July 2014 Internet Explorer Updates

Microsoft Security Bulletin MS14-037 - CriticalThis security update resolves one publicly disclosed vulnerability and twenty-three privately reported vulnerabilities in Internet Explorer. The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

This security update is rated Critical for Internet Explorer 6 (IE 6), Internet Explorer 7 (IE 7), Internet Explorer 8 (IE 8), Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on affected Windows clients, and Moderate for Internet Explorer 6 (IE 6), Internet Explorer 7 (IE 7), Internet Explorer 8 (IE 8), Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on affected Windows servers. For more information see the full bulletin.

Recommendation.  Most customers have automatic updating enabled and will not need to take any action because this security update will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually. For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871.

For administrators and enterprise installations, or end users who want to install this security update manually, Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service.

Security Update for Flash Player (2974008)

On July 8th, a security update for Adobe Flash Player in Internet Explorer 10 and 11 on supported editions of Windows 8, Windows 8.1 and Windows Server 2012 and Windows Server 2012 R2 is also available. The details of the vulnerabilities are documented in Adobe security bulletin APSB14-17. This update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash binaries contained within Internet Explorer 10 and Internet Explorer 11. For more information, see the advisory.

Most customers have automatic updating enabled and will not need to take any action because this update will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually. For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871.

— Wilson Guo, Program Manager, Internet Explorer

Comments

  • Anonymous
    July 08, 2014
    Minor question: What operating system is still supported that causes IE6 to still receive critical updates? I thought IE 6 reached EOL already.

  • Anonymous
    July 08, 2014
    @Brian LePore - Windows Server 2003.

  • Anonymous
    July 08, 2014
    Just a thought... wouldn't it be easier to just develop IE 12 for Vista/2008, 7/2008R2 and 8.1/2012, then drop support for IE 7, 8, 9 and 10 and just support 1 version across all platforms?

  • Anonymous
    July 08, 2014
    @Sardoc: For regular consumer that would be fine but sadly there are these pesky things as corporations that don't really want to use the latest and greatest for many reasons. As such don't think they'll ever get to point where they can just support one version.

  • Anonymous
    July 08, 2014
    @Zkal - It would be easier, but illegal, as I believe Microsoft is legally obligated to support all of these Internet Explorer version until the extended support period is over. (That means, the version of Internet Explorer that came with the operating system. They cannot force you to update and be over with it)

  • Anonymous
    July 08, 2014
    Oops, I meant @Sardoc, not @Zkal.

  • Anonymous
    July 08, 2014
    @Zkal (for real ;)) - Well, it is a matter of policy and contracts. If they change their policy to only support the latest version (or the latest and the one before it), corporations would just have to live with it and change the way they work (not depend on browsers, or web based application vendors would have to code according to the standards and stop messing around and give free updates), because I do not believe there is a browser that are supported for so long.

  • Anonymous
    July 08, 2014
    It's an odd situation that we can run IE11 on Server 2008 R2, but not on Server 2012 original.  I can understand why it wasn't released for Windows 8.0 since it's a free update to 8.1, but 2012 R2 isn't free unless you have SA, we would have to pay for new full price licenses.  I hope something is done about this in the next IE version so that we can standardise on a single version.

  • Anonymous
    July 09, 2014
    @Sardoc - As said already, corporations aren't to happy with stopping support for something that had promised to be supported for 10 years (like every IE version does, 10 year of support at least). I think however that it wouldn't hurt to reduce the support time from 10 to at least 5 to prevent that they have to many versions to support. IE6 will at least be supported up until July 2015. By that time, we already are on IE12 (I hope). So Microsoft would have 7 versions to support, not to mention payed support, that can drag support for IE6 3 years longer, counting from April this year (and by then, we're already looking forward to at least IE15, again, I hope).

  • Anonymous
    July 09, 2014
    Anyway, any news when we will get Internet Explorer Developer Channel 2?

  • Anonymous
    July 09, 2014
    I like internet explorer 11

  • Anonymous
    July 09, 2014
    Thank to sharing interesting articles and services ..........

  • Anonymous
    July 09, 2014
    No real issue ever gets fixed with these updates.

  • People are begging for JSON mime support, they don't care.
  • XPath will never get update (since xpath v1, 2001). W3 laid final recommendation of version 3 this year, and none of MS product gets XPath 1.0+ support! They just don't care.
  • Looks like SVG is dumped by MS. The issues introduced in IE9 for the first time are still present, but its just not worth the effort? All we get are these fictional security updates which browser vendors don't care to write blogs about, just put it in the readme and publicize some real meaty work they have done pertaining to the emerging web technologies! Chrome and Firefox are rapidly making releases, fixing zillions of features each release adding new standards and moving along the community. All we get from IE is "We are investigating this issue" and never updated again in years! Even if you submit the most technical bug report, this is the same reply rubberstamped on your face. Its like they have this automated system in place which randomly sends these replies. What an insult to the people; the developers and enthusiasts who are still bothering about IE and Microsoft. IE team is the most mean, ineffective and uncompetitive bunch in the whole Microsoft. Not communicating back to us like human being is your loss. Acting like some kind of a gods will only take you to the fall. What possibly can help you get what you want to be is getting at level with the community, work "with" us and earn some respect. Public perception is your problem and you are doing worse job fixing it! Those modern.ie ads mean nothing with this attitude. Its really hard to become/remain Microsoft fan these days and IE team is playing leading role in it.
  • Anonymous
    July 09, 2014
    The comment has been removed

  • Anonymous
    July 10, 2014
    after updates this morning internet explorer will not respond.

  • Anonymous
    July 10, 2014
    How long is reasonable to wait for a blocker level accessibility fix?

  • Anonymous
    July 10, 2014
    Speaking of IE performance, its 500% slower than chrome in this simple test: connect.microsoft.com/.../performance-ie11-performs-extremely-poorly-in-branch-prediction-458-slower-than-chrome

  • Anonymous
    July 10, 2014
    The comment has been removed

  • Anonymous
    July 10, 2014
    The comment has been removed

  • Anonymous
    July 10, 2014
    @Gabri, on http://status.modern.ie/ there is XPath DOM level 3 list as "In Development"! Just wait...   >^^<

  • Anonymous
    July 10, 2014
    @Yang - XPath DOM Level 3 is basically document.evaluate(...) - not XPath 3, the language itself.

  • Anonymous
    July 11, 2014
    @Gabri > No real issue ever gets fixed with these updates. > (...) > - XPath will never get update (since xpath v1, 2001). W3 laid final recommendation of version 3 this year, > and none of MS product gets XPath 1.0+ support! They just don't care. Gabri, I think you are correct in part, at least with regards to XPath. Bug 673653: support DOM Level 3 XPath Status:  Closed as Fixed Posted by Microsoft on 11/5/2012 at 1:38 PM "This issue was resolved in Internet Explorer 10 released on 10/26/2012." connect.microsoft.com/.../support-dom-level-3-xpath But the thing is: the test submitted was only checking for, testing for document.implementation.hasFeature('xpath', '3.0') (By the way, this implementation.hasFeature() is rarely useful and trustworthy: it never can tell how complete and reliable, trustworthy and bug-free such implementation is.) Your opinion would be a lot more useful, convincing and worthy if you had tests (or links to tests or to a test suite eg w3c-test.org/.../evaluator-constructor.html ) thorougly checking individual methods and attributes of XPath 3 like XPath expressions. "work with developers" imply requirements from both sides. Gérard

  • Anonymous
    July 11, 2014
    The comment has been removed

  • Anonymous
    July 11, 2014
    @Greg, yes I have seen that. But its the communication we are missing. Not the fancy website with silence from the other side. The precious proprietary code of IE is broken badly. Everyone is disappointed. Even the other teams at MSFT has to say this about it. Their input model, memory model and the way they manage multi-tabs since IE7 is "worse" than any other existing browser. It may hurt your feelings and believe me it hurts me too when I try to defend IE in front of 50 people and get embarrassed. Seeing tons of Connect reports like this JSON mime request connect.microsoft.com/.../text-json-mimetype and connect.microsoft.com/.../xpath-2-and-3-in-microsoft-world (its .NET team but still see how lost they are) with canned responses. This person has done a lot of tests: connect.microsoft.com/.../556277 and yet he gets, "We don't have plans to fix this issue". For example, take a look at this test www.freewebs.com/.../209-print-preview-input.html, its corresponding bug report is Connect bug report number is 675158, give it a try and you will reproduce this issue within 20 seconds. But in the bug report Microsoft give us the "unable to reproduce.." canned response.

  • Anonymous
    July 11, 2014
    @Gérard Talbot, > Your opinion would be a lot more useful, convincing and worthy if you had tests Done ages ago, waiting for responses and the real features. > "work with developers" imply requirements from both sides. BTW if you don't believe it by now, then let me tell you that I would try to be the first guy who will contribute to Internet explorer if it ever goes open source.. If you don't work for IE and yet concern, then I am very happy to say this: Welcome to the club! We care about IE more than "they" do! Thank you guys. Please keep pushing may be soon enough all gets settled and we get better browser than Chrome (and yes there is a LOT of margin of improvement in Chrome where IE can shine, only if they advance preemptively!)

  • Anonymous
    July 11, 2014
    @Viktor Krammer [quero.at], thanks I really didn't knew that this much level of detail is hidden under those KB articles. Will follow that stream! Since they don't mention which update (with the KB article link) fixes which bug, there should be a website logging all those entries so the people like us reporting bugs know in advance where to go before submitting the bug.

  • Anonymous
    July 11, 2014
    Security update KB2962872 broke all of our file upload pages, leaving the current Internet Explorer tab in a permanent "hang" state. Using Fiddler 2 we determined the hang to be triggered by the mime type of the response from our form post (multipart/form-data). Our application returns content-type "text/xml" with an attached xsl stylesheet, and after being successfully deployed since 2006, the pages are completely broken in IE10/IE11 with this update installed. Uninstalling the update repairs the file uploads again. Any idea what was fixed that might be causing this damage?

  • Anonymous
    July 14, 2014
    Hi MikeS, we had the same issue and can't find any solution. Do you already have a fix?

  • Anonymous
    July 18, 2014
    To Satya Nadella In the ongoing layoffs, please fire the whole rotten IE team, the laziest most ignorant people at Microsoft. They are losing against other browsers by the day in every single domain of web. They are highly incompetent. After that, hire some folks from Mozilla, Google, Opera and IBM, who know how to refactor the turd code of IE into the best browser ever happen to mankind. Thank you from the entire Internet community: which means the whole world

  • Anonymous
    July 18, 2014
    Why is there no sign of IE12 yet ?

  • Anonymous
    July 20, 2014
    I'm tired of testing so many backwards compatible issues, let alone the dozen variations of compatibility modes that automatically trigger within a company. When can I have one 'version' that upgrades easily, efficiently, and doesn't require Windows Update?  You know, that little feature which makes Chrome is so widely used?