Compartir a través de


February 2013 Internet Explorer updates

Today we released two critically rated bulletins and one security advisory for Internet Explorer.

Microsoft Security Bulletin MS13-009- Critical

This security update resolves thirteen privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

This security update is rated Critical for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, and Internet Explorer 10 on Windows clients and Moderate for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, and Internet Explorer 10 on Windows servers. For more information, please see the full bulletin.

Microsoft Security Bulletin MS13-010 – Critical

This security update resolves a privately reported vulnerability in the Microsoft implementation of Vector Markup Language (VML). The vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

This security update is rated Critical for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, and Internet Explorer 10 on all supported releases of Microsoft Windows. For more information, see the full bulletin.

Microsoft Security Advisory (2755801)

Microsoft is also announcing the availability of an update for the Adobe Flash Player in Internet Explorer 10 on all supported editions of Windows 8, Windows Server 2012, and Windows RT. The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10. For more information please see the full advisory.

Recommendation. Most customers have automatic updating enabled and will not need to take any action because this security update will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually. For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871.

For administrators and enterprise installations, or end users who want to install this security update manually, Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service.

— Tyson Storey, Program Manager, Internet Explorer

Comments

  • Anonymous
    February 12, 2013
    Please release IE10 for Windows7 early.

  • Anonymous
    February 12, 2013
    @Hamakaze: I think you mean "please release an updated pre-release version, and only release the final version when it is bug-free".

  • Anonymous
    February 12, 2013
    @Arieta: No, I think he means "please release IE10 for Windows 7 ASAP, given that it's been in "preview" now for the past 3 months!! ...and if there's bugs, simple - just release regular updates - like ALL the other major browser vendors do!!"

  • Anonymous
    February 12, 2013
    Re: the VML attack, might IE someday be configurable to disable legacy document modes, to reduce attack surface area?

  • Anonymous
    February 12, 2013
    How does any of this get the IE Blog comment form fixed? #MicrosoftCompetentcy--;

  • Anonymous
    February 12, 2013
    How does any of this get the IE Blog comment form fixed? #MicrosoftCompetentcy--;

  • Anonymous
    February 12, 2013
    The comment has been removed

  • Anonymous
    February 12, 2013
    The comment has been removed

  • Anonymous
    February 12, 2013
    @Jo: please read the anon's question again

  • Anonymous
    February 12, 2013
    Good that you're updating IE10, but as far as I'm concerned, IE10 is not even released yet. Yes it's in Windows 8, but Windows 8 is a tablet OS (and a jokingly bad one at that), so IE10 is not yet available for normal computers, so to speak. Release it already.

  • Anonymous
    February 12, 2013
    Disabling old legacy formats would be a good IE feature.   These could be marked as depreciated with the next standards update for html 5.  Prompting the user to accept/reject old legacy format content would be good as well

  • Anonymous
    February 12, 2013
    @Martijn: Where are you talking about? Windows 8 is the best Versio of Windows I've ever seen, and I thougth Windows 7 was already awesome. That you think it's not that gold, doesn't maan everyone else thinks that. Anyway, I also think that it is the best OS For tablets yet.

  • Anonymous
    February 13, 2013
    This is trash development assuming every user has time to digest this stupid dependency. For goodness sake keep the it simple stupid!

  • Anonymous
    February 13, 2013
    The comment has been removed

  • Anonymous
    February 13, 2013
    @Yannick - you live on a very lonely island.  I don't know anyone (I see hundreds daily) that thinks windows 8 is better than 7. Not One. The only people I know promoting it either work for Microsoft or are a 3rd party developer trying to help push sales of their apps that they've ported to the windows 8 platform from android, blackberry or iOS. (And I understand why... My reports are that the sales are downright pitiful not even a percent of the sales on other platforms). @pmbAustin - you're absolutely right! Why should Microsoft fix the major bug in their blog that stops users from actually posting comments? Lets count the ways shall we? 1.) this blog is about the web, standards etc. by Microsoft not showing enough competence to host a working blog why would anyone take any of their articles seriously? 2.) this blog is built on/running on Microsofts own stack (windows/ASP/.net) having a major bug on your prized web property due to a bug in your "supposedly" good platform is one heck of a bad publicity issue and will not convince a soul that Microsoft has made a decent web stack. 3.) it's been F---ing years! Since this bug was noted, tested, and documented (both on this blog AND on the legacy ASP Postback issue in the platform itself) ignoring it does not make it go away, ignoring it shows everyone that Microsoft has a lack of commitment. 4.) the 30second bug fix for this issue has been identified AND posted on the IE Blog itself NUMEROUS times! Microsoft can't even suggest they are working on the issue (well, first they'd have to acknowledge it) since they've already been handed the fix on a silver platter! 5.) by not addressing the issue they've made the IE Blog hostile with developers and readers alike constantly complaining that the blog is broken and that precious responses keep getting lost because Microsoft refuses to fix the issue. 6.) by not fixing the issue, the constant complaints in the comments make it near impossible to have a decent conversation about a topic 7.) the "email the blog author" sends emails to an account that either doesn't exist or never gets read.  In a day and age where communication and correspondence occurs in real time Microsoft can not afford to not reply to requests to help fix the issue. 8.) Telligent, makers of the original blog software are stuck with a flagship install with glaring errors and a client (Microsoft) that refuses to deal with the issue. Personally if I was a Microsoft employee in any way related to the Internet Explorer Team, the HTTP Networking Stack, Public Relations, Developer Relations or anyone that cares about the image of Microsoft I would make it my first priority tomorrow to find out who is in charge of this blog, and get a fix in place ASAP! I would then ensure that the IE Team/Blog Maintainer posts an update indicating that it has been fixed... I would also make an apology for taking so long in doing so since an olive branch is long overdue.

  • Anonymous
    February 13, 2013
    I love Windows 8...no probs at all!

  • Anonymous
    February 13, 2013
    Actually Windows 8 is an excellent tablet OS. Much beter than something like Android which usage and inconsistentie in apps and gestures in apps often feels awfull on tablets.

  • Anonymous
    February 14, 2013
    Stop whining. Also, email the blog author works.

  • Anonymous
    February 14, 2013
    The comment has been removed

  • Anonymous
    February 14, 2013
    @rst I did. What am I misunderstanding?

  • Anonymous
    February 14, 2013
    The comment has been removed

  • Anonymous
    February 14, 2013
     Nice post

  • Anonymous
    February 15, 2013
    I works because I have gotten multiple replies.

  • Anonymous
    February 15, 2013
    The comment has been removed

  • Anonymous
    February 15, 2013
    The comment has been removed

  • Anonymous
    February 15, 2013
    Internet Explorer 10 for Windows 7 reportedly coming in late February www.windows8core.com/internet-explorer-10-for-windows-7-reportedly-coming-in-late-february


Really?Microsoft.

  • Anonymous
    February 15, 2013
    09032055330h

  • Anonymous
    February 15, 2013
    If that late february release is correct, that would mean that the IE team is already in the late phases of development, and critical bugs like the memory leak one would not get fixed. Oh well.

  • Anonymous
    February 16, 2013
    hghhhhh

  • Anonymous
    February 17, 2013
    Well, Microsoft aren't even admitting that there is a memory leak problem with IE10, so I can't see how they're going to fix it. Once IE10 is released, I will install it and see how it performs - if there are any performance problems, I will revert back to IE9.  If there is a major problem, I will switch to Firefox or Opera instead.  You'd think with all of Microsoft's software developers they'd be able to get a browser out on time, especially when they know how much browser competition there is out there.  The Windows 8 version of IE10 has been out since 26 October 2012, yet still no Windows 7 version has been released - especially when they promised it would be the other way around.  I have always just gone along with Microsoft updates before, but I'm not so sure this time.  I don't even think I'll upgrade my laptop to Windows 8, since there is no Start button in Desktop Mode - the UI in Windows 8 is very dumbed-down from the user's perspective - for the 'mobile phone generation' (big buttons, bright colours, with no depth to functionality, and very limited configurability).  If Windows 8 is the way in which Microsoft operating systems are going, then I might have to stay with Windows 7 for now, but eventually move away from Microsoft software...

  • Anonymous
    February 18, 2013
    Please add automatic updates (like chrome) that don't require windows update. now that you have detached the browser from the OS...

  • Anonymous
    February 18, 2013
    I too prefer Windows 8 to Windows 7.  I didn't at first.  But now that I've tweaked it for the various platforms (tweaked one way for desktop non-touch, another for a laptop with touchpad, and another way for SurfaceRT) it works great.  In fact, it's kind of annoying to go back to Win7 in many ways, as I miss some of the new Win8 features.

  • Anonymous
    February 18, 2013
    don't like it got to sign on to everything and does not recognize my passwords.

  • Anonymous
    February 19, 2013
    wish they would get the bugs out first............................

  • Anonymous
    February 19, 2013
    I need to upgrade to Adobe 10 can you help?

  • Anonymous
    February 19, 2013
    Can we please have the name of the developer that first implemented document.getElementById(id); in IE? We are setting up a site like TheDailyWTF and we want to provide an award named after the Microsoft developer that checked in this fluster cluck. It is the pinnacle of software failure in a single method where not only was the spec for the implementation right in the name of the method but the bug it introduced was the catalyst that caused the stalling of web advancement for an entire decade! We know who made the 2nd worst IE bug (innerHTML) but it is frustrating to not know number 1. Greg

  • Anonymous
    February 19, 2013
    Hello, fellows. Am I the only person who has IE10 preview broken after security updates? My IE10 on Win7 now cannot open any sites, is stuck at "Waiting for ..." forever. I have to use Chrome now, which does not make me happy :( Best regards, Rustam.

  • Anonymous
    February 20, 2013
    ddd

  • Anonymous
    February 20, 2013
    Blog comments are still broken! 1.) Please acknowledge the bug 2.) Please fix the bug Nothing else on this blog matters until this is resolved!

  • Anonymous
    February 21, 2013
    When is the final release of IE 10 going to be available for windows 7?

  • Anonymous
    February 21, 2013
    The comment has been removed

  • Anonymous
    February 21, 2013
    The comment has been removed

  • Anonymous
    February 21, 2013
    The comment has been removed

  • Anonymous
    February 21, 2013
    Internet Explorer 11 Beta Concept Imagines the Windows 9 Browser...... news.softpedia.com/.../Internet-Explorer-11-Beta-Concept-Imagines-the-Windows-9-Browser-330359.shtml comments ple............

  • Anonymous
    February 21, 2013
    The comment has been removed

  • Anonymous
    February 22, 2013
    Blog comments are still broken! 1.) Please acknowledge the bug 2.) Please fix the bug Nothing else on this blog matters until this is resolved!

  • Anonymous
    February 22, 2013
    You are right.

  • Anonymous
    February 22, 2013
    good

  • Anonymous
    February 23, 2013
    Blog comments are still broken! 1.) Please acknowledge the bug 2.) Please fix the bug Nothing else on this blog matters until this is resolved! Here's the code fix for you: <input type="submit" value="Submit"/> We expect that to apply the patch should take no more than 5min for any developer that should be allowed to touch code. ;-)

  • Anonymous
    February 23, 2013
    twitter.com/.../305331422137315330 "Full useragent: Mozilla/5.0 (IE 11.0; Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko" twitter.com/.../305331296291401729 "One cute detail about IE 11: the UA no longer contains 'MSIE', but 'IE' instead and is 'like Gecko'. And Windows Blue is version 6.3." Wow MS, do you have no shame at all? Your inferior Internet Exploder is nothing like Gecko at all.

  • Anonymous
    February 23, 2013
    Will IE11 use the Webkit engine instead of Trident? That would be awesome!

  • Anonymous
    February 23, 2013
    The comment has been removed

  • Anonymous
    February 24, 2013
    So if MSFT is already working on IE11 (even though they haven't shipped IE10 on their #1 OS yet!) then Microsoft has ample opportunity to fix up a ton of usability issues with the IE interface that users have been complaining about for over a decade?! 1.) the whole options dialog has been listed in every usability fail blog out there... Massive scroll lists in tiny windows, total chaos of all the content as it was grafted on after every IE release. 2.) security zones that no user understands or wants to 3.) print preview that looks like it was written by Borland C++ programmers in 1998! 4.) right click context menu (where the F---! Is the option to VIEW A PICTURE!!!!!!!!! Like you can do in EVERY OTHER BROWSER!!!!! 5.) iframes! Why can users not do anything with iframes in IE! 6.) why do they readonly properties dialogs have Apply and Cancel buttons?! 7.) why have the developer tools not seen any improvements since the original VB6 looking crud we still see today?! Again the issues with every aspect of the developer tools has been discussed over and over! You won't get a single developer to use IE as their default dev browser until the tools in IE get a MASSIVE OVERHAUL!!!! 8.) there is still nothing in the user agent that indicates if the browser is running in Mehtro or the real, usable IE browser. How are we supposed to tell users they need to switch browsers?!

  • Anonymous
    February 25, 2013
    The comment has been removed

  • Anonymous
    February 25, 2013
    @IE11 & WebKit - it's funny how you say M is for Microsooft and Metallica when Metallica has publicly complained about Microsoft not following open standards especially after DRM turned out to be a useless fiasco. WebKit is the dominant mobile Browser engine and has no major competitors outside of Firefox and Firefox is not out for profit only to better the web. On sites I run with 100,000+ hits a month not even 0.1% of the mobile/tablet traffic comes from Trident. When Microsoft ditched development of their browser back in IE6 they set themselves on a path of destruction that to this day has caused every browser version to shrink the IE market share and with they're mobile browser only hitting the market in late 2012 they've officially secured the dead last position.

  • Anonymous
    February 25, 2013
    The comment has been removed

  • Anonymous
    February 25, 2013
    1 print preview and 2  Saving of page too slow than chrome ,also it must save the web pages in background like chrome so that we can browse web..... 3 please, update whole UI of  IE 11 ..............  what say guys................

  • Anonymous
    February 25, 2013
    IE 10 for windows 7 has been released! go to windows.microsoft.com/.../download-ie - Update Browser