IE October 2009 Security Update Now Available
The IE Cumulative Security Update for October 2009 is now available via Windows Update or Microsoft Update.
This update addresses three privately reported vulnerabilities and one publicly disclosed vulnerability. The security update addresses these vulnerabilities by modifying the way that Internet Explorer processes data stream headers, validates arguments, and handles objects in memory. For detailed information on the contents of this update, please see the following documentation:
This security update is rated Critical for all supported releases of Internet Explorer: Internet Explorer 5.01, Internet Explorer 6, Internet Explorer 6 Service Pack 1, Internet Explorer 7, and Internet Explorer 8.
As a reminder, IE security updates are cumulative and contain all previously released updates for each version of Internet Explorer.
I encourage everybody to download this security update and other non-IE security updates via Windows Update or Microsoft Update. Windows users are also strongly encouraged to configure their systems for automatic updates to keep their systems current with the latest updates from Microsoft.
Terry McCoy
Program Manager
Internet Explorer Security
Comments
Anonymous
October 13, 2009
I Love IE8. Thanks a lot. -----Posted in PIMShell --PIMShell is the first Feed Reader which supports tracking and posting comments.Anonymous
October 13, 2009
KB974455 causes "Type Mismatch" error when browsing with IE after installationAnonymous
October 13, 2009
Why update IE5 IE6? Let them die!Anonymous
October 13, 2009
How about MS09-056 and IE eh ? Silence is bliss...Anonymous
October 14, 2009
ok so i tried the bing search on this blog (which yah! for once in the life of the IE blog returns actual, usable results!) However I noticed that the iframe that returns the results has the old windows 95 scrollbars instead of the XP ones?! Why? I tried another search in Firefox and Chrome and both of them have no problem rendering the XP scroll bars. Glad to see IE still can't keep up.Anonymous
October 14, 2009
@bing: If you use the shiny new developer tools in IE8, you can use the "Find element by click" method to find the scrolling DIV that contains the scrollbar in question. You'll find that the Bing team has deliberately set attributes on the scrollbar to make it appear as flat gray. If you remove those attributes, you'll find that it assumes the system theme look. As for why the Bing guys choose to render in a flat gray, well, you'd have to ask them. Typically, folks who decide to hardcode scrollbar colors do so because they want flashier colors.Anonymous
October 14, 2009
I think the recent cumulative security update on IE 8 has created some user interface issues. We have checked our most recent backup 10/10, but the file is the same however, the graphical display has issues. Has anybody experienced a similar issue ? Is this a know issue and is there a patch or workaround for this. The URL is: www.yogasala.com/program.asp Thanks, Aslan OzcakirAnonymous
October 14, 2009
"As for why the Bing guys choose to render in a flat gray, well, you'd have to ask them" Good question. - It seems the folks at Bing are old school (1996) web developers that are still hooked on the "hey cool we can skin the chrome of the browser" concept even though it has been highly condemed over the years... thou shalt not modify anything beyond your own content. oh well hopefully that [airquotes]feature[/airquotes] will be removed in IE9.Anonymous
October 15, 2009
We're having this same issue, disabling an internal application across our organization: KB974455 causes "Type Mismatch" error when browsing with IE after installationAnonymous
October 15, 2009
A recent update has caused Roaming Profiles to not be correctly deleted at user logoff. The folder remaining is CryptURLCache (AppDataLocalLowMicrosoftCryptnetUrlCache). If we disable "check for server certificate revocation" then the problem does not occur. Thoughts? I can't determine which update has caused this. (Running on a W2008RTM terminal server, IE7)Anonymous
October 15, 2009
Hi MSFT IE team. I'm looking to upgrade a web app to work in IE8. It currently runs in quirks mode (no doctype) but has several issues trying to run in IE8 standards mode. I have plans to update the site to be fully standards compliant w/doctype etc. but in the mean time I just need the app to work in IE8 without forcing compatibility mode. I thought the Application Compatibility Toolkit would advise me what I need to change but it doesn't seem very helpful. Is there a complete list of what stuff has changed from IE7 to IE8 that I can check for? Thanks, TrevorAnonymous
October 15, 2009
We have ecountered the same issue when VBscript calls window.returnvalue = Array Value It returns "Type Mismatch" Error Message.Anonymous
October 16, 2009
Is the window.returnvalue behaviour change a definitive collateral damage of the fix, or is it a bug that will be corrected some day ? This is really import as we also are impacted by this issue and are forced to refuse this patch for now. Do we need to contact back all the editors and users of an array in the returnvalue or will MS fix his mistake in changing the behaviour of a documented function ?Anonymous
October 16, 2009
How can I correct this "Type Mismatch" error ??Anonymous
October 16, 2009
The comment has been removedAnonymous
October 16, 2009
The comment has been removedAnonymous
October 16, 2009
Hi! after the October 14 update i am unable to browse at all it simply says Internet Explorer cannot display the webpage. firefox is working fine. i am not good in IT stuff. could some just tel me in simple words, how to fix this. ThanksAnonymous
October 17, 2009
@Sam, this is likely related to your firewall. Please see http://www.enhanceie.com/ie/troubleshoot.asp#Firewall @embedded, you'll need to talk to the Firefox team about Firefox vulnerabilities.Anonymous
October 17, 2009
I just got this error dialog in Firefox complaining the the "Windows Presentation Foundation 3.5.30729.1" addon was causing instability (is this related to Fiddler?) Is there a fix for this? and or does it also affect IE? Thanks Here's a screen shot of the error: http://img2.imageshack.us/img2/1765/wpfissue.pngAnonymous
October 17, 2009
The comment has been removedAnonymous
October 17, 2009
How do you classify an undocumented syntax change in VBScript? I only know one name: BUG. showModalDialog documentation refers it accepts an Array but since KB974455 this is no longer true. As it is undocumente, it's a plain bug. Refer to http://social.msdn.microsoft.com/Forums/en-US/iewebdevelopment/thread/9cd062a1-34dd-4caa-9a77-f8a1e26031a3 for details and prepare to make changes on your web application...Anonymous
October 18, 2009
Tiago is right, this IE update contains a major bug. Nevertheless, let's hope all affected vendors will realize it's a bad idea to use client-side VBScript in their web apps and will replace it with Javascript (or other web standards, compatible with all browsers).Anonymous
October 18, 2009
It's a good thing there is a security update now available. I can say I won't be using it considering Internet Explorer has never been anything but a headache for me.Anonymous
October 18, 2009
The comment has been removedAnonymous
October 19, 2009
The comment has been removedAnonymous
October 19, 2009
@Mike, @Bob, @Cyntia, @matt, @Tiago, @Hydro There's a report for the showModalDialog() bug that this security update caused in IE over on Web Bug Track [234] It includes a workaround for the bug for resolving production systems ASAP but the fix isn't the ideal workaround. See site below: http://webbugtrack.blogspot.com/2009/10/bug-234-showmodaldialog-array.htmlAnonymous
October 19, 2009
@Joanne Dean I don't know if it would do any good (it's hard to diagnose these kind of things remotely), but you could try the Ask IE! blog at http://blogs.msdn.com/askie/. More information would be needed.Anonymous
October 19, 2009
Since the update my IE8 browser keeps telling me it needs to close as it has encountered a problem when you answer yes to close the program the error message dissapears and IE8 stays open is this a false or spurious message?Anonymous
October 19, 2009
Microsoft has confirmed the "Type Mismatch" VBScript issue and is working on a fix: http://support.microsoft.com/kb/976749/Anonymous
October 19, 2009
The comment has been removedAnonymous
October 20, 2009
@MSFT when will a fix for the "Type Mismatch" VBScript issue be available? If it will be in a day or two I don't mind waiting and will not implement a hacky fix but if it will take longer than that I'd like to know so that I can take action and fix it.Anonymous
October 21, 2009
This really help in terms of security purposes. Thanks a lot IE. Keep it up.Anonymous
October 22, 2009
When are we having the next Internet explorer release? Microisoft should update with :
- CSS 3 -Introduce download manager,with stop and resume download -SVG support -Separate multiple tabs into windows and viceversa -2D vision web browsing When?
Anonymous
October 22, 2009
I've tried several times to download the security for IE (Vista) get an error code 646. Need to know what I should do to correct what ever - don't know about the internal works of a computerAnonymous
October 25, 2009
The comment has been removedAnonymous
October 26, 2009
Q: Just upgraded to W7. As part of that I exported my favorites from Vista to a bookmark file and then reimported then into IE8/Win7. The order is now reversed (i.e. sorted Z-A instead of A-Z). Interestingly, when I import those same favorite out of IE8 and into FF, they up in correct A-Z order. Is there a simple fix here that I'm missing?Anonymous
October 26, 2009
Since the update my IE8 browser keeps telling me it needs to close as it has encountered a problem - is this a common problem?Anonymous
October 26, 2009
forgot to mention that it only happens after I reboot my pc. After that it works ok, but very slowAnonymous
October 27, 2009
I am having problems with IE 6 Browers who ran this update and they can no longer access my site. There is no VBscript on my site.