Description: This security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability. All of the vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The security update addresses these vulnerabilities by modifying the way that Internet Explorer handles the error resulting in the exploitable condition. Keep reading →

Microsoft posted the Security Bulletin Advance Notification for August 2008 today. In all, seven security updates are being released that affect the Windows Operating System, with five of them affecting Windows Vista. Three are ‘Important’, the other two ‘Critical’. Expect updates for the following issues on Tuesday, August 12th: Keep reading →

Consider the following scenario. You use Windows Internet Explorer to visit a Microsoft Office SharePoint Portal Server site. When you select Explorer View on the site, a WebDAV PROPFIND request is sent. However, an extra forward slash mark (/) is appended to the query path in the WebDAV PROPFIND request.

Because of this behavior, the request may be blocked by some firewalls, or it may be routed to the wrong server. In this scenario, you cannot access the correct resource.

This problem may occur in the following Microsoft Windows operating systems:

• Windows XP
• Windows Vista
• Windows Server 2008

Consider the following scenario:

• You have a computer that is running Windows Vista or Windows Server 2008.
• The computer has the User Account Control (UAC) and Internet Explorer 7 protected mode enabled.

In this scenario, Internet Explorer 7 may stop responding when you try to visit any Web site. When this problem occurs, a blank Internet Explorer window appears, and the pointer circles constantly. To escape this condition, you must end the Internet Explorer process (Iexplore.exe) in Task Manager. Or, you must restart the computer.

Notes

• Typically, this problem occurs the first time that you start Internet Explorer after the computer starts or when the computer resumes from sleep or suspend mode.
• Sometimes, the Internet Explorer does not start when you double-click the Internet Explorer icon.

Description: This security update resolves one privately reported and one publicly disclosed vulnerability. The privately reported vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The publicly disclosed vulnerability could allow information disclosure if a user viewed a specially crafted Web page using Internet Explorer. The security update addresses these vulnerabilities by modifying the way that Internet Explorer handles calls to HTML objects and validates data. Keep reading →

Vista hasn’t escaped the need for security updates in the month of June. All together, five updates affect Windows Vista; three critical, and two moderate. All updates affect both 32 and 64-bit systems, and it doesn’t matter if you have SP1 installed or not. Keep reading →

Consider the following scenario. You are running a 32-bit version of Microsoft Internet Explorer on a computer that is running a 64-bit version of a Microsoft Windows operating system. You enable the Make proxy settings per-machine (rather than per-user) Group Policy settings. In this scenario, you cannot access the Internet through a proxy server.

Description: This security update resolves one privately reported vulnerability. The vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Keep reading →

When you deploy the IE ACA update, it disables the “Click to activate” behavior of the Internet Explorer ActiveX update that is contained in update KB942615. The other security updates that are contained in update KB942615 are still present and are still functional.

We strongly recommend that you deploy this IE ACA update only to computers for testing before the “Click to activate” behavior is permanently removed in the Internet Explorer cumulative update that is planned for April 2008. Removing the “Click to activate” behavior from Internet Explorer will require no changes to existing Web pages. Additionally, the removal of this behavior will not require new actions for developers to create new pages. All pages that previously required the “Click to activate” behaviorwill no longer require that the user manually enables an ActiveX control. ActiveX controls will continue to function as they did before this change was made to the “Click to activate” behavior.

Consider the following scenario:

• In Windows Media Player, you enable the Use proxy settings of the Web browser option. (This is the default setting.)
• Your installation of Windows Internet Explorer uses a proxy server to access certain types of URLs.
  In this scenario, Windows Media Player does not use a proxy server as expected to access the same types of URLs. Therefore, Windows Media Player cannot load the content from these types of URLs.

  For example, in Internet Explorer, you add *.server to the Exceptions list in the Proxy Settings dialog box. However, Windows Media Player may unexpectedly bypass Web sites whose URLs contain the following:

  *.server*
  *.server.*

  When Internet Explorer accesses these URLs, it uses the proxy server as expected.