Поделиться через


October 2013 Internet Explorer Updates

Microsoft Security Bulletin MS13-080 - CriticalThis security update resolves eight privately reported and two publicly disclosed vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited the most severe of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

This security update is rated Critical for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, and Internet Explorer 10 on Windows clients and Moderate for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, and Internet Explorer 10 on Windows servers. For more information, see the full bulletin.

Recommendation.  Most customers have automatic updating enabled and will not need to take any action because this security update will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually. For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871.

For administrators and enterprise installations, or end users who want to install this security update manually, Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service.

Update for Flash Player (2886439)

On October 8th, an update for Adobe Flash Player in Internet Explorer 10 and 11 on supported editions of Windows 8, Windows 8.1 and Windows Server 2012 and Windows Server 2012 R2 is also available. The details of the bug fixes and new features are documented in Adobe release notes for Flash Player 11.9.

Most customers have automatic updating enabled and will not need to take any action because this update will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually. For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871.

— Wilson Guo, Program Manager, Internet Explorer

Comments

  • Anonymous
    October 08, 2013
    Here is a JavaScript optimization challenge for Microsoft compiler guys connect.microsoft.com/.../ie-performance-dom-manipulation-tests IE 10 and 11 takes 550ms to perform these basic operations nontroppo.org/.../Hixie_DOM.html (stress testing cases writing some 12 years ago). On same machine, edge version of Chrome takes 27ms. Guys please share some C++ compiler optimization magic with JavaScript team (for try-catch, string perpend, index..), make it fast so all sub-tests are completed under 10ms and make the JS compiler the most efficient. Though 500ms looks small, but its still greater than all edge versions of all major browsers (Chrome, Firefox, Opera and Safari). Here are the try-catch and few other tests: newilk.com/.../SpeedTest1 Reminds me of a quote from Fast and the Furious movie: "It doesn’t matter if you win by an inch or a mile – winning is winning." That's true. So please apply greedy algorithm here and save every bit where you can to be a winner. We know you can. All you need is to spare some magnificent brains for few hours and you will get sorted it out. For old times sake.. :-) Thank you! :)

  • Anonymous
    October 08, 2013
    The comment has been removed

  • Anonymous
    October 09, 2013
    @hAl, Thanks for the comment. Normally, I make the one making such supportive comments. I like the spirit. Btw, Sunspider is made by webkit and Apple teams. Mozilla introduced Kraken. And yes IE11 is fastest. Also, ecmascript test is the conformance test not the performance test. Anyway, my point is, the kind of optimization VC (C++) team at Microsoft is working on and have delivered so far, for them suppressing the time and noise by such brute-force test is a tiny fun job. If the compiler optimization teams at Microsoft collaborate a little more, we can get extra boost in every segment of the company. Be it a millisecond save, its still better than before. (and its 27ms vs 550ms! which means there is a room for improvement.. perhaps a better algorithm). I agree with the notion: "if its not broken, don't fix it". But do you think it should never get fixed? With webGL and 3D gaming on web, we can encounter have such exhaustive script, may be a poor way of implementing some sort of shader. Though, its not the priority but it must be in the backlog of the guy who crave for optimization. For the record, there are the tiny bugs in IE11 since IE6, which were never resolved. (like connect.microsoft.com/.../printing-attribute-value-change-triggers-change-in-ux-behavior). They must be resolved some day soon. Certainly not another 15yrs from now.

  • Anonymous
    October 09, 2013
    Looks like this IE update for IE11 adds back full support for switching to older document modes.

  • Anonymous
    October 09, 2013
    Using the F12 developer tools.

  • Anonymous
    October 09, 2013
    Odd, for me the latest causes IE to go in a non-stop crash cycle on some websites (and RSS feeds). And also when attempting to use any of the dropdowns in the document mode in Developer Tools.

  • Anonymous
    October 09, 2013
    The comment has been removed

  • Anonymous
    October 09, 2013
    @Louis: I don't think MS does things like this probably as a matter of policy. Closest I have been get is this but that is because I found a security bug: yuhongbao.blogspot.ca/.../how-i-found-cve-2013-1310.html

  • Anonymous
    October 09, 2013
    @Louis: and that's a good thing. IE8 is basically set in stone (except for some rare, specific cases), and its bugs are known. We don't have to bother with IE8 sub versions, and the same goes for other major IE versions. If each of them were moving targets, it'd be a maintenance and support nightmare.

  • Anonymous
    October 10, 2013
    The comment has been removed

  • Anonymous
    October 10, 2013
    IE 11 Does not reset the RSS feed when the feed is read. Is this a bug? If so please repair this Microsoft. If not please tell me how to fix it. Thanks. Robert

  • Anonymous
    October 10, 2013
    @Robert: This seems to happen in a few custom RSS feeds, I've seen it happen in Feedburner feeds using IE11 previews. They don't even render in the IE feed view layout, but redirect to their own one (in previous IE versions, they used the internal viewer). You can manually set their status to "already read" with right click though. Speaking of which, the internal RSS reader seems to be using X-UA-compatible = IE7. What's up with that?

  • Anonymous
    October 10, 2013
    @Robert, please send me the connect.micrsoft.com/.../Feedback link so I can up vote!

  • Anonymous
    October 10, 2013
    The comment has been removed

  • Anonymous
    October 10, 2013
    Thank you