ID CVE-2015-0055 Type cve Reporter cve@mitre.org Modified 2018-10-12T22:08:00
Description
Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability."
{"symantec": [{"lastseen": "2018-03-14T22:41:07", "bulletinFamily": "software", "cvelist": ["CVE-2015-0055"], "description": "### Description\n\nMicrosoft Internet Explorer is prone to a remote privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges. Successful exploits may aid in further attacks. Internet Explorer 10 and 11 are vulnerable.\n\n### Technologies Affected\n\n * Avaya Aura Conferencing Standard Edition 6.0 \n * Avaya CallPilot 4.0 \n * Avaya CallPilot 4.0.1 \n * Avaya CallPilot 5.0 \n * Avaya CallPilot 5.0.1 \n * Avaya CallPilot 5.1.0 \n * Avaya Communication Server 1000 Telephony Manager 3.0 \n * Avaya Communication Server 1000 Telephony Manager 3.0.1 \n * Avaya Communication Server 1000 Telephony Manager 4.0 \n * Avaya Communication Server 1000 Telephony Manager 4.0.1 \n * Avaya Meeting Exchange - Client Registration Server 5.0 \n * Avaya Meeting Exchange - Client Registration Server 5.0.1 \n * Avaya Meeting Exchange - Client Registration Server 5.2 \n * Avaya Meeting Exchange - Client Registration Server 5.2.1 \n * Avaya Meeting Exchange - Client Registration Server 6.0 \n * Avaya Meeting Exchange - Client Registration Server 6.2 \n * Avaya Meeting Exchange - Recording Server 5.0 \n * Avaya Meeting Exchange - Recording Server 5.0.1 \n * Avaya Meeting Exchange - Recording Server 5.2 \n * Avaya Meeting Exchange - Recording Server 5.2.1 \n * Avaya Meeting Exchange - Recording Server 6.0 \n * Avaya Meeting Exchange - Recording Server 6.2 \n * Avaya Meeting Exchange - Streaming Server 5.0 \n * Avaya Meeting Exchange - Streaming Server 5.0.1 \n * Avaya Meeting Exchange - Streaming Server 5.2 \n * Avaya Meeting Exchange - Streaming Server 5.2.1 \n * Avaya Meeting Exchange - Streaming Server 6.0 \n * Avaya Meeting Exchange - Streaming Server 6.2 \n * Avaya Meeting Exchange - Web Conferencing Server 5.0 \n * Avaya Meeting Exchange - Web Conferencing Server 5.0.1 \n * Avaya Meeting Exchange - Web Conferencing Server 5.2 \n * Avaya Meeting Exchange - Web Conferencing Server 5.2.1 \n * Avaya Meeting Exchange - Web Conferencing Server 6.0 \n * Avaya Meeting Exchange - Web Conferencing Server 6.2 \n * Avaya Meeting Exchange - Webportal 5.0 \n * Avaya Meeting Exchange - Webportal 5.0.1 \n * Avaya Meeting Exchange - Webportal 5.2 \n * Avaya Meeting Exchange - Webportal 5.2.1 \n * Avaya Meeting Exchange - Webportal 6.0 \n * Avaya Meeting Exchange - Webportal 6.2 \n * Avaya Messaging Application Server 5.0 \n * Avaya Messaging Application Server 5.0.1 \n * Avaya Messaging Application Server 5.2 \n * Avaya Messaging Application Server 5.2.1 \n * Microsoft Internet Explorer 10 \n * Microsoft Internet Explorer 11 \n\n### Recommendations\n\n**Block external access at the network boundary, unless external parties require service.** \nFilter access to the affected computer at the network boundary if global access isn't needed. Restricting access to only trusted computers and networks might greatly reduce the likelihood of a successful exploit.\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity such as unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits.\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2015-02-10T00:00:00", "published": "2015-02-10T00:00:00", "id": "SMNTC-72479", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/72479", "type": "symantec", "title": "Microsoft Internet Explorer CVE-2015-0055 Remote Privilege Escalation Vulnerability", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "googleprojectzero": [{"lastseen": "2020-12-14T19:25:56", "bulletinFamily": "info", "cvelist": ["CVE-2014-0568", "CVE-2014-6322", "CVE-2015-0055", "CVE-2015-2428", "CVE-2015-2429", "CVE-2015-2430"], "description": "Posted by James Forshaw, abusing symbolic links like it\u2019s 1999. \n\n** \n**\n\nFor the past couple of years I\u2019ve been researching Windows elevation of privilege attacks. This might be escaping sandboxing or gaining system privileges. One of the techniques I\u2019ve used multiple times is abusing the symbolic link facilities of the Windows operating system to redirect privileged code to create files or registry keys to escape the restrictive execution context. Symbolic links in themselves are not vulnerabilities, instead they\u2019re useful primitives for exploiting different classes of vulnerabilities such as resource planting or time-of-check time-of-use. \n\n** \n**\n\nThis blog post contains details of a few changes Microsoft has made to Windows 10, and now back ported (in [MS15-090](<https://technet.microsoft.com/en-us/library/security/ms15-090.aspx>)) as far back as Windows Vista which changes who can use certain types of symbolic links. There\u2019s not been many mitigations of this type which get back ported to so many older versions of Windows. Therefore I feel this is a good example of a vendor developing mitigations in response to increased attacks using certain techniques which wouldn\u2019t have traditionally been considered before for mitigations.\n\n## Quick Overview of Windows Symbolic Link Support\n\nIf you already know all about Windows Symbolic Link support you can always skip this, or perhaps view my [presentation](<https://vimeo.com/album/3416096/video/133002251>) I made at this year\u2019s Infiltrate conference about abusing them. If not continue on. There are three types of symbolic links you can access from a low privileged user, Object Manager Symbolic Links, Registry Key Symbolic Links and NTFS Mount Points. There\u2019s actually a fourth type, NTFS Symbolic Links, however you can only create this type if you\u2019re an administrator making them of little use for privilege escalation. These symbolic link types have been added over the many years of the NT development as shown below. \n\n** \n**\n\n\n\n** \n**\n\n### Object Manager Symbolic Links\n\nFrom a user perspective Windows supports multiple drives, such as C:. But that\u2019s not really what\u2019s seen under the hood. Behind the facade of the explorer shell and the Win32 API is another filesystem like structure, the object manager namespace. This is used to hold named resources such as devices and events, but crucially it has support for symbolic links. One of the main users of symbolic links is the aforementioned drive letters. If you look at the namespace using a tool such as [WinObj](<https://technet.microsoft.com/en-us/Library/bb896657.aspx>) you can find the drive letter symlinks and see them redirect to the real mounted device. \n\n** \n**\n\n\n\n** \n**\n\nWhile these symbolic links are supposed to be used only for system purposes it\u2019s possible to create them as a low privileged user, as long as you have access to the target area of the object manager namespace. While there\u2019s a few attacks which can be facilitated with them it\u2019s easiest to exploit in file attacks. An simple example is [CVE-2015-0055](<https://code.google.com/p/google-security-research/issues/detail?id=189>) which was an information disclosure issue in the IE EPM sandbox which abused symbolic links to bypass a security check. \n\n### Registry Key Symbolic Links\n\nThe Windows Registry is used to store configuration information for the system and isn\u2019t something which your normal user of Windows needs to worry about. While reasonably well documented it does have some features which the normal Win32 APIs do not document, one of which is unsurprisingly symbolic links between keys. This is used by the system to map in the current system configuration at boot time (the well known, [CurrentControlSet](<https://support.microsoft.com/en-us/kb/100010>)) but it\u2019s not really used outside of that. \n\n** \n**\n\n\n\n** \n**\n\nThe fact that a low privilege process can create these types of symbolic links has been abused before (see [MS10-020](<https://technet.microsoft.com/en-us/library/security/ms10-021.aspx>)) which removed the ability to create symbolic links between a untrusted registry hive such as the current user\u2019s hive and trusted system hive, but it didn\u2019t do anything to block the sandbox case where the symbolic link attacks the same user\u2019s hive at different privilege levels. An example of a vulnerability exploitable using this type of link was [CVE-2014-6322](<https://code.google.com/p/google-security-research/issues/detail?id=99&can=1&q=reporter%3Ame>) which was an issue with the Windows Audio Server which could be exploited from the IE EPM sandbox. \n\n### NTFS Mount Points\n\nThe final type of symbolic link allows a directory on the NTFS file system to be linked to another directory either on the same volume or on a completely different volume. It can\u2019t be used to directly link to a single file (at least without some tricks) but it\u2019s still useful. For example if you can find a privilege process which can be used to drop a file in a specified directory the write can be re-directed to somewhere the attacker controls. \n\n** \n**\n\n\n\n** \n**\n\nThe only requirement on creating the mount point is a writable handle to a directory on the filesystem which is usually easy enough to achieve. This is probably the most used type of symbolic link for vulnerability exploitation, at least being used against Chrome, IE, and Adobe Reader sandboxes before now. An example is [CVE-2014-0568](<https://code.google.com/p/google-security-research/issues/detail?id=94&can=1&q=reporter%3Ame>) which was an issue I found in Adobe Reader which allows you to create an arbitrary file which could be used to escape the sandbox. \n\n## Technical Details of Mitigations\n\nNow let\u2019s go into some technical details of the mitigations, what they do and what they don\u2019t. The root of all the mitigations is a new exported kernel function, RtlIsSandboxToken. This function determines if the current caller is considered to be in a sandbox, which in this case means either running at a integrity level below medium integrity or running within an AppContainer. The check is made by capturing the current subject context and calling SeAccessCheck with a Security Descriptor requiring medium integrity level. This shouldn\u2019t be easily bypassable. \n\n** \n**\n\nAt this point you might assume that all the mitigations will do is call the method when creating a symbolic link and refuse to create them, but due to application compatibility it isn\u2019t that simple. It\u2019s easy to find the interactions by looking at the reference to the function in IDA or similar. I\u2019ll briefly describe how each one is applied and compromises being made.\n\n** \n**\n\n\n\n### Registry Key Symbolic Link Mitigation (CVE-2015-2429)\n\nThe simplest mitigation implementation is for registry keys. Effectively a sandboxed process is not allowed to ever create a registry key symbolic link. This is implemented by calling RtlIsSandboxToken function when creating a new key (you need to specific a special flag when creating a key symbolic link). It\u2019s also called when setting the SymbolicLinkValue value which contains the link target. This second check is necessary to prevent modifying existing symbolic links, although it would be unlikely to be something found on a real system.\n\n### Object Manager Symbolic Link Mitigation (CVE-2015-2428)\n\nIf an application tries to create an object manager symbolic link from a sandbox process it will still seem to work, however if you look at where the check is called you\u2019ll find it doing something interesting. When the symbolic link is created the RtlIsSandboxToken function is called but the kernel doesn\u2019t immediately return an error. Instead it uses it to set a flag inside the symbolic link kernel object which indicates to the object manager a sandboxed process has created this link. \n\n** \n**\n\nThis flag is then used in the ObpParseSymbolicLink function which is called when the object manager is resolving the target of a symbolic link. The RtlIsSandboxToken is called again, if the current caller is not in a sandbox but the creator was in a sandbox then the kernel will return an error and not resolve the symbolic link, effective making the link useless for a sandboxed to unsandboxed elevation.\n\n** \n**\n\nThe behaviour is likely for applications running in AppContainers which might need to create symbolic links, but only other sandbox processes would need to follow the links. It\u2019s quite a pragmatic way of mitigating the issue without breaking application compatibility. However it does bring an additional performance cost, every time a symbolic link is resolved (such as the C: drive) an access check must be performed, presumably this has been measured to have a negligible impact. \n\n### NTFS Mount Point Mitigation (CVE-2015-2430)\n\nThe final mitigation is for NTFS mount points. In early technical previews of Windows 10 (I first spotted the change in 10130) the check was in the NTFS driver itself and explicitly blocked the creation of mount points from a sandboxed process. Again for presumably application compatibility reasons this restriction has been relaxed in the final release and the back ported mitigations. \n\n** \n**\n\nInstead of completely blocking creation the kernel function IopXxxControlFile has been modified so whenever it sees the FSCTL_SET_REPARSE_POINT file system control code being passed to a driver with a mount point reparse tag it tries to verify if the sandboxed caller has write access to the target directory. If access is not granted, or the directory doesn\u2019t exist then setting the mount point fails. This ensures that in the the majority of situations the sandboxed application couldn\u2019t elevate privileges, as it could already write to the directory already. There\u2019s obviously a theoretical issue in that the target could later be deleted and replaced by something important for a higher privileged process but that\u2019s not very likely to occur in a practical, reliable exploit. \n\n## Conclusions\n\nThese targeted mitigations gives a clear indication that bug hunting and disclosing the details of how to exploit certain types of vulnerabilities can lead into mitigation development, even if they\u2019re not traditional memory corruption bugs. While I didn\u2019t have a hand in the actual development of the mitigation It\u2019s likely my research was partially responsible for Microsoft acting to develop them. It\u2019s very interesting that 3 different approaches ended up being taken, reflecting the potential application compatibility issues which might arise.\n\n \n\n\nExcluding any bypasses which might come to light these should make entire classes of resource planting bugs unexploitable from a compromised sandboxed process and would make things like time-of-check time-of-use harder to exploit. Also it shows the level of effort that implementing mitigations without breaking backwards compatibility requires. The fact that these only target sandboxes and not system level escalation is particularly telling in this regard.\n", "modified": "2015-08-25T00:00:00", "published": "2015-08-25T00:00:00", "id": "GOOGLEPROJECTZERO:F06DB29D4493CE57606D1D984EFBC079", "href": "https://googleprojectzero.blogspot.com/2015/08/windows-10hh-symbolic-link-mitigations.html", "type": "googleprojectzero", "title": "\nWindows 10^H^H Symbolic Link Mitigations\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2020-06-10T19:50:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0041", "CVE-2015-0044", "CVE-2015-0022", "CVE-2015-0039", "CVE-2015-0054", "CVE-2015-0028", "CVE-2015-0052", "CVE-2015-0018", "CVE-2015-0020", "CVE-2015-0069", "CVE-2015-0021", "CVE-2015-0030", "CVE-2015-0031", "CVE-2015-0023", "CVE-2015-0035", "CVE-2015-0038", "CVE-2015-0019", "CVE-2015-0048", "CVE-2015-0026", "CVE-2015-0029", "CVE-2015-0051", "CVE-2015-0045", "CVE-2015-0049", "CVE-2015-0017", "CVE-2015-0043", "CVE-2015-0071", "CVE-2015-0027", "CVE-2015-0037", "CVE-2015-0067", "CVE-2015-0068", "CVE-2015-0025", "CVE-2015-0053", "CVE-2015-0036", "CVE-2015-0050", "CVE-2015-0055", "CVE-2015-0046", "CVE-2015-0042", "CVE-2015-0040", "CVE-2014-8967", "CVE-2015-0066", "CVE-2015-0070"], "description": "This host is missing a critical security\n update according to Microsoft Bulletin MS15-009.", "modified": "2020-06-09T00:00:00", "published": "2015-02-11T00:00:00", "id": "OPENVAS:1361412562310805136", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805136", "type": "openvas", "title": "Microsoft Internet Explorer Multiple Memory Corruption Vulnerabilities (3034682)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Internet Explorer Multiple Memory Corruption Vulnerabilities (3034682)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:microsoft:ie\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805136\");\n script_version(\"2020-06-09T05:48:43+0000\");\n script_cve_id(\"CVE-2014-8967\", \"CVE-2015-0017\", \"CVE-2015-0018\", \"CVE-2015-0019\",\n \"CVE-2015-0020\", \"CVE-2015-0021\", \"CVE-2015-0022\", \"CVE-2015-0023\",\n \"CVE-2015-0025\", \"CVE-2015-0026\", \"CVE-2015-0027\", \"CVE-2015-0028\",\n \"CVE-2015-0029\", \"CVE-2015-0030\", \"CVE-2015-0031\", \"CVE-2015-0035\",\n \"CVE-2015-0036\", \"CVE-2015-0037\", \"CVE-2015-0038\", \"CVE-2015-0039\",\n \"CVE-2015-0040\", \"CVE-2015-0041\", \"CVE-2015-0042\", \"CVE-2015-0043\",\n \"CVE-2015-0044\", \"CVE-2015-0045\", \"CVE-2015-0046\", \"CVE-2015-0048\",\n \"CVE-2015-0049\", \"CVE-2015-0050\", \"CVE-2015-0051\", \"CVE-2015-0052\",\n \"CVE-2015-0053\", \"CVE-2015-0054\", \"CVE-2015-0055\", \"CVE-2015-0066\",\n \"CVE-2015-0067\", \"CVE-2015-0068\", \"CVE-2015-0069\", \"CVE-2015-0070\",\n \"CVE-2015-0071\");\n script_bugtraq_id(71483, 72402, 72403, 72425, 72426, 72436, 72437, 72438,\n 72439, 72440, 72441, 72442, 72443, 72444, 72445, 72447,\n 72446, 72448, 72404, 72409, 72410, 72411, 72412, 72413,\n 72414, 72415, 72416, 72417, 72418, 72419, 72453, 72420,\n 72421, 72478, 72479, 72422, 72423, 72424, 72454, 72480,\n 72455);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-09 05:48:43 +0000 (Tue, 09 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-02-11 08:41:05 +0530 (Wed, 11 Feb 2015)\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_name(\"Microsoft Internet Explorer Multiple Memory Corruption Vulnerabilities (3034682)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft Bulletin MS15-009.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to an error related\n to display:run-in handling, user supplied input is not properly validated and\n multiple unspecified vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow context\n\n - dependent attacker to corrupt memory, execute arbitrary code and compromise\n a user's system.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Internet Explorer version 6.x/7.x/8.x/9.x/10.x/11.x.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/kb/3034682\");\n script_xref(name:\"URL\", value:\"https://technet.microsoft.com/library/security/MS15-009\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"gb_ms_ie_detect.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"MS/IE/Version\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win2003:3, win2003x64:3, winVista:3, win7:2, win7x64:2,\n win2008:3, win2008r2:2, win8:1, win8x64:1, win2012:1,\n win2012R2:1, win8_1:1, win8_1x64:1) <= 0){\n exit(0);\n}\n\nieVer = get_app_version(cpe:CPE);\nif(!ieVer || ieVer !~ \"^([6-9|1[01])\\.\"){\n exit(0);\n}\n\nsysPath = smb_get_systemroot();\nif(!sysPath ){\n exit(0);\n}\n\ndllVer = fetch_file_version(sysPath:sysPath, file_name:\"system32\\Mshtml.dll\");\ndllVer2 = fetch_file_version(sysPath:sysPath, file_name:\"system32\\Jscript9.dll\");\nif(!dllVer && !dllVer2){\n exit(0);\n}\n\nif(hotfix_check_sp(win2003:3, win2003x64:3) > 0 && dllVer)\n{\n if(version_is_less(version:dllVer, test_version:\"6.0.3790.5508\") ||\n version_in_range(version:dllVer, test_version:\"7.0.6000.00000\", test_version2:\"7.0.6000.21431\")||\n version_in_range(version:dllVer, test_version:\"8.0.6001.18000\", test_version2:\"8.0.6001.23643\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n exit(0);\n}\n\nelse if(hotfix_check_sp(winVista:3, win2008:3) > 0)\n{\n if(dllVer)\n {\n if(version_in_range(version:dllVer, test_version:\"7.0.6002.18000\", test_version2:\"7.0.6002.19280\")||\n version_in_range(version:dllVer, test_version:\"7.0.6002.23000\", test_version2:\"7.0.6002.23589\")||\n version_in_range(version:dllVer, test_version:\"8.0.6001.18000\", test_version2:\"8.0.6001.19599\")||\n version_in_range(version:dllVer, test_version:\"8.0.6001.20000\", test_version2:\"8.0.6001.23654\")||\n version_in_range(version:dllVer, test_version:\"9.0.8112.16000\", test_version2:\"9.0.8112.16608\")||\n version_in_range(version:dllVer, test_version:\"9.0.8112.20000\", test_version2:\"9.0.8112.20724\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n }\n\n if(dllVer2)\n {\n if(version_in_range(version:dllVer2, test_version:\"9.0.8112.16000\", test_version2:\"9.0.8112.16619\")||\n version_in_range(version:dllVer2, test_version:\"9.0.8112.20000\", test_version2:\"9.0.8112.20729\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n }\n exit(0);\n}\n\nelse if(hotfix_check_sp(win7:2, win7x64:2, win2008r2:2) > 0)\n{\n if(dllVer)\n {\n if(version_in_range(version:dllVer, test_version:\"8.0.7601.17000\", test_version2:\"8.0.7601.18714\")||\n version_in_range(version:dllVer, test_version:\"8.0.7601.22000\", test_version2:\"8.0.7601.22920\")||\n version_in_range(version:dllVer, test_version:\"9.0.8112.16000\", test_version2:\"9.0.8112.16608\")||\n version_in_range(version:dllVer, test_version:\"9.0.8112.20000\", test_version2:\"9.0.8112.20724\")||\n version_in_range(version:dllVer, test_version:\"10.0.9200.16000\", test_version2:\"10.0.9200.17228\")||\n version_in_range(version:dllVer, test_version:\"10.0.9200.21000\", test_version2:\"10.0.9200.21344\")||\n version_in_range(version:dllVer, test_version:\"11.0.9600.00000\", test_version2:\"11.0.9600.17630\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n }\n\n if(dllVer2)\n {\n if(version_in_range(version:dllVer2, test_version:\"9.0.8112.16000\", test_version2:\"9.0.8112.16619\")||\n version_in_range(version:dllVer2, test_version:\"9.0.8112.20000\", test_version2:\"9.0.8112.20729\")||\n version_in_range(version:dllVer2, test_version:\"10.0.9200.17000\", test_version2:\"10.0.9200.17240\")||\n version_in_range(version:dllVer2, test_version:\"10.0.9200.21000\", test_version2:\"10.0.9200.21358\")||\n version_in_range(version:dllVer2, test_version:\"11.0.9600.17000\", test_version2:\"11.0.9600.17639\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n }\n exit(0);\n}\n\nelse if(hotfix_check_sp(win8:1, win2012:1) > 0)\n{\n if(dllVer)\n {\n if(version_in_range(version:dllVer, test_version:\"10.0.9200.16000\", test_version2:\"10.0.9200.17227\")||\n version_in_range(version:dllVer, test_version:\"10.0.9200.20000\", test_version2:\"10.0.9200.21344\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n }\n\n if(dllVer2)\n {\n if(version_in_range(version:dllVer2, test_version:\"10.0.9200.17000\", test_version2:\"10.0.9200.17240\")||\n version_in_range(version:dllVer2, test_version:\"10.0.9200.21000\", test_version2:\"10.0.9200.21358\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n }\n exit(0);\n}\n\nelse if(hotfix_check_sp(win8_1:1, win8_1x64:1, win2012R2:1) > 0)\n{\n if(dllVer && version_is_less(version:dllVer, test_version:\"11.0.9600.17631\")||\n dllVer2 && version_is_less(version:dllVer2, test_version:\"11.0.9600.17640\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2020-09-02T11:42:03", "bulletinFamily": "info", "cvelist": ["CVE-2015-0041", "CVE-2015-0044", "CVE-2015-0022", "CVE-2015-0039", "CVE-2015-0054", "CVE-2015-0028", "CVE-2015-0052", "CVE-2015-0018", "CVE-2015-0020", "CVE-2015-0069", "CVE-2015-0021", "CVE-2015-0030", "CVE-2015-0031", "CVE-2015-0023", "CVE-2015-0035", "CVE-2015-0038", "CVE-2015-0019", "CVE-2015-0048", "CVE-2015-0026", "CVE-2015-0029", "CVE-2015-0051", "CVE-2015-0045", "CVE-2015-0049", "CVE-2015-0017", "CVE-2015-0043", "CVE-2015-0071", "CVE-2015-0027", "CVE-2015-0037", "CVE-2015-0067", "CVE-2015-0068", "CVE-2015-0025", "CVE-2015-0053", "CVE-2015-0036", "CVE-2015-0050", "CVE-2015-0055", "CVE-2015-0046", "CVE-2015-0042", "CVE-2015-0040", "CVE-2014-8967", "CVE-2015-0066", "CVE-2015-0070"], "description": "### *Detect date*:\n02/10/2015\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple critical vulnerabilities have been found in Internet Explorer. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, bypass security restrictions or obtain sensitive information.\n\n### *Affected products*:\nInternet Explorer versions from 6 to 11\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[MS advisory](<https://technet.microsoft.com/en-us/library/security/ms15-009.aspx>) \n[CVE-2015-0043](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0043>) \n[CVE-2015-0042](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0042>) \n[CVE-2015-0041](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0041>) \n[CVE-2015-0040](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0040>) \n[CVE-2015-0048](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0048>) \n[CVE-2015-0046](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0046>) \n[CVE-2015-0045](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0045>) \n[CVE-2015-0044](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0044>) \n[CVE-2015-0017](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0017>) \n[CVE-2015-0038](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0038>) \n[CVE-2015-0029](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0029>) \n[CVE-2015-0028](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0028>) \n[CVE-2015-0050](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0050>) \n[CVE-2015-0055](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0055>) \n[CVE-2015-0070](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0070>) \n[CVE-2015-0053](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0053>) \n[CVE-2014-8967](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-8967>) \n[CVE-2015-0049](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0049>) \n[CVE-2015-0051](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0051>) \n[CVE-2015-0020](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0020>) \n[CVE-2015-0021](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0021>) \n[CVE-2015-0026](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0026>) \n[CVE-2015-0027](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0027>) \n[CVE-2015-0054](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0054>) \n[CVE-2015-0025](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0025>) \n[CVE-2015-0066](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0066>) \n[CVE-2015-0067](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0067>) \n[CVE-2015-0019](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0019>) \n[CVE-2015-0018](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0018>) \n[CVE-2015-0031](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0031>) \n[CVE-2015-0030](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0030>) \n[CVE-2015-0036](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0036>) \n[CVE-2015-0039](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0039>) \n[CVE-2015-0022](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0022>) \n[CVE-2015-0023](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0023>) \n[CVE-2015-0035](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0035>) \n[CVE-2015-0052](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0052>) \n[CVE-2015-0037](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0037>) \n[CVE-2015-0068](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0068>) \n[CVE-2015-0069](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0069>) \n[CVE-2015-0071](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0071>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Internet Explorer](<https://threats.kaspersky.com/en/product/Microsoft-Internet-Explorer/>)\n\n### *CVE-IDS*:\n[CVE-2015-0043](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0043>)9.3Critical \n[CVE-2015-0042](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0042>)9.3Critical \n[CVE-2015-0041](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0041>)9.3Critical \n[CVE-2015-0040](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0040>)9.3Critical \n[CVE-2015-0048](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0048>)9.3Critical \n[CVE-2015-0046](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0046>)9.3Critical \n[CVE-2015-0045](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0045>)9.3Critical \n[CVE-2015-0044](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0044>)9.3Critical \n[CVE-2015-0017](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0017>)9.3Critical \n[CVE-2015-0038](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0038>)9.3Critical \n[CVE-2015-0029](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0029>)9.3Critical \n[CVE-2015-0028](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0028>)9.3Critical \n[CVE-2015-0050](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0050>)9.3Critical \n[CVE-2015-0055](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0055>)4.3Warning \n[CVE-2015-0070](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0070>)4.3Warning \n[CVE-2015-0053](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0053>)9.3Critical \n[CVE-2014-8967](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8967>)6.8High \n[CVE-2015-0049](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0049>)9.3Critical \n[CVE-2015-0051](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0051>)4.3Warning \n[CVE-2015-0020](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0020>)9.3Critical \n[CVE-2015-0021](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0021>)9.3Critical \n[CVE-2015-0026](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0026>)9.3Critical \n[CVE-2015-0027](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0027>)9.3Critical \n[CVE-2015-0054](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0054>)4.3Warning \n[CVE-2015-0025](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0025>)9.3Critical \n[CVE-2015-0066](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0066>)9.3Critical \n[CVE-2015-0067](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0067>)9.3Critical \n[CVE-2015-0019](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0019>)9.3Critical \n[CVE-2015-0018](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0018>)9.3Critical \n[CVE-2015-0031](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0031>)9.3Critical \n[CVE-2015-0030](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0030>)9.3Critical \n[CVE-2015-0036](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0036>)9.3Critical \n[CVE-2015-0039](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0039>)9.3Critical \n[CVE-2015-0022](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0022>)9.3Critical \n[CVE-2015-0023](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0023>)9.3Critical \n[CVE-2015-0035](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0035>)9.3Critical \n[CVE-2015-0052](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0052>)9.3Critical \n[CVE-2015-0037](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0037>)9.3Critical \n[CVE-2015-0068](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0068>)9.3Critical \n[CVE-2015-0069](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0069>)4.3Warning \n[CVE-2015-0071](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0071>)4.3Warning\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[3034682](<http://support.microsoft.com/kb/3034682>) \n[3034196](<http://support.microsoft.com/kb/3034196>) \n[3021952](<http://support.microsoft.com/kb/3021952>)\n\n### *Exploitation*:\nThe following public exploits exists for this vulnerability:", "edition": 41, "modified": "2020-06-18T00:00:00", "published": "2015-02-10T00:00:00", "id": "KLA10475", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10475", "title": "\r KLA10475Code execution vulnerability in Internet Explorer ", "type": "kaspersky", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "mskb": [{"lastseen": "2021-01-01T22:37:22", "bulletinFamily": "microsoft", "cvelist": ["CVE-2015-0041", "CVE-2015-0044", "CVE-2015-0022", "CVE-2015-0039", "CVE-2015-0054", "CVE-2015-0028", "CVE-2015-0052", "CVE-2015-0018", "CVE-2015-0020", "CVE-2015-0069", "CVE-2015-0021", "CVE-2015-0030", "CVE-2015-0031", "CVE-2015-0023", "CVE-2015-0035", "CVE-2015-0038", "CVE-2015-0019", "CVE-2015-0048", "CVE-2015-0026", "CVE-2015-0029", "CVE-2015-0051", "CVE-2015-0045", "CVE-2015-0049", "CVE-2015-0017", "CVE-2015-0043", "CVE-2015-0071", "CVE-2015-0027", "CVE-2015-0037", "CVE-2015-0067", "CVE-2015-0068", "CVE-2015-0025", "CVE-2015-0053", "CVE-2015-0036", "CVE-2015-0050", "CVE-2015-0055", "CVE-2015-0046", "CVE-2015-0042", "CVE-2015-0040", "CVE-2014-8967", "CVE-2015-0066", "CVE-2015-0070"], "description": "<html><body><p>Resolves vulnerabilities in Internet Explorer that could allow remote code execution if a user views a specially crafted webpage.</p><h2></h2><div class=\"kb-notice-section section\">The update that this article describes has been replaced by a newer update. We recommend that you install the most current cumulative security update for Internet Explorer. To install the most current update, go to the following Microsoft website: <div class=\"indent\"><a href=\"http://windowsupdate.microsoft.com\" id=\"kb-link-1\" target=\"_self\">http://windowsupdate.microsoft.com</a></div>For more technical information about the most current cumulative security update for Internet Explorer, go to the following Microsoft website: <div class=\"indent\"><a href=\"https://technet.microsoft.com/security/bulletin\" id=\"kb-link-2\" target=\"_self\">https://technet.microsoft.com/security/bulletin</a></div></div><h2>Summary</h2><div class=\"kb-summary-section section\">This security update resolves several reported vulnerabilities in Internet Explorer. The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage in Internet Explorer. This security update helps protect Internet Explorer from being attacked.<br/><br/>Additionally, this security update includes several <a bookmark-id=\"nonsecurityfix\" href=\"#nonsecurityfix\" managed-link=\"\" target=\"\">non-security-related fixes</a> for Internet Explorer. <span></span></div><h2>Update Information</h2><div class=\"kb-summary-section section\"><h3 class=\"sbody-h3\">How to obtain this update </h3><h4 class=\"sbody-h4\">Microsoft update</h4>Use the Windows automatic updating feature to install the update from <a href=\"http://update.microsoft.com/\" id=\"kb-link-3\" target=\"_self\">Microsoft Update</a>. To do this, see <a href=\"https://www.microsoft.com/security/pc-security/updates.aspx\" id=\"kb-link-4\" target=\"_self\">Get security updates automatically</a> on the Microsoft Safety and Security Center website.<br/><br/><h4 class=\"sbody-h4\">Microsoft Download Center</h4>To download the security updates, see the download links in <a href=\"https://technet.microsoft.com/security/bulletin/ms15-009\" id=\"kb-link-5\" target=\"_self\">Microsoft Security Bulletin MS15-009</a>.<br/><br/><div class=\"faq-section\" faq-section=\"\"><div class=\"faq-panel\"><div class=\"faq-panel-heading\" faq-panel-heading=\"\"><span class=\"link-expand-image\"><span class=\"faq-chevron win-icon win-icon-ChevronUpSmall\"></span></span><span class=\"bold btn-link link-expand-text\"><span class=\"bold btn-link\">How to obtain help and support for this security update</span></span></div><div class=\"faq-panel-body\" faq-panel-body=\"\"><span><div class=\"kb-collapsible kb-collapsible-collapsed\">Help installing updates:<br/><a href=\"https://support.microsoft.com/ph/6527\" id=\"kb-link-6\" target=\"_self\">Support for Microsoft Update</a><br/><br/>Security solutions for IT professionals:<br/><a href=\"https://technet.microsoft.com/security/bb980617.aspx\" id=\"kb-link-7\" target=\"_self\">TechNet Security Troubleshooting and Support</a><br/><br/>Help protect your Windows-based computer from viruses and malware: <a href=\"https://support.microsoft.com/contactus/cu_sc_virsec_master\" id=\"kb-link-8\" target=\"_self\">Virus Solution and Security Center</a><br/><br/>Local support according to your country:<br/><a href=\"https://support.microsoft.com/common/international.aspx\" id=\"kb-link-9\" target=\"_self\">International Support</a></div><br/></span></div></div></div><a class=\"bookmark\" id=\"nonsecurityfix\"></a><h4 class=\"sbody-h4\">Additional information about this security update</h4>The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information. If this is the case, the known issue is listed below each article link.<br/><ul class=\"sbody-free_list\"><li><span><div class=\"indent\"><a href=\"https://support.microsoft.com/en-us/help/3021952\" id=\"kb-link-10\">3021952 </a> MS15-009: Description of the security update for Internet Explorer: February 10, 2015 </div></span></li><li><span><div class=\"indent\"><a href=\"https://support.microsoft.com/en-us/help/3034196\" id=\"kb-link-11\">3034196 </a> MS15-009: Description of the security update for JScript9.dll in Internet Explorer: February 10, 2015 </div></span></li></ul></div><h2>More Information</h2><div class=\"kb-moreinformation-section section\"><div class=\"faq-section\" faq-section=\"\"><div class=\"faq-panel\"><div class=\"faq-panel-heading\" faq-panel-heading=\"\"><span class=\"link-expand-image\"><span class=\"faq-chevron win-icon win-icon-ChevronUpSmall\"></span></span><span class=\"bold btn-link link-expand-text\"><span class=\"bold btn-link\">Security update deployment information</span></span></div><div class=\"faq-panel-body\" faq-panel-body=\"\"><span><div class=\"kb-collapsible kb-collapsible-collapsed\"><span class=\"text-base\">Security update deployment </span><h4 class=\"sbody-h4\">Windows Server 2003 (all editions)</h4><span class=\"text-base\">Reference Table</span><br/><br/>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file names</span></td><td class=\"sbody-td\">For Internet Explorer 6 for all supported 32-bit editions of Windows Server 2003:<br/><span class=\"text-base\">WindowsServer2003-KB3021952-x86-ENU.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Internet Explorer 6 for all supported x64-based editions of Windows Server 2003:<br/><span class=\"text-base\">WindowsServer2003-KB3021952-x64-ENU.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Internet Explorer 6 for all supported Itanium-based editions of Windows Server 2003:<br/><span class=\"text-base\">WindowsServer2003-KB3021952-ia64-ENU.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Internet Explorer 7 for all supported 32-bit editions of Windows Server 2003:<br/><span class=\"text-base\">IE7-WindowsServer2003-KB3021952-x86-ENU.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Internet Explorer 7 for all supported x64-based editions of Windows Server 2003:<br/><span class=\"text-base\">IE7-WindowsServer2003-KB3021952-x64-ENU.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Internet Explorer 7 for all supported Itanium-based editions of Windows Server 2003:<br/><span class=\"text-base\">IE7-WindowsServer2003-KB3021952-ia64-ENU.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Internet Explorer 8 for all supported 32-bit editions of Windows Server 2003:<br/><span class=\"text-base\">IE8-WindowsServer2003-KB3021952-x86-ENU.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Internet Explorer 8 for all supported x64-based editions of Windows Server 2003:<br/><span class=\"text-base\">IE8-WindowsServer2003-KB3021952-x64-ENU.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/262841\" id=\"kb-link-13\" target=\"_self\">Microsoft Knowledge Base Article 262841</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Update log file</span></td><td class=\"sbody-td\">For Internet Explorer 6 for all supported 32-bit editions, x64-based editions, and Itanium-based editions of Windows Server 2003:<br/>KB3021952.log</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Internet Explorer 7 for all supported 32-bit editions, x64-based editions, and Itanium-based editions of Windows Server 2003:<br/>KB3021952-IE7.log</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Internet Explorer 8 for all supported 32-bit editions and x64-based editions of Windows Server 2003:<br/>KB3021952-IE8.log</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">Yes, you must restart your system after you apply this security update.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">For Internet Explorer 6 for all supported 32-bit editions, x64-based editions, and Itanium-based editions of Windows Server 2003:<br/>Use <span class=\"text-base\">Add or Remove Programs</span> item in Control Panel or the Spuninst.exe utility located in the Use the Spuninst.exe utility, located in the %Windir%\\$NTUninstallKB3021952$\\Spuninst folder</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Internet Explorer 7 for all supported 32-bit editions, x64-based editions, and Itanium-based editions of Windows Server 2003:<br/>Use <span class=\"text-base\">Add or Remove Programs</span> item in Control Panel or the Spuninst.exe utility located in the %Windir%\\ie7updates\\KB3021952-IE7\\spuninst folder</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Internet Explorer 8 for all supported 32-bit editions and x64-based editions of Windows Server 2003:<br/>Use <span class=\"text-base\">Add or Remove Programs</span> item in Control Panel or the Spuninst.exe utility located in the %Windir%\\ie8updates\\KB3021952-IE8\\spuninst folder</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/3021952\" id=\"kb-link-14\" target=\"_self\">Microsoft Knowledge Base Article 3021952</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Registry key verification</span></td><td class=\"sbody-td\">For Internet Explorer 6 for all supported 32-bit editions, x64-based editions, and Itanium-based editions of Windows Server 2003:<br/>HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Updates\\Windows Server 2003\\SP3\\KB3021952\\Filelist</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Internet Explorer 7 for all supported 32-bit editions, x64-based editions, and Itanium-based editions of Windows Server 2003:<br/>HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Updates\\Windows Server 2003\\SP0\\KB3021952-IE7\\Filelist</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Internet Explorer 8 for all supported 32-bit editions and x64-based editions of Windows Server 2003:<br/>HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Updates\\Windows Server 2003\\SP0\\KB3021952-IE8\\Filelist</td></tr></table></div><h4 class=\"sbody-h4\">Windows Vista (all editions)</h4><span class=\"text-base\">Reference Table</span><br/><br/>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file names</span></td><td class=\"sbody-td\">For Internet Explorer 7 in all supported 32-bit editions of Windows Vista:<br/><span class=\"text-base\">Windows6.0-KB3021952-x86.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Internet Explorer 7 in all supported x64-based editions of Windows Vista:<br/><span class=\"text-base\">Windows6.0-KB3021952-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Internet Explorer 8 in all supported 32-bit editions of Windows Vista:<br/><span class=\"text-base\">IE8-Windows6.0-KB3021952-x86.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Internet Explorer 8 in all supported x64-based editions of Windows Vista:<br/><span class=\"text-base\">IE8-Windows6.0-KB3021952-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Internet Explorer 9 for all supported 32-bit editions of Windows Vista:<br/><span class=\"text-base\">IE9-Windows6.0-KB3021952-x86.msu<br/>IE9-Windows6.0-KB3034196-x86.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Internet Explorer 9 for all supported x64-based editions of Windows Vista:<br/><span class=\"text-base\">IE9-Windows6.0-KB3021952-x64.msu<br/>IE9-Windows6.0-KB3034196-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/934307\" id=\"kb-link-15\" target=\"_self\">Microsoft Knowledge Base Article 934307</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">Yes, you must restart your system after you apply this security update.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">WUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click <span class=\"text-base\">Control Panel</span>, and then click <span class=\"text-base\">Security</span>. Under <strong class=\"uiterm\">Windows Update</strong>, click <span class=\"text-base\">View installed updates</span> and select from the list of updates.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/3021952\" id=\"kb-link-16\" target=\"_self\">Microsoft Knowledge Base Article 3021952</a><br/>See <a href=\"https://support.microsoft.com/help/3034196\" id=\"kb-link-17\" target=\"_self\">Microsoft Knowledge Base Article 3034196</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Registry key verification</span></td><td class=\"sbody-td\"><span class=\"text-base\">Note</span> A registry key does not exist to validate the presence of this update.</td></tr></table></div><h4 class=\"sbody-h4\">Windows Server 2008 (all editions)</h4><span class=\"text-base\">Reference Table</span><br/><br/>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file names</span></td><td class=\"sbody-td\">For Internet Explorer 7 in all supported 32-bit editions of Windows Server 2008:<br/><span class=\"text-base\">Windows6.0-KB3021952-x86.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Internet Explorer 7 in all supported x64-based editions of Windows Server 2008:<br/><span class=\"text-base\">Windows6.0-KB3021952-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Internet Explorer 7 in all supported Itanium-based editions of Windows Server 2008:<br/><span class=\"text-base\">Windows6.0-KB3021952-ia64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Internet Explorer 8 in all supported 32-bit editions of Windows Server 2008:<br/><span class=\"text-base\">IE8-Windows6.0-KB3021952-x86.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Internet Explorer 8 in all supported x64-based editions of Windows Server 2008:<br/><span class=\"text-base\">IE8-Windows6.0-KB3021952-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Internet Explorer 9 for all supported 32-bit editions of Windows Server 2008:<br/><span class=\"text-base\">IE9-Windows6.0-KB3021952-x86.msu<br/>IE9-Windows6.0-KB3034196-x86.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Internet Explorer 9 in all supported x64-based editions of Windows Server 2008:<br/><span class=\"text-base\">IE9-Windows6.0-KB3021952-x64.msu<br/>IE9-Windows6.0-KB3034196-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/934307\" id=\"kb-link-18\" target=\"_self\">Microsoft Knowledge Base Article 934307</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">Yes, you must restart your system after you apply this security update.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">WUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click <span class=\"text-base\">Control Panel</span>, and then click <span class=\"text-base\">Security</span>. Under <strong class=\"uiterm\">Windows Update</strong>, click <span class=\"text-base\">View installed updates</span> and select from the list of updates.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/3021952\" id=\"kb-link-19\" target=\"_self\">Microsoft Knowledge Base Article 3021952</a><br/>See <a href=\"https://support.microsoft.com/help/3034196\" id=\"kb-link-20\" target=\"_self\">Microsoft Knowledge Base Article 3034196</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Registry key verification</span></td><td class=\"sbody-td\"><span class=\"text-base\">Note</span> A registry key does not exist to validate the presence of this update.</td></tr></table></div><h4 class=\"sbody-h4\">Windows 7 (all editions)</h4><span class=\"text-base\">Reference Table</span><br/><br/>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file name</span></td><td class=\"sbody-td\">For Internet Explorer 8 in all supported 32-bit editions of Windows 7:<br/><span class=\"text-base\">Windows6.1-KB3021952-x86.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Internet Explorer 8 in all supported x64-based editions of Windows 7:<br/><span class=\"text-base\">Windows6.1-KB3021952-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Internet Explorer 9 for all supported 32-bit editions of Windows 7:<br/><span class=\"text-base\">IE9-Windows6.1-KB3021952-x86.msu<br/>IE9-Windows6.1-KB3034196-x86.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Internet Explorer 9 for all supported x64-based editions of Windows 7:<br/><span class=\"text-base\">IE9-Windows6.1-KB3021952-x64.msu<br/>IE9-Windows6.1-KB3034196-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Internet Explorer 10 for Windows 7 for 32-bit Systems Service Pack 1:<br/><span class=\"text-base\">IE10-Windows6.1-KB3021952-x86.msu<br/>IE10-Windows6.1-KB3034196-x86.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Internet Explorer 10 for Windows 7 for x64-based Systems Service Pack 1:<br/><span class=\"text-base\">IE10-Windows6.1-KB3021952-x64.msu<br/>IE10-Windows6.1-KB3034196-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Internet Explorer 11 for Windows 7 for 32-bit Systems Service Pack 1:<br/><span class=\"text-base\">IE11-Windows6.1-KB3021952-x86.msu<br/>IE11-Windows6.1-KB3034196-x86.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Internet Explorer 11 for Windows 7 for x64-based Systems Service Pack 1:<br/><span class=\"text-base\">IE11-Windows6.1-KB3021952-x64.msu<br/>IE11-Windows6.1-KB3034196-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/934307\" id=\"kb-link-21\" target=\"_self\">Microsoft Knowledge Base Article 934307</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">Yes, you must restart your system after you apply this security update.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">To uninstall an update installed by WUSA, use the /Uninstall setup switch or click <span class=\"text-base\">Control Panel</span>, click <span class=\"text-base\">System and Security</span>, and then under <strong class=\"uiterm\">Windows Update</strong>, click <span class=\"text-base\">View installed updates</span> and select from the list of updates.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/3021952\" id=\"kb-link-22\" target=\"_self\">Microsoft Knowledge Base Article 3021952</a><br/>See <a href=\"https://support.microsoft.com/help/3034196\" id=\"kb-link-23\" target=\"_self\">Microsoft Knowledge Base Article 3034196</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Registry key verification</span></td><td class=\"sbody-td\"><span class=\"text-base\">Note</span> A registry key does not exist to validate the presence of this update.</td></tr></table></div><h4 class=\"sbody-h4\">Windows Server 2008 R2 (all editions)</h4><span class=\"text-base\">Reference Table</span><br/><br/>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file name</span></td><td class=\"sbody-td\">For Internet Explorer 8 in all supported x64-based editions of Windows Server 2008 R2:<br/><span class=\"text-base\">Windows6.1-KB3021952-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Internet Explorer 8 in all supported Itanium-based editions of Windows Server 2008 R2:<br/><span class=\"text-base\">Windows6.1-KB3021952-ia64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Internet Explorer 9 for all supported x64-based editions of Windows Server 2008 R2:<br/><span class=\"text-base\">IE9-Windows6.1-KB3021952-x64.msu<br/>IE9-Windows6.1-KB3034196-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Internet Explorer 10 for Windows Server 2008 R2 for x64-based Systems Service Pack 1:<br/><span class=\"text-base\">IE10-Windows6.1-KB3021952-x64.msu<br/>IE10-Windows6.1-KB3034196-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Internet Explorer 11 for Windows Server 2008 R2 for x64-based Systems Service Pack 1:<br/><span class=\"text-base\">IE11-Windows6.1-KB3021952-x64.msu<br/>IE11-Windows6.1-KB3034196-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/934307\" id=\"kb-link-24\" target=\"_self\">Microsoft Knowledge Base Article 934307</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">Yes, you must restart your system after you apply this security update.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">To uninstall an update installed by WUSA, use the /Uninstall setup switch or click <span class=\"text-base\">Control Panel</span>, click <span class=\"text-base\">System and Security</span>, and then under <strong class=\"uiterm\">Windows Update</strong>, click <span class=\"text-base\">View installed updates</span> and select from the list of updates.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/3021952\" id=\"kb-link-25\" target=\"_self\">Microsoft Knowledge Base Article 3021952</a><br/>See <a href=\"https://support.microsoft.com/help/3034196\" id=\"kb-link-26\" target=\"_self\">Microsoft Knowledge Base Article 3034196</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Registry key verification</span></td><td class=\"sbody-td\"><span class=\"text-base\">Note</span> A registry key does not exist to validate the presence of this update.</td></tr></table></div><h4 class=\"sbody-h4\">Windows 8 and Windows 8.1 (all editions)</h4><span class=\"text-base\">Reference Table</span><br/><br/>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file name</span></td><td class=\"sbody-td\">For Internet Explorer 10 in all supported 32-bit editions of Windows 8:<br/><span class=\"text-base\">Windows8-RT-KB3021952-x86.msu<br/>Windows8-RT-KB3034196-x86.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Internet Explorer 10 in all supported x64-based editions of Windows 8:<br/><span class=\"text-base\">Windows8-RT-KB3021952-x64.msu<br/>Windows8-RT-KB3034196-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Internet Explorer 11 in all supported 32-bit editions of Windows 8.1:<br/><span class=\"text-base\">Windows8.1-KB3021952-x86.msu<br/>Windows8.1-KB3034196-x86.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Internet Explorer 11 in all supported x64-based editions of Windows 8.1:<br/><span class=\"text-base\">Windows8.1-KB3021952-x64.msu<br/>Windows8.1-KB3034196-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/934307\" id=\"kb-link-27\" target=\"_self\">Microsoft Knowledge Base Article 934307</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">Yes, you must restart your system after you apply this security update.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">To uninstall an update installed by WUSA, use the /Uninstall setup switch or click <span class=\"text-base\">Control Panel</span>, click <span class=\"text-base\">System and Security</span>, click <span class=\"text-base\">Windows Update</span>, and then under <strong class=\"uiterm\">See also</strong>, click <span class=\"text-base\">Installed updates</span> and select from the list of updates<span class=\"text-base\">.</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/3021952\" id=\"kb-link-28\" target=\"_self\">Microsoft Knowledge Base Article 3021952</a><br/>See <a href=\"https://support.microsoft.com/help/3034196\" id=\"kb-link-29\" target=\"_self\">Microsoft Knowledge Base Article 3034196</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Registry key verification</span></td><td class=\"sbody-td\"><span class=\"text-base\">Note</span> A registry key does not exist to validate the presence of this update.</td></tr></table></div><h4 class=\"sbody-h4\">Windows Server 2012 and Windows Server 2012 R2 (all editions)</h4><span class=\"text-base\">Reference Table</span><br/><br/>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file name</span></td><td class=\"sbody-td\">For Internet Explorer 10 in all supported editions of Windows Server 2012:<br/><span class=\"text-base\">Windows8-RT-KB3021952-x64.msu<br/>Windows8-RT-KB3034196-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Internet Explorer 11 in all supported editions of Windows Server 2012 R2:<br/><span class=\"text-base\">Windows8.1-KB3021952-x64.msu<br/>Windows8.1-KB3034196-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/934307\" id=\"kb-link-30\" target=\"_self\">Microsoft Knowledge Base Article 934307</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">Yes, you must restart your system after you apply this security update.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">To uninstall an update installed by WUSA, use the /Uninstall setup switch or click <span class=\"text-base\">Control Panel</span>, click <span class=\"text-base\">System and Security</span>, click <span class=\"text-base\">Windows Update</span>, and then under <strong class=\"uiterm\">See also</strong>, click <span class=\"text-base\">Installed updates</span> and select from the list of updates.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/3021952\" id=\"kb-link-31\" target=\"_self\">Microsoft Knowledge Base Article 3021952</a><br/>See <a href=\"https://support.microsoft.com/help/3034196\" id=\"kb-link-32\" target=\"_self\">Microsoft Knowledge Base Article 3034196</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Registry key verification</span></td><td class=\"sbody-td\"><span class=\"text-base\">Note</span> A registry key does not exist to validate the presence of this update.</td></tr></table></div><h4 class=\"sbody-h4\">Windows RT and Windows RT 8.1 (all editions)</h4><span class=\"text-base\">Reference Table</span><br/><br/>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Deployment</span></td><td class=\"sbody-td\">This update is available through <a href=\"http://go.microsoft.com/fwlink/?linkid=21130\" id=\"kb-link-33\" target=\"_self\">Windows Update</a>.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart Requirement</span></td><td class=\"sbody-td\">Yes, you must restart your system after you apply this security update.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal Information</span></td><td class=\"sbody-td\">Click <span class=\"text-base\">Control Panel</span>, click <span class=\"text-base\">System and Security</span>, click <span class=\"text-base\">Windows Update</span>, and then under See also, click <span class=\"text-base\">Installed updates</span> and select from the list of updates.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">Not applicable</td></tr></table></div></div><br/></span></div></div></div><div class=\"faq-section\" faq-section=\"\"><div class=\"faq-panel\"><div class=\"faq-panel-heading\" faq-panel-heading=\"\"><span class=\"link-expand-image\"><span class=\"faq-chevron win-icon win-icon-ChevronUpSmall\"></span></span><span class=\"bold btn-link link-expand-text\"><span class=\"bold btn-link\">File hash information</span></span></div><div class=\"faq-panel-body\" faq-panel-body=\"\"><span><div class=\"kb-collapsible kb-collapsible-collapsed\"><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">File name</th><th class=\"sbody-th\">SHA1 hash</th><th class=\"sbody-th\">SHA256 hash</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">IE10-Windows6.1-KB3021952-x64.msu</td><td class=\"sbody-td\">CEF295FA07D94C053D62359380F29535201FF99D</td><td class=\"sbody-td\">D03FB8CEB64D5A64D3B72A4B4A03F7D5C52D6CACD2545E71E9BA3E3172DDA285</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">IE10-Windows6.1-KB3021952-x86.msu</td><td class=\"sbody-td\">F8BB523821F394CE0163EF56E9EC8CC5B739328C</td><td class=\"sbody-td\">B916EF6C6ED355A9C50AB438390BAF67036D53FA89A18CABD6536DBAA31A73A4</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">IE10-Windows6.1-KB3034196-x64.msu</td><td class=\"sbody-td\">F5BE3766A5F5B35036CE42078DEE6C4CCC475F70</td><td class=\"sbody-td\">2A5F2C4099EA6489BEAC74CC9DCA8F1C1422BBED62DD46524563D16730C42266</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">IE10-Windows6.1-KB3034196-x86.msu</td><td class=\"sbody-td\">40E239B10F2B843871C7EC38466E03BC3FBF964F</td><td class=\"sbody-td\">5C65258774124CD8B3C0E13A62E03D966DDA3A143CCD2C52D2323092C18A2F09</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">IE11-Windows6.1-KB3021952-x64.msu</td><td class=\"sbody-td\">33AE2C3AC484A0EE9BA13597938F7AD0FA210F7A</td><td class=\"sbody-td\">422C934A82D229159C942CA647C3B36DE44258DF179CD2C75890F07CB077EBD9</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">IE11-Windows6.1-KB3021952-x86.msu</td><td class=\"sbody-td\">34C3E214F853CE20E8E787276893FE210EBACBD6</td><td class=\"sbody-td\">ABBEE32DCA2318B65BC456CF047F3983A54D47D1929817BE27E082E2A9D2808C</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">IE11-Windows6.1-KB3034196-x64.msu</td><td class=\"sbody-td\">0769EA8B6B180F3A48BB776621127DB7A33CEB56</td><td class=\"sbody-td\">1BF2BA9AAE4BBE08ED8CDE222B6D4EB8E21409DD161AB25262EA3738D9E72C10</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">IE11-Windows6.1-KB3034196-x86.msu</td><td class=\"sbody-td\">CD89FDB520CA5601F1A8AA5988BA2FBBE9D9FDB9</td><td class=\"sbody-td\">EC7EB4EF89037CE5202F98FD4FB8547FB236B8DBEC53779AB1F1E998EEE3D291</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">IE7-WindowsServer2003-KB3021952-ia64-ENU.exe</td><td class=\"sbody-td\">4B3DC497A62CF84D517A7BA9D5694F7C8ECB0D22</td><td class=\"sbody-td\">9B04E94B3CEEFEDE3E17C237D875BEF6F4D701C699D96515165EB229243EA693</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">IE7-WindowsServer2003-KB3021952-x64-ENU.exe</td><td class=\"sbody-td\">619684B5087453B8F33AB43385FD5484742FEB69</td><td class=\"sbody-td\">8804FEC60AFE773987FDEFACF942220E35F419EE0B004962D709E3B335D73671</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">IE7-WindowsServer2003-KB3021952-x86-ENU.exe</td><td class=\"sbody-td\">206F6E0022DD4B6A2A0FC837BDD234CDD019C3B1</td><td class=\"sbody-td\">F8889A3F0797A665F000949A925034FCB8768183FDC7C87FDECE1BBB5DDE4A30</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">IE8-Windows6.0-KB3021952-x64.msu</td><td class=\"sbody-td\">C1F5535658C88F7B445DCFFB5A8FF9D62BECAB5D</td><td class=\"sbody-td\">D1D3310749EA1E42DFEA7DF5D4C8D8A1B4AA97E83AABCA8B1F83FB1D42BEF61B</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">IE8-Windows6.0-KB3021952-x86.msu</td><td class=\"sbody-td\">A5740029F150880BAC1CFF257A48068B79995379</td><td class=\"sbody-td\">532DB997F10D39A0000CBB9AB77274C74CEEA35E1D5F518AB083EDEE62221AD2</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">IE8-WindowsServer2003-KB3021952-x64-ENU.exe</td><td class=\"sbody-td\">A63C900A4CCA10E8F29AD60BE9D92CA6E67438B4</td><td class=\"sbody-td\">B223A29C60378295F0533EBA572E26A54477D6BA6BCE16DD7A3C9DD6D2C146B0</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">IE8-WindowsServer2003-KB3021952-x86-ENU.exe</td><td class=\"sbody-td\">FE58A5E0A491164A1BC3620F337FD3FB9B556545</td><td class=\"sbody-td\">74EA95F2AE85C178963B8AD77406000E3B038E3C380B8CA1A016E96EE880B777</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">IE9-Windows6.0-KB3021952-x64.msu</td><td class=\"sbody-td\">4F4B214851C587B8AB14AC8DF7DC29DF75F8405A</td><td class=\"sbody-td\">B25D3C1B02D58CAC653320F016D4513566BCC41396DBE803CAF8C69B782CBFC9</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">IE9-Windows6.0-KB3021952-x86.msu</td><td class=\"sbody-td\">C1EDFCAFACFCB6F8ACA398D9130AAD315B6EC10A</td><td class=\"sbody-td\">9ECA20431FAB3DF90813F51543A885840CF6A0B6578EA397AC0505AE3EBDFB74</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">IE9-Windows6.0-KB3034196-x64.msu</td><td class=\"sbody-td\">7963C4A4BF0CDBF60CBBFD53951816CADE9499FF</td><td class=\"sbody-td\">0D018B62FCD565906D40FAC2E453C0A11E4709DB0101DDCA246A4B28435619EC</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">IE9-Windows6.0-KB3034196-x86.msu</td><td class=\"sbody-td\">67E27C2B8A85FCA2EF7065984E2932566D982EDF</td><td class=\"sbody-td\">C5F41D80058D7CBA4FCF3A217FB39BD3383CE2C5494BC7A037101D96126F363B</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">IE9-Windows6.1-KB3021952-x64.msu</td><td class=\"sbody-td\">815E55F1F54A2C6FA814FDDECA9C0CF2D208CA0D</td><td class=\"sbody-td\">A6B5A7B333EC19512E4B6CB3CDCCB76982B57001B8BD382138D6625D92C224A9</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">IE9-Windows6.1-KB3021952-x86.msu</td><td class=\"sbody-td\">CB524B3E18B177FC9D48DF94853EF2656EB7A8A1</td><td class=\"sbody-td\">08E0607C673AEA2117E64B501AF74198396B00721D8EC43C7BD4E54BE95EA67D</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">IE9-Windows6.1-KB3034196-x64.msu</td><td class=\"sbody-td\">D8D5A9FCB0442A34C907843951A737ED0E14537B</td><td class=\"sbody-td\">69B4AC24E8588F970927CC6210E921C57878B3FC1F18848814CF1E1135AD1F74</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">IE9-Windows6.1-KB3034196-x86.msu</td><td class=\"sbody-td\">A4BF295FBE0A42527EE81669D67E0FFC9499E637</td><td class=\"sbody-td\">7809D8C26A22DE31A4A8EEEF7919E0CC99633658F34021FA674329D4CF93C80C</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows6.0-KB3021952-ia64.msu</td><td class=\"sbody-td\">2D54F1DB273F9DA659F57B6DC6E177CB4B7BEA5E</td><td class=\"sbody-td\">73D50BAD3063322EDFDD944EA3250ADC479C6EF5C5EE0C8EA09D3FA1BB7F31A6</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows6.0-KB3021952-x64.msu</td><td class=\"sbody-td\">9B460D2BF068D73012AA858016ED4B38E8BFF16C</td><td class=\"sbody-td\">16484941B0AD88CD7542CB1423CD38D23A0488BEC98BDCF09D45BAB4C89B0FEE</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows6.0-KB3021952-x86.msu</td><td class=\"sbody-td\">1A0EB891317BF6F52C764CD80D21A94E641159F8</td><td class=\"sbody-td\">16CD1E58D6C5372F721ADED91A4BF10F6A55163E3AFE833603CBA6EE27EEC3D0</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows6.1-KB3021952-ia64.msu</td><td class=\"sbody-td\">359F543F444F50AA0E9D51956EE82C165E6E09C4</td><td class=\"sbody-td\">111A79BE86A4E25B0A1356391B3BB6B0364113C3AD7252D6DF2E30C13196A5BE</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows6.1-KB3021952-x64.msu</td><td class=\"sbody-td\">B88447A78D5E9FEF210B402A4CA62D41C0A05C59</td><td class=\"sbody-td\">49DD78707E547E5DFA047DB0B36F8CD68915E76995A0F196AC6022916112264F</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows6.1-KB3021952-x86.msu</td><td class=\"sbody-td\">4AD9FABC6D297499EB3AEFCC7B397FB91CBCEC19</td><td class=\"sbody-td\">FB75B013E8DDE7A94CDCD6F50729C977761FB635AB106A0FC6D7E934BB3FCD86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows8.1-KB3021952-arm.msu</td><td class=\"sbody-td\">0B880DA653E45A6705A37D42A0A28FACCD801F76</td><td class=\"sbody-td\">8F9B322336DB99A92AF8B143B162C81D281AACAF743849E41AE1B3376B9D4FA1</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows8.1-KB3021952-x64.msu</td><td class=\"sbody-td\">D2B10498BBBA1F8FA326E51989A2076FCC7CFFB7</td><td class=\"sbody-td\">1E19D92B94FA264C38C1373E3B85F363C8890A6C6A9594C22D308C4B958AF5C3</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows8.1-KB3021952-x86.msu</td><td class=\"sbody-td\">8DD702C5357A983CB91963573445F1FCD26C16BD</td><td class=\"sbody-td\">D1D645A050D564E1B50978D83FB67037597FCA62B49CDCE8F859004DC10892CA</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows8.1-KB3034196-arm.msu</td><td class=\"sbody-td\">89D4052950B716A820C7B8C75AA7C93947199E8B</td><td class=\"sbody-td\">B3F49B60F29F2B69085B2C305BEDE379E7357E308C4B8AB5BE624C5B5B0B9A4C</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows8.1-KB3034196-x64.msu</td><td class=\"sbody-td\">4945A5C078647C6F281A4D18FD5768A21EC65EE6</td><td class=\"sbody-td\">82D343E2C01F34F13EB33ECBF15F77A521E6D485ADD79A5949F208CE206B6723</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows8.1-KB3034196-x86.msu</td><td class=\"sbody-td\">C78B9A911C798BF7E87ABD3E661553730955BB11</td><td class=\"sbody-td\">E0927F8006016B24AE26F6447CAB1B79F7BEC5131EF40B0EF8A42A5E3DF81B42</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows8-RT-KB3021952-arm.msu</td><td class=\"sbody-td\">565103A5B6365C07757E723A5B69AE13BE3E209A</td><td class=\"sbody-td\">482CDD31C9EF28B50BF3207C266117A834953B293C0D3713C820001BD804BEAB</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows8-RT-KB3021952-x64.msu</td><td class=\"sbody-td\">9C88A78818D8402A1D67A0AE3135F7D7D21F562B</td><td class=\"sbody-td\">C6113334B8B85D909332F630EEE1ECA6ED28E0DBD7298416DE12458A549251CF</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows8-RT-KB3021952-x86.msu</td><td class=\"sbody-td\">6855317F6533C37EF425CB0E56E2EAF4EF65C165</td><td class=\"sbody-td\">115719C8F5C56B368C2D459072067FE4253C2CB4F09A65C50BEA3A390A6B682D</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows8-RT-KB3034196-arm.msu</td><td class=\"sbody-td\">F8768CA4C328CF082A243144FAD7DBDE09B75274</td><td class=\"sbody-td\">C21DD7AB89E41CECE20FE2127564C4BD22E85D2BFB2E96AB993C5B861F42EA7E</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows8-RT-KB3034196-x64.msu</td><td class=\"sbody-td\">3A5A2DA51FA5BEB62556A79A6DD685757C4A73B4</td><td class=\"sbody-td\">5965C3FDF0D93E0FED94B795BB6F3A236E4FD3264A7D567A856CAB0ACB19242C</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows8-RT-KB3034196-x86.msu</td><td class=\"sbody-td\">AD64BCFABC7C6FE92BF22282BEE1B3560822DE1F</td><td class=\"sbody-td\">9B686BC7E8F2915137A7BDC4F3B463D5ACB2BE604F707069C885E54DFFCBCD1A</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">WindowsServer2003-KB3021952-x64-ENU.exe</td><td class=\"sbody-td\">2742BEA5283ADCA73F596F3B774FFD6AFA90BD5A</td><td class=\"sbody-td\">8776A717276C1F505E2F295F07FDBFEC2815BD63940B183FA902AA92951C4C66</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">WindowsServer2003-KB3021952-x86-ENU.exe</td><td class=\"sbody-td\">897EE46DF4FDDDA65AAC285D65478480FBCA1E03</td><td class=\"sbody-td\">D25D36F154B2FDEC211676A85F326017DC32E4364FED1CB1BEEAF8559CA3F516</td></tr></table></div></div><br/></span></div></div></div><div class=\"faq-section\" faq-section=\"\"><div class=\"faq-panel\"><div class=\"faq-panel-heading\" faq-panel-heading=\"\"><span class=\"link-expand-image\"><span class=\"faq-chevron win-icon win-icon-ChevronUpSmall\"></span></span><span class=\"bold btn-link link-expand-text\"><span class=\"bold btn-link\">How to determine whether you are running a 32-bit or a 64-bit edition of Windows</span></span></div><div class=\"faq-panel-body\" faq-panel-body=\"\"><span><div class=\"kb-collapsible kb-collapsible-collapsed\">If you are not sure which version of Windows that you are running or whether it is a 32-bit version or 64-bit version, open System Information (Msinfo32.exe), and review the value that is listed for <strong class=\"uiterm\">System Type</strong>. To do this, follow these steps:<br/><ol class=\"sbody-num_list\"><li>Click <strong class=\"uiterm\">Start</strong>, and then click <strong class=\"uiterm\">Run</strong>, or click <strong class=\"uiterm\">Start Search</strong>.</li><li>Type <strong class=\"uiterm\">msinfo32.exe</strong>, and then press Enter.</li><li>In <strong class=\"uiterm\">System Information</strong>, review the value for <strong class=\"uiterm\">System Type</strong>.<br/><ul class=\"sbody-free_list\"><li>For 32-bit editions of Windows, the <strong class=\"uiterm\">System Type</strong> value is <strong class=\"uiterm\">x86-based PC</strong>. </li><li>For 64-bit editions of Windows, the <strong class=\"uiterm\">System Type</strong> value is <strong class=\"uiterm\">x64-based PC</strong>.</li></ul></li></ol><span>For more information about how to determine whether you are running a 32-bit or 64-bit edition of Windows, click the following article number to view the article in the Microsoft Knowledge Base:<br/><div class=\"indent\"><a href=\"https://support.microsoft.com/en-us/help/827218\" id=\"kb-link-34\">827218 </a>How to determine whether a computer is running a 32-bit version or a 64-bit version of the Windows operating system</div></span></div><br/></span></div></div></div><div class=\"faq-section\" faq-section=\"\"><div class=\"faq-panel\"><div class=\"faq-panel-heading\" faq-panel-heading=\"\"><span class=\"link-expand-image\"><span class=\"faq-chevron win-icon win-icon-ChevronUpSmall\"></span></span><span class=\"bold btn-link link-expand-text\"><span class=\"bold btn-link\">Additional information about service branch</span></span></div><div class=\"faq-panel-body\" faq-panel-body=\"\"><span><div class=\"kb-collapsible kb-collapsible-collapsed\">Security update 3034682 packages for Windows Server 2003 include Internet Explorer hotfix files and general distribution release (GDR) files. If no existing Internet Explorer files are from the hotfix environment, security update 2936068 installs the GDR files. <br/><br/>Hotfixes are intended to correct only the problems that are described in the Microsoft Knowledge Base articles that are associated with the hotfixes. Apply hotfixes only to systems that are experiencing these specific problems. <br/><br/>These hotfixes may receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next service pack that contains these hotfixes. <span>For more information about how to install the hotfixes that are included in security update 2936068, click the following article number to view the article in the Microsoft Knowledge Base:<br/><div class=\"indent\"><a href=\"https://support.microsoft.com/en-us/help/897225\" id=\"kb-link-35\">897225 </a>How to install hotfixes that are included in cumulative security updates for Internet Explorer </div></span><br/><span class=\"text-base\">Note</span> In addition to installing hotfix files, review the Microsoft Knowledge Base article that is associated with the specific hotfix that you have to install to determine the registry modification that is required to enable that specific hotfix. <br/><br/><span> For more information about how to determine whether your existing Internet Explorer files are from the hotfix or from the GDR environment, click the following article number to view the article in the Microsoft Knowledge Base:<br/><div class=\"indent\"><a href=\"https://support.microsoft.com/en-us/help/824994\" id=\"kb-link-36\">824994 </a>Description of the contents of Windows Server 2003 software update packages </div></span></div><br/></span></div></div></div></div></body></html>", "edition": 2, "modified": "2015-03-11T02:23:46", "id": "KB3034682", "href": "https://support.microsoft.com/en-us/help/3034682/", "published": "2015-02-10T00:00:00", "title": "MS15-009: Cumulative security update for Internet Explorer: February 10, 2015", "type": "mskb", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-01T05:43:41", "description": "The version of Internet Explorer installed on the remote host is\nmissing Cumulative Security Update 3034682. It is, therefore, affected\nby multiple vulnerabilities, the majority of which are remote code\nexecution vulnerabilities. An attacker can exploit these by convincing\na user to visit a specially crafted web page.\n\nHosts running Internet Explorer 9, Internet Explorer 10, or Internet\nExplorer 11 will not be fully protected until both security update\n3021952 and security update 3034196 are applied to the system.\nSecurity update 3034196 may require manual installation depending on\nyour patching method.", "edition": 27, "published": "2015-06-05T00:00:00", "title": "MS15-009: Security Update for Internet Explorer (3034682)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0041", "CVE-2015-0044", "CVE-2015-0022", "CVE-2015-0039", "CVE-2015-0054", "CVE-2015-0028", "CVE-2015-0052", "CVE-2015-0018", "CVE-2015-0020", "CVE-2015-0069", "CVE-2015-0021", "CVE-2015-0030", "CVE-2015-0031", "CVE-2015-0023", "CVE-2015-0035", "CVE-2015-0038", "CVE-2015-0019", "CVE-2015-0048", "CVE-2015-0026", "CVE-2015-0029", "CVE-2015-0051", "CVE-2015-0045", "CVE-2015-0049", "CVE-2015-0017", "CVE-2015-0043", "CVE-2015-0071", "CVE-2015-0027", "CVE-2015-0037", "CVE-2015-0067", "CVE-2015-0068", "CVE-2015-0025", "CVE-2015-0053", "CVE-2015-0036", "CVE-2015-0050", "CVE-2015-0055", "CVE-2015-0046", "CVE-2015-0042", "CVE-2015-0040", "CVE-2014-8967", "CVE-2015-0066", "CVE-2015-0070"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:ie"], "id": "SMB_NT_MS15-009.NASL", "href": "https://www.tenable.com/plugins/nessus/81262", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81262);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/11/15 20:50:31\");\n\n script_cve_id(\n \"CVE-2014-8967\",\n \"CVE-2015-0017\",\n \"CVE-2015-0018\",\n \"CVE-2015-0019\",\n \"CVE-2015-0020\",\n \"CVE-2015-0021\",\n \"CVE-2015-0022\",\n \"CVE-2015-0023\",\n \"CVE-2015-0025\",\n \"CVE-2015-0026\",\n \"CVE-2015-0027\",\n \"CVE-2015-0028\",\n \"CVE-2015-0029\",\n \"CVE-2015-0030\",\n \"CVE-2015-0031\",\n \"CVE-2015-0035\",\n \"CVE-2015-0036\",\n \"CVE-2015-0037\",\n \"CVE-2015-0038\",\n \"CVE-2015-0039\",\n \"CVE-2015-0040\",\n \"CVE-2015-0041\",\n \"CVE-2015-0042\",\n \"CVE-2015-0043\",\n \"CVE-2015-0044\",\n \"CVE-2015-0045\",\n \"CVE-2015-0046\",\n \"CVE-2015-0048\",\n \"CVE-2015-0049\",\n \"CVE-2015-0050\",\n \"CVE-2015-0051\",\n \"CVE-2015-0052\",\n \"CVE-2015-0053\",\n \"CVE-2015-0054\",\n \"CVE-2015-0055\",\n \"CVE-2015-0066\",\n \"CVE-2015-0067\",\n \"CVE-2015-0068\",\n \"CVE-2015-0069\",\n \"CVE-2015-0070\",\n \"CVE-2015-0071\"\n );\n script_bugtraq_id(\n 71483,\n 72402,\n 72403,\n 72404,\n 72409,\n 72410,\n 72411,\n 72412,\n 72413,\n 72414,\n 72415,\n 72416,\n 72417,\n 72418,\n 72419,\n 72420,\n 72421,\n 72422,\n 72423,\n 72424,\n 72425,\n 72426,\n 72436,\n 72437,\n 72438,\n 72439,\n 72440,\n 72441,\n 72442,\n 72443,\n 72444,\n 72445,\n 72446,\n 72447,\n 72448,\n 72453,\n 72454,\n 72455,\n 72478,\n 72479,\n 72480\n );\n script_xref(name:\"MSFT\", value:\"MS15-009\");\n script_xref(name:\"MSKB\", value:\"3021952\");\n script_xref(name:\"MSKB\", value:\"3034196\");\n\n script_name(english:\"MS15-009: Security Update for Internet Explorer (3034682)\");\n script_summary(english:\"Checks the version of Mshtml.dll.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has a web browser installed that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Internet Explorer installed on the remote host is\nmissing Cumulative Security Update 3034682. It is, therefore, affected\nby multiple vulnerabilities, the majority of which are remote code\nexecution vulnerabilities. An attacker can exploit these by convincing\na user to visit a specially crafted web page.\n\nHosts running Internet Explorer 9, Internet Explorer 10, or Internet\nExplorer 11 will not be fully protected until both security update\n3021952 and security update 3034196 are applied to the system.\nSecurity update 3034196 may require manual installation depending on\nyour patching method.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-009\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-14-403/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Internet Explorer 6, 7, 8,\n9, 10, and 11.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/02/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:ie\");\n\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS15-009';\nkb = '3021952';\nkb2 = '3034196';\n\nkbs = make_list(kb, kb2);\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\n# Some of the 2k3 checks could flag XP 64, which is unsupported\nif (\"Windows XP\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nif (hotfix_check_sp_range(win2003:'2', vista:'2', win7:'1', win8:'0', win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nshare = hotfix_get_systemdrive(exit_on_fail:TRUE, as_share:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nvuln = 0;\n\nif (\n\n #######################################\n # KB 3021952 (kb) #\n #######################################\n\n # Windows 8.1 / 2012 R2\n #\n # - Internet Explorer 11\n hotfix_is_vulnerable(os:\"6.3\", file:\"Mshtml.dll\", version:\"11.0.9600.17631\", min_version:\"11.0.9600.16000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n\n # Windows 8 / 2012\n #\n # - Internet Explorer 10\n hotfix_is_vulnerable(os:\"6.2\", file:\"Mshtml.dll\", version:\"10.0.9200.21345\", min_version:\"10.0.9200.21000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"6.2\", file:\"Mshtml.dll\", version:\"10.0.9200.17228\", min_version:\"10.0.9200.16000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n\n # Windows 7 / 2008 R2\n # - Internet Explorer 11\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"Mshtml.dll\", version:\"11.0.9600.17631\", min_version:\"11.0.9600.16000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n # - Internet Explorer 10\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"Mshtml.dll\", version:\"10.0.9200.21345\", min_version:\"10.0.9200.21000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"Mshtml.dll\", version:\"10.0.9200.17229\", min_version:\"10.0.9200.16000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n # - Internet Explorer 9\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"Mshtml.dll\", version:\"9.0.8112.20725\", min_version:\"9.0.8112.20000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"Mshtml.dll\", version:\"9.0.8112.16609\", min_version:\"9.0.8112.16000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n # - Internet Explorer 8\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"Mshtml.dll\", version:\"8.0.7601.22921\", min_version:\"8.0.7601.22000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"Mshtml.dll\", version:\"8.0.7601.18715\", min_version:\"8.0.7601.17000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n\n # Vista / 2008\n #\n # - Internet Explorer 9\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"Mshtml.dll\", version:\"9.0.8112.20725\", min_version:\"9.0.8112.20000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"Mshtml.dll\", version:\"9.0.8112.16609\", min_version:\"9.0.8112.16000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n # - Internet Explorer 8\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"Mshtml.dll\", version:\"8.0.6001.23655\", min_version:\"8.0.6001.23000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"Mshtml.dll\", version:\"8.0.6001.19600\", min_version:\"8.0.6001.18000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n # - Internet Explorer 7\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"Mshtml.dll\", version:\"7.0.6002.23590\", min_version:\"7.0.6002.23000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"Mshtml.dll\", version:\"7.0.6002.19281\", min_version:\"7.0.6002.18000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n\n # Windows 2003\n #\n # - Internet Explorer 8\n hotfix_is_vulnerable(os:\"5.2\", sp:2, file:\"Mshtml.dll\", version:\"8.0.6001.23644\", min_version:\"8.0.0.0\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n # - Internet Explorer 7\n hotfix_is_vulnerable(os:\"5.2\", sp:2, file:\"Mshtml.dll\", version:\"7.0.6000.21432\", min_version:\"7.0.0.0\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n # - Internet Explorer 6\n hotfix_is_vulnerable(os:\"5.2\", sp:2, file:\"Mshtml.dll\", version:\"6.0.3790.5508\", min_version:\"6.0.0.0\", dir:\"\\system32\", bulletin:bulletin, kb:kb)\n) vuln++;\n\nif (\n\n #######################################\n # KB 3034196 (kb2) #\n #######################################\n\n # Windows 8.1 / 2012 R2\n #\n # - Internet Explorer 11\n hotfix_is_vulnerable(os:\"6.3\", file:\"jscript9.dll\", version:\"11.0.9600.17640\", min_version:\"11.0.9600.16000\", dir:\"\\system32\", bulletin:bulletin, kb:kb2) ||\n\n # Windows 8 / 2012\n #\n # - Internet Explorer 10\n hotfix_is_vulnerable(os:\"6.2\", file:\"jscript9.dll\", version:\"10.0.9200.21359\", min_version:\"10.0.9200.21000\", dir:\"\\system32\", bulletin:bulletin, kb:kb2) ||\n hotfix_is_vulnerable(os:\"6.2\", file:\"jscript9.dll\", version:\"10.0.9200.17241\", min_version:\"10.0.9200.16000\", dir:\"\\system32\", bulletin:bulletin, kb:kb2) ||\n\n # Windows 7 / 2008 R2\n # - Internet Explorer 11\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"jscript9.dll\", version:\"11.0.9600.17640\", min_version:\"11.0.9600.16000\", dir:\"\\system32\", bulletin:bulletin, kb:kb2) ||\n # - Internet Explorer 10\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"jscript9.dll\", version:\"10.0.9200.21359\", min_version:\"10.0.9200.21000\", dir:\"\\system32\", bulletin:bulletin, kb:kb2) ||\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"jscript9.dll\", version:\"10.0.9200.17241\", min_version:\"10.0.9200.16000\", dir:\"\\system32\", bulletin:bulletin, kb:kb2) ||\n # - Internet Explorer 9\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"jscript9.dll\", version:\"9.0.8112.20730\", min_version:\"9.0.8112.20000\", dir:\"\\system32\", bulletin:bulletin, kb:kb2) ||\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"jscript9.dll\", version:\"9.0.8112.16620\", min_version:\"9.0.8112.16000\", dir:\"\\system32\", bulletin:bulletin, kb:kb2) ||\n\n # Vista / 2008\n #\n # - Internet Explorer 9\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"jscript9.dll\", version:\"9.0.8112.20730\", min_version:\"9.0.8112.20000\", dir:\"\\system32\", bulletin:bulletin, kb:kb2) ||\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"jscript9.dll\", version:\"9.0.8112.16620\", min_version:\"9.0.8112.16000\", dir:\"\\system32\", bulletin:bulletin, kb:kb2)\n) vuln++;\n\nif( vuln )\n{\n set_kb_item(name:\"SMB/Missing/\"+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}
