Threat Level: green Handler on Duty: Tom Webb

SANS ISC: IE Cumulative Updates MS12-063 - KB2744842 - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
IE Cumulative Updates MS12-063 - KB2744842

This is a list of links of where each patches can be downloaded that addresses the vulnerability discussed in Microsoft Security Bulletin MS12-063 and reported in diary IE Fixes Available yesterday.

Cumulative Security Update for Internet Explorer 7 for Windows XP (KB2744842)
[1] http://www.microsoft.com/en-us/download/details.aspx?id=34723&WT.mc_id=rss_allproducts_ie

Cumulative Security Update for Internet Explorer 8 for Windows XP (KB2744842)
[2] http://www.microsoft.com/en-us/download/details.aspx?id=34731&WT.mc_id=rss_allproducts_ie

Cumulative Security Update for Internet Explorer 8 in Windows Vista (KB2744842)
[3] http://www.microsoft.com/en-us/download/details.aspx?id=34718&WT.mc_id=rss_allproducts_ie

Cumulative Security Update for Internet Explorer 9 in Windows Vista (KB2744842)
[4] http://www.microsoft.com/en-us/download/details.aspx?id=34732

Cumulative Security Update for Internet Explorer 8 in Windows 7 (KB2744842)
[5] http://www.microsoft.com/en-us/download/details.aspx?id=34736&WT.mc_id=rss_allproducts_ie

Cumulative Security Update for Internet Explorer 9 in Windows 7 (KB2744842)
[6] http://www.microsoft.com/en-au/download/details.aspx?id=34713

Cumulative Security Update for Internet Explorer for Windows Server 2003 (KB2744842)
[7] http://www.microsoft.com/en-us/download/details.aspx?id=34725&WT.mc_id=rss_allproducts_ie

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

Guy

418 Posts
ISC Handler
Go here to get KB2744842 for the X64 Version for W7X64.
http://www.microsoft.com/en-us/download/details.aspx?id=34719

The first one I went after was x86.
So I had to go hunt for it.

Anonymous
Posts
Note that IE 6 is vulnerable to this same problem and no patch exists for it. So, anyone still running IE6 (and I am sure they are out there) better get on the upgrade train or they are still fully exposed to this issue (and I assume others since it has been out of support for a while).
BGC

23 Posts Posts
IE 6 patches are available for download to WSUS servers for 2003, 2003 Itanium, 2003 x64, and XP so I would expect these to be available currently on the downloads page or through automatic updates.
Alan

57 Posts Posts
BGC, Patches are released for it, I'm sorry to say that IE6 still has some life left in it: http://www.ie6death.com/
Anonymous
Posts
Install this patch at your own peril. This thing breaks more than it fixes. It has killed a number of our Java 6 based applications, some apps will not not launch at all, and a few workstation BSOD after install of this patch. As soon as patch is removed, all work fine again.
Anonymous
Posts
@Dragonsoul

Do you have any more info you can provide? I have installed it on 7 WinXP systems and 1 Win7/64 system without incident.
K-Dee

64 Posts Posts
Re Dragonsoul's post we have seen similar issues with breaks. One machine repeatedly rebooted and crashed when applied, another won't present many, many websites including sites such as www.citrix.com. Unconfirmed as of yet but indications are this may be the reason to Windows 7 readiness update released shortly after kb2744842 was released. Another report indicates turning off McAfee allowed clean install (we're not running mcafee).
Alan

57 Posts Posts
Update to my earlier post, turns out that both issues we experienced were proven unrelated to KB2744842 updates. The first turned out to be a conflict between multiple concurrent updates on an out of date machine, the second problem was directly related to activeX filtering being enabled in IE9.
Alan

57 Posts Posts

Sign Up for Free or Log In to start participating in the conversation!