Megosztás a következőn keresztül:

IE April Security is Now Available

  • Cikk

The IE Cumulative Security Update for April 2008 is now available via Windows Update. Alternatively, you can receive this and all other Microsoft updates via the new Microsoft Update. I encourage you to upgrade to Microsoft Update if you haven’t already to ensure that you receive the latest updates for all Microsoft products.

This update addresses 1 remote code execution vulnerabilities. This security update addresses this vulnerability by modifying the way Internet Explorer handles HTML and validates data. For detailed information on the contents of this update, please see the following documentation:

This update is rated “Critical” for IE5.01, IE6 Service Pack 1 on Windows 2000, IE6 on Windows XP, IE7 on Windows XPSP2 and IE7 in Windows Vista, IE6 on Windows Server 2003, and IE7 on Windows Server 2003.

As a reminder, IE security updates are cumulative and contain all previously released updates for each version of Internet Explorer.

I encourage everybody to download this security update and other non-IE security updates via Windows Update or Microsoft Update. Windows users are also strongly encouraged to configure their systems for automatic updates to keep their systems current with the latest updates from Microsoft.

Terry McCoy
Program Manager
Internet Explorer Security

Comments

  • Anonymous
    April 08, 2008
    Is IE8 Beta 1 not affected by the security bugs? I need to know, because if it is, I'm gonna uninstall IE8 Beta 1 and go back to IE7 with this month's security update, can't take any chances.

  • Anonymous
    April 08, 2008
    IE8 Beta 1 is NOT affected by these issues. We incorporated the fixes before release.

  • Anonymous
    April 08, 2008
    To the IEBlog: Windows Update keeps freezing on me before I have the chance to choose Custom or Express updates. Another friend of mine did this and it froze. Also, I tried running with no add ons and it froze. Is this a problem on your end that you're aware of?

  • Anonymous
    April 08, 2008
    Tony, how long have you guys been sitting on the fixes?

  • Anonymous
    April 08, 2008
    The comment has been removed

  • Anonymous
    April 08, 2008
    After installing MS08-024 it will take several minutes for pages to load in IE7. While investigating the problem it turned out that this was caused by the google toolbar. Disable the google toolbar restores normal behaviour for IE7. Reinstalling the google toolbar (to ensure latest version 4.0.1602.1060) did not resolve the problem!

  • Anonymous
    April 08, 2008
    Ottmar: I'm not having the issue anymore, so I'm back up to date. Yay. :)

  • Anonymous
    April 09, 2008
    The update includes a fix for KB944397. Our web application assumed the previous behavior and now displays all sorts or errors. Is there a way to (temporarily) suppress the effect of 944397? The article mentions a feature FEATURE_THROW_NESTED_EXCEPTIONS_KB944397, but it doesn't seem to work anymore. Maybe the name of the feature has changed? I realize that disabling this feature is not a permanent solution but it will help us getting our customers up and running again.

  • Anonymous
    April 11, 2008
    I install all fixes as standard practice,  I also send feedback for all Microsoft errors which occur.  I have been having significant problems with IE7 where it would not close down and I had to result to using Task Manager to force an end of the program. Every time this occurred I sent off the information to MS. This has now been fixed by the latest update because it no longer connects to the internet at all! I am now trying to re-install the product and its fixes to see if this resolves it. My question is what is the point in sending out information when a product fails as IE7 has been, if you never hear back from MS as to whether its a problem with the OS or the environment its working in? This recent problem didn't even give me the opportunity to send info in, it simply stopped serving any pages.  I am posting this note using Firefox which has been flawless and Opera also works just fine? Chris...

  • Anonymous
    April 11, 2008
    @Chris Hird The issue may be related to third-party "security software" installed on the system: http://support.microsoft.com/kb/942818/en-us Which Windows version are you running IE7 on? Do you have a huge amount of entries in the "Restricted Zone" of IE? Bye, Freudi

  • Anonymous
    April 12, 2008
    My computer automatically downloaded and installed the April security updates the other day and after restarting, promptly stopped connecting to the internet. I'm still on XP w/IE 7 and each time I would troubleshoot my wired connection it tells me: Windows cannot connect to the Internet using HTTP, HTTPS, or FTP. This is probably causedby firewall settings on this computer. Check the firewall settings for the HTTP port(80), HTTPS port (443, and FTP port (21). It then says I might need to contact my Internet service provider (why and tell them what?) or the manufacturer of my firewall software (which is you, Microsoft) My other problem is, I turned off the firewall and it still doesn't work. I restored to the day before and all is well. Anyone out there have any insight into this?????

  • Anonymous
    April 13, 2008
    @Monk The issue may be related to third-party "security software" installed on the system: http://support.microsoft.com/kb/942818/en-us Which third-party firewall software are you using? Please name the exact product name and version. Bye, Freudi

  • Anonymous
    April 15, 2008
    Our Web application used to work before this update on IE7, we use prototype.js  when we try to set a position with setStyle this simply doesn't work, how can i avoid this update?

  • Anonymous
    April 16, 2008
    I've been having the same problem that Monk and Chris have reported.  The April 8 update ("Hotfix for Windows IE & KB947864") loaded and now I cannot connect to anything on the internet.  I'm not a super-techie, but finally decided to uninstalled the update (from Add/Remove Programs in the Control Panel), disable my Windows Auto Updates, and now I'm OK. I'm on Windows XP, am using "Norton Security Online provided by ATT/Yahoo Online Protection", provided by my ISP.  Your reference to 3rd party firewalls is apparently not valid since Monk indicated he (she?) is using Microsoft's firewall.

  • Anonymous
    April 16, 2008
    The comment has been removed

  • Anonymous
    April 17, 2008
    I followed the instructions in the link you provided, but they were incomplete.  After an hour of complete inability to access the internet (still without the 4/8 "fix", by the way), I am back on the internet, but too frustrated to continue. I was working fine without the "fix", now I need to re-establish all my program rules just to access the internet as I was able to on 4/7.  If I can get stable internet usage for a week, I'll try to reload the "fix", but I'm keeping "auto updates" turned off until that time.

  • Anonymous
    April 17, 2008
    Hi Gayle, sorry to hear you've issues with Symantec's applications. I would recommend to uninstall "Norton Internet Security" completely, enable the Windows Firewall instead and use a free AV application (Avast Home Edition, Avira Antivir Free or AVG free for example) instead. You may want to use the "Norton  Removal Tool" http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039 to get rid of the "Norton" suite though. Bye, Freudi