IE Cumulative Updates MS12-063 - KB2744842 - SANS Internet Storm Center

IE Cumulative Updates MS12-063 - KB2744842
This is a list of links of where each patches can be downloaded that addresses the vulnerability discussed in Microsoft Security Bulletin MS12-063 and reported in diary IE Fixes Available yesterday. Cumulative Security Update for Internet Explorer 7 for Windows XP (KB2744842) [1] http://www.microsoft.com/en-us/download/details.aspx?id=34723&WT.mc_id=rss_allproducts_ie Cumulative Security Update for Internet Explorer 8 for Windows XP (KB2744842) [2] http://www.microsoft.com/en-us/download/details.aspx?id=34731&WT.mc_id=rss_allproducts_ie Cumulative Security Update for Internet Explorer 8 in Windows Vista (KB2744842) [3] http://www.microsoft.com/en-us/download/details.aspx?id=34718&WT.mc_id=rss_allproducts_ie Cumulative Security Update for Internet Explorer 9 in Windows Vista (KB2744842) [4] http://www.microsoft.com/en-us/download/details.aspx?id=34732 Cumulative Security Update for Internet Explorer 8 in Windows 7 (KB2744842) [5] http://www.microsoft.com/en-us/download/details.aspx?id=34736&WT.mc_id=rss_allproducts_ie Cumulative Security Update for Internet Explorer 9 in Windows 7 (KB2744842) [6] http://www.microsoft.com/en-au/download/details.aspx?id=34713 Cumulative Security Update for Internet Explorer for Windows Server 2003 (KB2744842) [7] http://www.microsoft.com/en-us/download/details.aspx?id=34725&WT.mc_id=rss_allproducts_ie ----------- Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu	Guy 522 Posts ISC Handler Sep 21st 2012
Thread locked Subscribe	Sep 21st 2012 9 years ago
Go here to get KB2744842 for the X64 Version for W7X64. http://www.microsoft.com/en-us/download/details.aspx?id=34719 The first one I went after was x86. So I had to go hunt for it.	Anonymous
Quote	Sep 21st 2012 9 years ago
Note that IE 6 is vulnerable to this same problem and no patch exists for it. So, anyone still running IE6 (and I am sure they are out there) better get on the upgrade train or they are still fully exposed to this issue (and I assume others since it has been out of support for a while).	BGC 23 Posts
Quote	Sep 21st 2012 9 years ago
IE 6 patches are available for download to WSUS servers for 2003, 2003 Itanium, 2003 x64, and XP so I would expect these to be available currently on the downloads page or through automatic updates.	Alan 57 Posts
Quote	Sep 21st 2012 9 years ago
BGC, Patches are released for it, I'm sorry to say that IE6 still has some life left in it: http://www.ie6death.com/	Alan 10 Posts
Quote	Sep 21st 2012 9 years ago
Install this patch at your own peril. This thing breaks more than it fixes. It has killed a number of our Java 6 based applications, some apps will not not launch at all, and a few workstation BSOD after install of this patch. As soon as patch is removed, all work fine again.	Alan 1 Posts
Quote	Sep 25th 2012 9 years ago
@Dragonsoul Do you have any more info you can provide? I have installed it on 7 WinXP systems and 1 Win7/64 system without incident.	K-Dee 68 Posts
Quote	Sep 26th 2012 9 years ago
Re Dragonsoul's post we have seen similar issues with breaks. One machine repeatedly rebooted and crashed when applied, another won't present many, many websites including sites such as www.citrix.com. Unconfirmed as of yet but indications are this may be the reason to Windows 7 readiness update released shortly after kb2744842 was released. Another report indicates turning off McAfee allowed clean install (we're not running mcafee).	Alan 57 Posts
Quote	Sep 27th 2012 9 years ago
Update to my earlier post, turns out that both issues we experienced were proven unrelated to KB2744842 updates. The first turned out to be a conflict between multiple concurrent updates on an out of date machine, the second problem was directly related to activeX filtering being enabled in IE9.	Alan 57 Posts
Quote	Sep 29th 2012 9 years ago