dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
9181
share rss forum feed


Gone Fishing
Premium
join:2001-06-29

4 edits

7 recommendations

[IE] Security update for Internet Explorer: May 1, 2014

 
 
quote:
s u p p o r t . m i c r o s o f t . c o m

MS14-021: Description of the security update for Internet Explorer for systems that have security update 2929437 installed: May 1, 2014

...

Microsoft has released security bulletin MS14-021. Learn more about how to obtain the fixes that are included in this security bulletin:

• For individual, small business and organizational users, use the Windows automatic updating feature to install the fixes from Microsoft Update. To do this, see Get security updates automatically on the Microsoft Safety and Security Center website.

• For IT professionals, see Microsoft Security Bulletin MS14-021.

How to obtain help and support for this security update
Help installing updates: Support for Microsoft Update

...

»support.microsoft.com/kb/2964358




Related:

Security Update for Internet Explorer (2965111)
Published: May 1, 2014
Version: 1.0

»technet.microsoft.com/library/se···ms14-021

• DSLR: »Enhanced Mitigation Experience Toolkit 4.1 Update 1

• MSRC: Security Update Released to Address Recent Internet Explorer Vulnerability
»blogs.technet.com/b/msrc/archive···ity.aspx

--
non nova, sed nove
primum non nocere


Skipdawg
The Original
Premium,ExMod 2001-03
join:2001-04-19
Mount Vernon, WA

1 recommendation

Re: Security update for Internet Explorer: May 1, 2014

Thanks for the heads up.



therube

join:2004-11-11
Randallstown, MD
Reviews:
·Comcast
·Verizon Online DSL

1 edit
reply to Gone Fishing

Re: [IE] Security update for Internet Explorer: May 1, 2014

Now that's interesting.
They specifically list XP as an affected OS: "Windows XP Service Pack 3".

Security Update for Internet Explorer 8 for Windows XP (KB2964358)
(How do you like that, even after support has ended.)



therube

join:2004-11-11
Randallstown, MD
Reviews:
·Comcast
·Verizon Online DSL
reply to Gone Fishing

And this being CVE-2014-1776 is the fix for "massive bug in IE".

Must say, a quick turn-around time for this update .



Gone Fishing
Premium
join:2001-06-29

1 edit
reply to therube

said by therube:

Now that's interesting.
They specifically list XP as an affected OS...
...
(How do you like that, even after support has ended.)

quote:
The Official Microsoft Blog
Updating Internet Explorer and Driving Security
1 May 2014 10:18 AM

The following post is from Adrienne Hall, General Manager, Trustworthy Computing, Microsoft.


...
One of the things that drove much of this coverage was that it coincided with the end of support for Windows XP. Of course we’re proud that so many people loved Windows XP, but the reality is that the threats we face today from a security standpoint have really outpaced the ability to protect those customers using an operating system that dates back over a decade. This is why we’ve been encouraging Windows XP customers to upgrade to a modern, more secure operating system like Windows 7 or Windows 8.1.

Even though Windows XP is no longer supported by Microsoft and is past the time we normally provide security updates, we’ve decided to provide an update for all versions of Windows XP (including embedded), today. We made this exception based on the proximity to the end of support for Windows XP.
...

Read more @ »blogs.technet.com/b/microsoft_bl···ity.aspx
--
non nova, sed nove
primum non nocere


okorsal

@38.110.64.x
reply to Gone Fishing

Re: Security update for Internet Explorer: May 1, 2014

Does this patch the recent IE vulnerability official released to public on Saturday April 26? Telling everyone to use a different browser? »technet.microsoft.com/library/se···/2963983



plencnerb
Premium
join:2000-09-25
Carpentersville, IL
kudos:3

1 recommendation

reply to Gone Fishing

Re: [IE] Security update for Internet Explorer: May 1, 2014

While I don't run IE on my Windows 8.1 Pro Update 1 install, I do like to keep it updated.

So, thanks for the heads up on this.

--Brian


OZO
Premium
join:2003-01-17
kudos:2
reply to therube

said by therube:

(How do you like that, even after support has ended.)

I like it, 'cause I still use it
--
Keep it simple, it'll become complex by itself...


joepwpb
Premium
join:2000-12-15
West Palm Beach, FL
reply to plencnerb

Critical Internet Explorer Flaw Patched, Even for XP

The critical Internet Explorer flaw that left every desktop version of Microsoft's Web browser vulnerable was patched today (May 1) %u2014 even for Windows XP, the outdated operating system that Microsoft officially stopped supporting April 8.

First revealed last Saturday (April 26), the vulnerability, present in IE 6 through 11, was so severe that the U.S. Department of Homeland Security even recommended that people avoid using Internet Explorer until the flaw was patched. Now that Microsoft has pushed out the patch, the update should install automatically if you have Automatic Updates enabled on your PC.


OZO
Premium
join:2003-01-17
kudos:2
reply to OZO

said by OZO:

said by therube:

(How do you like that, even after support has ended.)

I like it, 'cause I still use it :)

And now, I don't :(

After patching IE8 with (KB2964358), it stopped working. If I try to open any web site it opens dialog box offering to download HTML files... I can't even open its "About Internet Explorer" page. And when I close IE, there is message box:
RUNDLL
Error loading C:\WINDOWS\system32\inetcpl.cpl
The operating system cannot run %1.

It even gets "better". When I decided to get rid of it and apply restore point it created in the process, I've discovered, that the System "Restore" facility is completely broken too... :( So I can't apply my restore points anymore... I guess, virus developers should start to exploit that effect (just install the patch and see how they do it) and block "System Restore" at any time they need it...

I think somewhere down the road (after they have finished working on WXP) Microsoft, pursuing some weird marketing goals, has lost its professionalism. And that IMHO is extremely pity...

--
Keep it simple, it'll become complex by itself...


deke40
Premium
join:2003-01-23
Texas
reply to Gone Fishing

Has anybody had problems updating on this one?

I have had mine "updating" for over 10 minutes with no action yet.

PS-Sorry about that, it finally came through. I had never had one take that long.


OZO
Premium
join:2003-01-17
kudos:2
reply to OZO

To be done with that, here is how it broke "System Restore." Every time I tried to launch "System Restore", there was an error box, stating:

DDE Server Window: rstrui.exe - Ordinal Not Found
The ordinal 459 could not be loaded in the dynamic link library urlmon.dll
OK

Luckily, setup left working "uninstall" entry. After uninstalling KB2964358 p atch, I was able to run System Restore again and restore computer to its working state...

--
Keep it simple, it'll become complex by itself...


joepwpb
Premium
join:2000-12-15
West Palm Beach, FL

OZO,

I found this at Zdnet:

"IE will crash if you install the update on a Windows 7 system which does not have KB2929437 installed"

Hope that helps.


OZO
Premium
join:2003-01-17
kudos:2

Thank you, joepwpb See Profile. On my WXP-SP3 computer running IE8, I've tired to install patch 2964358, which is "Security Update for Internet Explorer 8 for Windows XP".

The problem with IE8 after update was not a crash. IE8 had lost all its functionality (can't open any web page) and it broke "System Restore" in the process...

Other related patches are:

• 2929437- Description of the security update for Internet Explorer 11 on Windows 7 and Windows Server 2008 R2: April 8, 2014 - it's for IE11 on W7+
• 2964444- Description of the security update for Internet Explorer for systems that do not have security update 2929437 installed: May 1, 2014 - it's for IE11 on Vista+
 

BTW, in this page they've mentioned "Applies to: Windows Internet Explorer 7". What the hell is it? I know they have two products:
• Windows Explorer (local file manager/desktop)
• Internet Explorer (subject of the current discussion)
But what the "Windows Internet Explorer 7" is? I have no idea. Perhaps the Chinese guy, sitting on the top right corner of that page, knows...
--
Keep it simple, it'll become complex by itself...


Mister M

join:2010-05-01
Vancouver, BC
reply to joepwpb

said by joepwpb:

OZO,

I found this at Zdnet:

"IE will crash if you install the update on a Windows 7 system which does not have KB2929437 installed"

Hope that helps.

It doesn't because it isn't relevant to OZO's problem. Read this.

robman50

join:2010-12-14
reply to Gone Fishing

I got it on my Win7 and Win8 system, 16 MB, that's bigger than I thought.


AZinOH

join:2007-04-25
Swanton, OH
kudos:1
reply to Gone Fishing

I installed (KB2964358) on my XP SP3 Dell by launching Windows Update and it worked perfectly as it almost always has. Visited multiple sites using IE8 with no problems.



joepwpb
Premium
join:2000-12-15
West Palm Beach, FL
reply to Gone Fishing

FWIW, I saw just saw the following which was posted sometime yesterday:

"Today, FireEye Labs can reveal a newly uncovered version of the attack that specifically targets out-of-life Windows XP machines running IE 8. This means that live attacks exploiting CVE-2014-1776 are now occurring against users of IE 8 through 11 and Windows XP, 7 and 8. We have also observed that multiple, new threat actors are now using the exploit in attacks and have expanded the industries they are targeting. In addition to previously observed attacks against the Defense and Financial sectors, organization in the Government- and Energy-sector are now also facing attack."

Joe P


twincam23

join:2013-11-21
Los Angeles, CA

Encountering the same issue as OZO after applying the patch on IE9/Windows7 ENT 32bit.
It wants to download the HTML files.
I was able to get IE9 working again by simply uninstaling the patch. Researching the cause of this.
On another note, patch installed fine on IE9/Windows7 ENT 64bit.



therube

join:2004-11-11
Randallstown, MD
Reviews:
·Comcast
·Verizon Online DSL
reply to OZO

> it opens dialog box offering to download HTML files

Wasn't understanding at first what you were meaning by that, but now thinking its an association that is messed up (incompatible) on your end.

Something along the lines of, IE8 doesn't display ANY page, always tries to download.

(There's a Nirsoft utility ...?)


twincam23

join:2013-11-21
Los Angeles, CA

just got a tip that installing patch KB2936068 can prevent/fix the HTML download issue.
Tested it on my broken IE9 and it resolved it.



therube

join:2004-11-11
Randallstown, MD

Wasn't that part of last months (April) regular (security) updates from MS?


OZO
Premium
join:2003-01-17
kudos:2
reply to twincam23

twincam23 See Profile, thank you for confirmation and the tip. At this moment I'm in the middle of something, but later on I'm going to try it.
--
Keep it simple, it'll become complex by itself...


twincam23

join:2013-11-21
Los Angeles, CA
reply to therube

said by therube:

Wasn't that part of last months (April) regular (security) updates from MS?

yes it is.


MOL

@203.153.98.x
reply to OZO

Same with me, when open IE, dowload html files, when close it pop up error.
So i uninstall this patch and IE running well


ctrlaltdl

join:2005-01-11
Everett, WA
reply to twincam23

I have 6 XP machines that I still have to support and they all had the problem that the OP described. Thanks to Twincam23, installing KB2936068 took care of it for me.