IE Cumulative Updates MS12-063 - KB2744842

Published: 2012-09-21
Last Updated: 2012-09-21 17:45:44 UTC
by Guy Bruneau (Version: 3)
8 comment(s)

This is a list of links of where each patches can be downloaded that addresses the vulnerability discussed in Microsoft Security Bulletin MS12-063 and reported in diary IE Fixes Available yesterday.

Cumulative Security Update for Internet Explorer 7 for Windows XP (KB2744842)
[1] http://www.microsoft.com/en-us/download/details.aspx?id=34723&WT.mc_id=rss_allproducts_ie

Cumulative Security Update for Internet Explorer 8 for Windows XP (KB2744842)
[2] http://www.microsoft.com/en-us/download/details.aspx?id=34731&WT.mc_id=rss_allproducts_ie

Cumulative Security Update for Internet Explorer 8 in Windows Vista (KB2744842)
[3] http://www.microsoft.com/en-us/download/details.aspx?id=34718&WT.mc_id=rss_allproducts_ie

Cumulative Security Update for Internet Explorer 9 in Windows Vista (KB2744842)
[4] http://www.microsoft.com/en-us/download/details.aspx?id=34732

Cumulative Security Update for Internet Explorer 8 in Windows 7 (KB2744842)
[5] http://www.microsoft.com/en-us/download/details.aspx?id=34736&WT.mc_id=rss_allproducts_ie

Cumulative Security Update for Internet Explorer 9 in Windows 7 (KB2744842)
[6] http://www.microsoft.com/en-au/download/details.aspx?id=34713

Cumulative Security Update for Internet Explorer for Windows Server 2003 (KB2744842)
[7] http://www.microsoft.com/en-us/download/details.aspx?id=34725&WT.mc_id=rss_allproducts_ie

Update 1: The patch is now available via Windows Update.

Update 2: Microsoft has released Microsoft Security Bulletin MS12-063 rated Critical available here. This bulleting address one publicly disclosed and four privately reported vulnerabilities in Internet Explorer.

[8] http://technet.microsoft.com/en-us/security/bulletin/ms12-063

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

Keywords: IE KB2744842
8 comment(s)

Comments

Go here to get KB2744842 for the X64 Version for W7X64.
http://www.microsoft.com/en-us/download/details.aspx?id=34719

The first one I went after was x86.
So I had to go hunt for it.

Note that IE 6 is vulnerable to this same problem and no patch exists for it. So, anyone still running IE6 (and I am sure they are out there) better get on the upgrade train or they are still fully exposed to this issue (and I assume others since it has been out of support for a while).
IE 6 patches are available for download to WSUS servers for 2003, 2003 Itanium, 2003 x64, and XP so I would expect these to be available currently on the downloads page or through automatic updates.
BGC, Patches are released for it, I'm sorry to say that IE6 still has some life left in it: http://www.ie6death.com/
Install this patch at your own peril. This thing breaks more than it fixes. It has killed a number of our Java 6 based applications, some apps will not not launch at all, and a few workstation BSOD after install of this patch. As soon as patch is removed, all work fine again.
@Dragonsoul

Do you have any more info you can provide? I have installed it on 7 WinXP systems and 1 Win7/64 system without incident.
Re Dragonsoul's post we have seen similar issues with breaks. One machine repeatedly rebooted and crashed when applied, another won't present many, many websites including sites such as www.citrix.com. Unconfirmed as of yet but indications are this may be the reason to Windows 7 readiness update released shortly after kb2744842 was released. Another report indicates turning off McAfee allowed clean install (we're not running mcafee).
Update to my earlier post, turns out that both issues we experienced were proven unrelated to KB2744842 updates. The first turned out to be a conflict between multiple concurrent updates on an out of date machine, the second problem was directly related to activeX filtering being enabled in IE9.

Diary Archives