MS11-099: Cumulative Security Update for Internet Explorer: December 13, 2011

<html><body><p>Resolves vulnerabilities in Internet Explorer that could allow remote code execution if a user views a specially crafted webpage by using Internet Explorer.</p><h2></h2><div>The update that this article describes has been replaced by a newer update. To resolve this problem, install the most current cumulative security update for Internet Explorer. To install the most current update, go to the following Microsoft website: <div><a href=“http://update.microsoft.com/microsoftupdate” target=“_self”>http://update.microsoft.com/microsoftupdate</a></div>For more technical information about the most current cumulative security update for Internet Explorer, go to the following Microsoft website: <div><a href=“http://technet.microsoft.com/security/bulletin” target=“_self”>http://technet.microsoft.com/security/bulletin</a></div></div><h2>INTRODUCTION</h2><div>Microsoft has released security bulletin MS11-099. To view the complete security bulletin, go to one of the following Microsoft websites: <ul><li>Home users:<br /><div><a href=“http://www.microsoft.com/security/pc-security/bulletins/201112.aspx” target=“_self”>http://www.microsoft.com/security/pc-security/bulletins/201112.aspx</a></div><span>Skip the details</span>: Download the updates for your home computer or laptop from the Microsoft Update website now:<br /><div><a href=“http://update.microsoft.com/microsoftupdate/” target=“_self”>http://update.microsoft.com/microsoftupdate/</a></div></li><li>IT professionals:<br /><div><a href=“http://technet.microsoft.com/security/bulletin/ms11-099” target=“_self”>http://technet.microsoft.com/security/bulletin/MS11-099</a></div></li></ul><span><h3>How to obtain help and support for this security update</h3> <br />Help installing updates: <br /><a href=“https://support.microsoft.com/ph/6527” target=“_self”>Support for Microsoft Update</a><br /><br />Security solutions for IT professionals: <br /><a href=“http://technet.microsoft.com/security/bb980617.aspx” target=“_self”>TechNet Security Troubleshooting and Support</a><br /><br />Help protect your computer that is running Windows from viruses and malware:<br /><a href=“https://support.microsoft.com/contactus/cu_sc_virsec_master” target=“_self”>Virus Solution and Security Center</a><br /><br />Local support according to your country: <br /><a href=“https://support.microsoft.com/common/international.aspx” target=“_self”>International Support</a><br /><br /></span></div><h2>More Information</h2><div><h3>Known issues with this security update</h3>After you install this security update, you may experience the following issue:<br /><ul><li><span>Symptoms</span><br /><br />On certain websites, when you use the <strong>Select All</strong> option in the shortcut menu, or you press Ctrl+A to select all content, and then you try to paste the content into a webpage in Internet Explorer, nothing happens. The content is not pasted. For example, the issue may occur when you try to paste the content into an Outlook.com message or an Outlook Web Access (OWA) message. <br /><br />This issue may occur only on some websites. This issue occurs only when you paste into Internet Explorer. This issue does not occur when you copy from Internet Explorer and then paste into other applications such as Microsoft Word or Microsoft Outlook. <br /><br /><span>Cause</span><br /><br />This issue occurs if the webpage contains a script tag, an object tag, or an embed tag that appears after the body tag. <br /><br /><span>Workaround<br /><br /></span>To work around this issue in Internet Explorer, use the mouse instead of the <strong><span>Select All</span></strong> option or Ctrl+A to select the text that you want to copy. Try to copy only the section of content that you need instead of selecting all the content.</li></ul><h3>Non-security-related fixes that are included in this security update</h3><h4>General distribution release (GDR) fixes</h4>Individual updates may not be installed, depending on the version of Windows and the version of the affected application. Please view the individual articles to determine your update status.<br /> <br /><div><table><tr><th>Article number</th><th>Article title</th></tr><tr><td><a href=“https://support.microsoft.com/en-us/help/2624899”>2624899 </a></td><td> FIX: You cannot close the EMC window on a computer that has Internet Explorer 9 installed</td></tr><tr><td><a href=“https://support.microsoft.com/en-us/help/2628551”>2628551 </a></td><td> A custom MIME filter is disabled and not invoked in Internet Explorer 9</td></tr><tr><td><a href=“https://support.microsoft.com/en-us/help/2628724”>2628724 </a></td><td> FIX: Some drop-down lists and combo boxes do not appear in Internet Explorer 7 after you install security update 2586448</td></tr><tr><td><a href=“https://support.microsoft.com/en-us/help/2629739”>2629739 </a></td><td> A Visual Basic 6 application cannot receive events from a frame in a different domain</td></tr><tr><td><a href=“https://support.microsoft.com/en-us/help/2631938”>2631938 </a></td><td> Authentication may be unsuccessful when you use Internet Explorer 9 to visit a secure website that requires client-side certificates</td></tr><tr><td><a href=“https://support.microsoft.com/en-us/help/2632022”>2632022 </a></td><td> RSS feeds may not be displayed when you disable the page zooming feature in Internet Explorer 8 or in Internet Explorer 9</td></tr><tr><td><a href=“https://support.microsoft.com/en-us/help/2633097”>2633097 </a></td><td> FIX: The pointer icon image becomes stuck when a webpage uses the jQuery UI Library to implement the drag-and-drop feature in Internet Explorer 9</td></tr><tr><td><a href=“https://support.microsoft.com/en-us/help/2633335”>2633335 </a></td><td> Surrogate pair characters are not handled as expected in an input box in Internet Explorer 9</td></tr><tr><td><a href=“https://support.microsoft.com/en-us/help/2633346”>2633346 </a></td><td> A webpage that you open in a new window or tab opens with a previous zoom level in Internet Explorer 8</td></tr><tr><td><a href=“https://support.microsoft.com/en-us/help/2633863”>2633863 </a></td><td> A Group Policy setting to prevent the tabs from closing does not work in Internet Explorer 9 </td></tr><tr><td><a href=“https://support.microsoft.com/en-us/help/2633864”>2633864 </a></td><td> A webpage or an ActiveX control that is hosted on a webpage may stop receiving the focus intermittently in Internet Explorer 9</td></tr><tr><td><a href=“https://support.microsoft.com/en-us/help/2634434”>2634434 </a></td><td> You cannot save a downloaded file to an offline redirected location in Windows Internet Explorer 9</td></tr><tr><td><a href=“https://support.microsoft.com/en-us/help/2635490”>2635490 </a></td><td> Internet Explorer 9 may crash when you revisit a webpage and use AutoComplete</td></tr><tr><td><a href=“https://support.microsoft.com/en-us/help/2635543”>2635543 </a></td><td> The “Pop-up allow list” option in Group Policy for Internet Explorer 9 does not work as expected</td></tr><tr><td><a href=“https://support.microsoft.com/en-us/help/2637344”>2637344 </a></td><td> An ActiveX control in Internet Explorer can no longer access the data that was provided by a DATA attribute after you install the update in security advisory 2562937</td></tr><tr><td><a href=“https://support.microsoft.com/en-us/help/2639263”>2639263 </a></td><td> Internet Explorer Privacy Policy dialog box is blank for P3P privacy policy websites</td></tr><tr><td><a href=“https://support.microsoft.com/en-us/help/2643119”>2643119 </a></td><td> Internet Explorer 9 may display attribute content as part of a webpage in which some HTML elements contain many attributes</td></tr></table></div></div><h2></h2><div><h4>Hotfixes</h4>Security update 2618444 packages for Windows XP and for Windows Server 2003 include Internet Explorer hotfix files and general distribution release (GDR) files. If no existing Internet Explorer files are from the hotfix environment, security update 2618444 installs the GDR files. <br /><br />Hotfixes are intended to correct only the problems that are described in the Microsoft Knowledge Base articles that are associated with the hotfixes. Apply hotfixes only to systems that are experiencing these specific problems. <br /><br />These hotfixes may receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next service pack that contains these hotfixes. <span>For more information about how to install the hotfixes that are included in security update 2618444, click the following article number to view the article in the Microsoft Knowledge Base:<br /><div><a href=“https://support.microsoft.com/en-us/help/897225”>897225 </a>How to install hotfixes that are included in cumulative security updates for Internet Explorer </div></span><br /><span>Note </span>In addition to installing hotfix files, review the Microsoft Knowledge Base article that is associated with the specific hotfix that you have to install to determine the registry modification that is required to enable that specific hotfix. <br /><br /><span>For more information about how to determine whether your existing Internet Explorer files are from the hotfix or from the GDR environment, click the following article number to view the article in the Microsoft Knowledge Base:<br /><div><a href=“https://support.microsoft.com/en-us/help/824994”>824994 </a>Description of the contents of Windows XP Service Pack 2 and Windows Server 2003 software update packages </div></span></div><h2>How to determine whether you are running a 32-bit or a 64-bit edition of Windows</h2><p><span>If you are not sure which version of Windows that you are running or whether it is a 32-bit version or 64-bit version, open System Information (Msinfo32.exe), and review the value that is listed for </span><strong>System Type</strong><span>. To do this, follow these steps:</span></p><ol><li>Click <strong>Start</strong>, and then click <strong>Run</strong>, or click <strong>Start Search</strong>.</li><li>Type <span>msinfo32.exe</span>, and then press Enter.</li><li>In <strong>System Information</strong>, review the value for <strong>System Type</strong>.<ul><li>For 32-bit editions of Windows, the <strong>System Type</strong> value is <strong>x86-based PC</strong>.</li><li>For 64-bit editions of Windows, the <strong>System Type</strong> value is <strong>x64-based PC</strong>.</li></ul></li></ol><p><span>For more information about how to determine whether you are running a 32-bit or 64-bit edition of Windows, click the following article number to view the article in the Microsoft Knowledge Base:</span></p><div><span><a href=“https://support.microsoft.com/en-us/help/827218”>827218 </a>How to determine whether a computer is running a 32-bit version or a 64-bit version of the Windows operating system</span></div></body></html>