다음을 통해 공유

IE December Cumulative Security Update Now Available

  • 아티클

The IE Cumulative Security Update for December 2010 is now available via Windows Update. This security update resolves four privately reported vulnerabilities and three publicly disclosed vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

This security update is rated Critical for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8. For more information about the vulnerabilities, please see the full bulletin.

The security update addresses the vulnerabilities by modifying the way that Internet Explorer handles objects in memory and script during certain processes. For more information about the vulnerabilities, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.

This security update also addresses the vulnerability first described in Microsoft Security Advisory 2458511.

The majority of customers have automatic updating enabled and will not need to take any action because this security update will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually. For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871.

For administrators and enterprise installations, or end users who want to install this security update manually, Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service.

Ceri Gallacher
IE Servicing PM

Comments

  • Anonymous
    December 14, 2010
    IE 9 not effected?

  • Anonymous
    December 14, 2010
    Wierd, I only have IE9 installed and I got the update too.

  • Anonymous
    December 14, 2010
    when will the IE9 RC be released? i mean it was more then 2 month's ago since IE9 released any new version's to their real homepage, when will RC be released ?

  • Anonymous
    December 15, 2010
    What about this one? www.vupen.com/.../3156

  • Anonymous
    December 15, 2010
    Hm… KB2416400 fails for me with error 80092004, stand-alone installation fails too, all other updates installed fine.

  • Anonymous
    December 15, 2010
    @hans I have the same error like you. have you fixed it?

  • Anonymous
    December 15, 2010
    @Andre: I haven't, but I believe the problem is because I have installed a hotfix that fixes a problem fixed by this cumulative update, so uninstalling it would probably solve it.

  • Anonymous
    December 15, 2010
    I hate to repeat this here but once a post on the IE blog is not the latest post it gets ignored. Can someone from Microsoft please make a statement about shutting down the IE6/IE7/IE8/IE9 images at http://www.spoon.net/ ====================================================================================================== This was THE most useful resource for testing multiple versions of IE and the shutdown really ticked developers off! As a long time web developer of Enterprise Web Applications I've tried all the options out there to try and simplify testing IE and the lack of realistic options is a royal PITA. 1.) Multiple IEs - IE8 breaks the functionality of IE6's textboxes - thus its a NO-GO 2.) IETester - works great until you need to test popup interaction and then it fails - thus a NO-GO 3.) Virtual PC with timebombed images of IE6, IE7, IE8 - works ok, but the 12Gigs of HD space needed is frustrating when each full image of Windows dies 4 times a year, running a full Windows image is slow and you have to beg for updates because the releases are not co-ordinated and announced well at all - thus its a NO-GO 4.) IE Super Preview - Last I checked this did not allow full testing of IE user interaction, JavaScript DOM changes, popups etc. - thus its a NO-GO 5.) Multiple PC's to run multiple versions of windows and IE.  With all the hardware, software, and physical space needed - its a NO-GO 6.) Spoon.net IEs - They work, they work just like local native apps once running, and there's no hacking of my real local IE install. - the ONLY problem with these IE's is that Microsoft shut them down Please understand that we (developers) just want something that works.  Testing in multiple versions of IE is a pain to begin with and with IE9 on the horizon it is only getting worse. I'm not sure where the issue stands with Spoon, but I would really like a solution worked out fast. Steve

  • Anonymous
    December 15, 2010
    @Steve Stop worrying about IE6 =p

  • Anonymous
    December 15, 2010
    The comment has been removed

  • Anonymous
    December 15, 2010
    The comment has been removed

  • Anonymous
    December 15, 2010
    Sorry for the duplicate - the "Post" button doesn't seem to work in Firefox.

  • Anonymous
    December 15, 2010
    WHEN WILL IE9 "RC" BE RELEASED IN THE ie.microsoft.com/testdrive WEBSITE ? ? ? SOMEONE PLZ ?

  • Anonymous
    December 16, 2010
    I am switching today to Opera 11 because of the dumbed down non-customizable POS IE9 is. Nothing matters more than usability and customizability and your software lacks that. IE8 wasn't so bad but you BLEW IT with IE9.

  • Anonymous
    December 16, 2010
    @Hans & @Andre Just in case my guess that your're German is correct, you may would like to have a look into my (german) article about the possible issue: patch-info.de/.../1005 Bye, Freudi

  • Anonymous
    December 16, 2010
    @Prior Semblance - I wish I could... for Enterprise Web Apps... supporting IE6 for a little longer is unfortunately a requirement.

  • Anonymous
    December 17, 2010
    off topic... but when will internet explorer ever have a "Show Blocked pop-up" option? I only have the choice to temporarily show pop-ups. But that will mean refreshing the page again. This is BAD if I'm doing payment. I'll either end up paying TWICE or lose all transaction info..... :( Firefox is able to do it, it lists the popups, and lets me choose which one to open.... why not in internet explorer?

  • Anonymous
    December 18, 2010
    ok thanks for update

  • Anonymous
    December 19, 2010
    If I am on Win 7 SP1 RC and have not yet been offered this through WU, should I be worried / uninstall RC or attempt installing this manually? Or is SP1 RC already safe.

  • Anonymous
    December 19, 2010
    This is my first time comment, so please forgive any ignorance. I have been using Auto Updates feature for my Windows XP (latest service pack, etc) for a long time (a few years) without any problems, and most recently have received and installed all the December updates EXCEPT for the security update KB 2289162. My Dell 8000 successfully downloads the security update, BUT fails to install it with the following message resulting: "Auto Updates: Some updates cannot be installed: Security update for Microsoft Office (2002) XP KB 2289162." Additionally, everytime I click on OK to the "error message," the system then automatically redownloads the update but doesn't let me install it. I have disabled my Norton 360 features; I have enable them, both to no avail. Previous security downloads have installed without any problems. Any suggestions, advice, direction would be greatly appreciated.

  • Anonymous
    December 19, 2010
    someone please when will IE9 RC be released on this microsoft IE9 website ? because my IE9 BETA1 does not work well and sometimes it hangs on some website. so when can i download IE9 RC please anyone ?

  • Anonymous
    December 19, 2010
    someone please when will IE9 RC be released on this microsoft IE9 website ? because my IE9 BETA1 does not work well and sometimes it hangs on some website. so when can i download IE9 RC please anyone ?

  • Anonymous
    December 19, 2010
    someone please when will IE9 RC be released on this microsoft IE9 website ? because my IE9 BETA1 does not work well and sometimes it hangs on some website. so when can i download IE9 RC please anyone ?

  • Anonymous
    December 19, 2010
    Please, fix a VERY ANNOYING bug in IE9beta: after its installation all email programs (Windows Mail on Vista or WLM2011 with Vista/7) add a '?' at the beginning of outgoing mails (e.g. "?Hello,"). The only workaround is to use Unicode UTF-8, all other codesets suffer this bug. Once you remove IE9beta everything returns ok.

  • Anonymous
    December 20, 2010
    Microsoft Internet Explorer CSS Import Rule Use-after-free Vulnerability www.vupen.com/.../3156 wooyun.org/.../wooyun-2010-0885

  • Anonymous
    December 20, 2010
    Setting the innerHTML is still broken in IE9 platform preview 5/6. It's pretty disgusting that Microsoft hasn't cleaned up their act with adhering to the specs. - yes that's right... The specs! as of HTML5 innerHTML is a standard setter/getter in HTML DOM manipulation and it must work on all elements in the DOM that can contain HTML.  Until IE fixes this IE9 will absolutely NOT be HTML5 compliant!

  • Anonymous
    December 22, 2010
    The comment has been removed

  • Anonymous
    December 27, 2010
    The comment has been removed