do feel kinda sorry for Dean and Eric and the stuff that gets hurled to them on here, so hopefully my posts today have put a little smile on their faces.  Now get back to work, slackers :-)

• Anonymous
  December 09, 2009
  The comment has been removed

• Anonymous
  December 09, 2009
  The comment has been removed

• Anonymous
  December 09, 2009
  The comment has been removed

• Anonymous
  December 09, 2009
  The comment has been removed

• Anonymous
  December 09, 2009
  Hi Eric, It crashes in no-addons mode too with smartscreen filter turned on. This is the error message in windows event logs: Faulting application iexplore.exe, version 8.0.6001.18865, time stamp 0x4b077416, faulting module mshtml.dll, version 8.0.6001.18865, time stamp 0x4b078a9b, exception code 0xc00000fd, fault offset 0x000d6a3b, process id 0x6dc, application start time 0x01ca796afa055abe.

• Anonymous
  December 09, 2009
  Hello Guys, I am see many IE8 freezes in IE since the patches were installed yesterday.  I'm even seeing issues with Firefox freezing.  My son, who has a similar Win7 x64 system, is also seeing IE8 freeze issues and also his viewer for Second Life now hangs also??  Great patch to end the year with??

• Anonymous
  December 10, 2009
  Hello Chuck, My IE8 browser also freezes when I launch that link to the Buzzen Chat.

• Anonymous
  December 10, 2009
  Hello Chuck, My IE8 also freezes when I launch the link to the Buzzen chat.

• Anonymous
  December 10, 2009
  The comment has been removed

• Anonymous
  December 10, 2009
  The comment has been removed

• Anonymous
  December 10, 2009
  @Phil, You also forgot to mention APNG support. :P (which, coincidentally, Opera and Firefox already support. ;)

• Anonymous
  December 10, 2009
  The comment has been removed

• Anonymous
  December 11, 2009
  The comment has been removed

• Anonymous
  December 11, 2009
  I think IE 8 works much better in Vista than in XP,dont no about 7,we all know how IE 8 is slow  and how new tab takes all the time in the world to open in XP and dont forget the crash we often face.That's one of the primary reason for the low percentage of people using IE-8.So no matter how much better you make the browser you have to either do one of two things,One make it work in XP,or ask people dump XP which is unlikely in near future

• Anonymous
  December 11, 2009
  A little question: when installing IE 8 on Windows XP, I get asked to download the latest updates for IE. This is all well and good, but Jscript 5.8 updates don't get pulled in... Is that normal? I'd also like to know if IE 9 will be ported to WinXP; eventhough Direct2D will be used on Vista and Seven, I don't think it'll work when either of these will support Direct2D in safe mode - and a browser that is unusable in safe mode is useless. So, there must be a gdi+ fallback mode... And IE 9 in XP.

• Anonymous
  December 11, 2009
  Raghupathy: You are confused. IE8 is currently web browser most commonly used, and IE6-8 have twice the marketshare of all of the competition combined. IE8 works well on XP.

• Anonymous
  December 11, 2009
  @Eric Law - it looks like I'm far from alone in experiencing IE issues with blank pages. Steve W. pointed out this site: http://iefaq.info/index.php?action=artikel&cat=42&id=133&artlang=en That has a registry script to fix IE.  It looks "decent".  Is there any chance you can review/endorse this?  If not, any chance you can identify which registry items are valid (e.g. to check for) In the mean time I disabled all my addons - I can't figure out how to uninstall them - I did find a [Remove] button inside a [more information] link for each addon but it was disabled for each I tried. PS I run with admin rights so I'm not sure why I can't remove them. I haven't re-seen the bug yet, but its only been 2 minutes so far. thanks Joel

• Anonymous
  December 11, 2009
  Ever since i upgraded to this Security update every click to change page generates this popup: This page has an unspecified potential security risk, would you like to continue. It is very annoying and time consuming, any fix?.

• Anonymous
  December 11, 2009
  @George: Try clicking Tools / Internet Options / Security / Reset all zones to default level.

• Anonymous
  December 12, 2009
  The comment has been removed

• Anonymous
  December 12, 2009
  Uh-oh. Just found a typo in my post. In the first sentence I meant they're, not 'there're'. I'm not sure if people will make sense of the last sentence.

• Anonymous
  December 13, 2009
  I'm happy is passes the Acid3 test with a score of >30. Good news for webdevvers.

• Anonymous
  December 13, 2009
  @Facings tanden - IE9 does NOT "pass" the Acid3 test.  Passing that test would require a grade of 100% a mark which IE is not even half way close to achieving. IE9 looks from the previous blog post to be advancing in its support of Web Standards however MSFT hasn't clarified how the mode setup will work in IE9, which is very important.  When IE8 was released it forked the logic from the old Quirks/Standards split to Quirks/Standards/IE8 Standards. IE9 will now present 4 rendering modes: [Quirks/Standards/IE8 Standards/IE9 Standards] I hope that MSFT seriously reconsiders this approach and changes to cover: [Quirks/Legacy Standards/Standards] All other browsers have just Quirks/Standards and are beautiful to code against... add a Doctype and you are in Standards mode - plain and simple. I'm tired of developing for all the issues in IE - I don't want to have to do this anymore. We're dropping support for IE6 in the new year (2010), and dropping support for IE7 in 2011.  Financially and mentally supporting old versions of IE is just not viable any more when there are plenty of alternate browsers that don't suffer from the years of unfixed bugs that IE does. Can't wait for 2010!

• Anonymous
  December 13, 2009
  @harold Stop whining. If your job is too difficult for you do something else.

• Anonymous
  December 13, 2009
  @nobody - why should @harold not state his case? I love programming web apps - and if I had millions of dollars I'd still program more web apps.... but I certainly don't and would not enjoy making them work in IE. Programming for Safari, Firefox & Chrome is a piece of cake.  IE8 running in "better" standards mode is tolerable but IE7 and IE6 are like trying to program web apps to run on Netscape 4.x - just plain horribly annoying. As I said - I love programming for the Web - but programming for IE is a PITA - plain and simple.  I'm not gonna change career paths due to and end-system that can't keep up.  I'll support it as long as the money allows me to but I'll be dropping support just like @harold as soon as it no longer makes sense (which by most predictions will happen in 2010) Mike

• Anonymous
  December 14, 2009
  @thecrochunter: Failing to install updates is a bad idea; you're putting the system at risk from a security point-of-view, and you'll never get any fixes for known crashing bugs. In terms of troubles with updates-- while we investigate any reported issues, it's important to take such reports with a grain of salt-- every Windows Update is successfully installed without any problem by many hundreds of millions of users. For some users, the reboot to finish installing the patches is the only reboot they've done for many weeks, and the reboot itself may have the side-effect of revealing a configuration problem that occurred weeks ago.

• Anonymous
  December 14, 2009
  I wish you guys would make a totally new browser like Safari or Chrome, built to be fast fast fast, won't crash, supports HTML5 and all web standards, doesn't use anything  proprietary, etc.  Open source it, too, so that others will build on it.  Give it away. And don't call it IE.  Pick a new name, just like Bing was a new name for Live and is better than Live search.  A Bing Browser, perhaps.  

• Anonymous
  December 15, 2009
  The comment has been removed

• Anonymous
  December 15, 2009
  @wonkette: It would be interesting to see if MSFT ever releases a Web browser under it's 'Bing' brand. @EricLaw: I have used Windows for months w/o applying any updates whatsoever and no viruses were picked up. @Johnnyq3: I think it's best to just leave the Webkit thing out for the time being. And, Opera doesn't use WebKit either; it uses Presto. @nobody: It's interesting to see you (negatively) commenting on someone who's trying to make a point.

• Anonymous
  December 15, 2009
  Developers, Developers, Developers.... What is Steve Ballmer talking about?  If he is for Developers, then he would tell the IE team to start sticking with web 2.0 standards and make it easier for Developers to support IE.

• Anonymous
  December 15, 2009
  I had the same problem like George. It's ok now after reseting all zones to default level. Thanks!

• Anonymous
  December 15, 2009
  The comment has been removed

• Anonymous
  December 15, 2009
  @dlh2009: some consider that Web programmers aren't developers. Maybe Monkey is of that group...? @WoodyKC: from my testing, IE 8 on XP and on Vista or 7 is functionally identical (it may not have Protected Mode, but since I disable UAC and use limited user accounts on all OSes, it becomes moot) and I couldn't find any variation in performance nor stability. One thing you can try is remove OEM settings: in a command prompt, run rundll32 iedkcs32.dll,Clear then reset the browser (Control panel->Internet properties->Advanced->Reinitialize) to give IE (all versions) a thorough scrubbing.

• Anonymous
  December 16, 2009
  @WoodyKC Yes, a builtin spellchecker would be great. Much more usefull in practical use than SVG or nonstandardized html5 support.