Microsoft KB Archive/912812

= MS06-013: Cumulative security update for Internet Explorer =

Article ID: 912812

Article Last Modified on 12/3/2007

-

APPLIES TO

 Microsoft Internet Explorer 6.0 Service Pack 1, when used with:  Microsoft Windows 2000 Advanced Server

 Microsoft Windows 2000 Datacenter Server

 Microsoft Windows 2000 Professional Edition

 Microsoft Windows 2000 Service Pack 4</li></ul>

 Microsoft Windows Millennium Edition</li></ul>

 Microsoft Windows 98 Second Edition</li></ul>

 Microsoft Windows 98 Standard Edition</li></ul> </li> Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)</li> Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)</li> Microsoft Windows Server 2003, Standard Edition (32-bit x86)</li> Microsoft Windows Server 2003, Web Edition</li> Microsoft Windows Server 2003, Datacenter x64 Edition</li> Microsoft Windows Server 2003, Standard x64 Edition</li> Microsoft Windows Server 2003, Enterprise x64 Edition</li> Microsoft Windows Server 2003 Service Pack 1, when used with:  Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)</li></ul>

<ul> <li>Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)</li></ul>

<ul> <li>Microsoft Windows Server 2003, Standard Edition (32-bit x86)</li></ul>

<ul> <li>Microsoft Windows Server 2003, Web Edition</li></ul>

<ul> <li>Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems</li></ul>

<ul> <li>Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems</li></ul> </li> <li>Microsoft Windows Small Business Server 2003 Premium Edition</li> <li>Microsoft Windows Small Business Server 2003 Standard Edition</li> <li>Microsoft Windows XP Service Pack 1, when used with: <ul> <li>Microsoft Windows XP Professional</li></ul>

<ul> <li>Microsoft Windows XP Home Edition</li></ul> </li> <li>Microsoft Windows XP Service Pack 2, when used with: <ul> <li>Microsoft Windows XP Home Edition</li></ul>

<ul> <li>Microsoft Windows XP Professional</li></ul> </li> <li>Microsoft Windows XP Media Center Edition 2005</li> <li>Microsoft Windows XP Tablet PC Edition 2005</li> <li>Microsoft Windows XP Professional x64 Edition</li> <li></li> <li>Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems</li> <li>Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems</li></ul>

-

<div class="notice_section">

<div class="summary_section">

Microsoft has released security bulletin MS06-013. This security bulletin contains all the relevant information about the security update. This information includes the file manifest information and the deployment options. To view the complete security bulletin, visit one of the following Microsoft Web sites, as appropriate for your situation: <ul> <li>Home users:

http://www.microsoft.com/athome/security/update/bulletins/200604.mspx

</li> <li>IT professionals:

http://www.microsoft.com/technet/security/bulletin/ms06-013.mspx

</li></ul>

Notes <ul> <li>Controls that prompt before they are loaded

Note This issue occurs on Web sites that do not use the recommended techniques. This issue is resolved by using the techniques that are described on the following Web site:

http://msdn.microsoft.com/ieupdate

When certain controls are loaded on a Web page, the controls are not correctly masked by the functionality of this update. These controls include controls that are used in Macromedia Shockwave Director, in QuickTime Player, and in Virtools Web Player. When Windows determines that a control is inactive, the system prompts the user before the control is loaded.</li> <li>Compatibility Patch Available (security update 917425)

The Internet Explorer ActiveX update (update 912945), is contained in this cumulative security update for Windows XP Service Pack 2, for Windows Server 2003 Service Pack 1, for Windows XP Professional x64 Edition, for Windows Server 2003 x64 Edition family, and for Windows Server 2003 with Service Pack 1 for Itanium-based Systems. With this update, customers can interact with Microsoft ActiveX controls that are loaded in certain Web pages only after they manually activate their user interfaces by clicking these interfaces or by using the TAB key and ENTER keys. To help customers who need more time to prepare for the update, Microsoft released a Compatibility Patch. After it is deployed, the Compatibility Patch will temporarily return Internet Explorer to the way that it used to handle ActiveX controls. This patch will function until the June cumulative Internet Explorer update is released. Then, the changes to the way Internet Explorer handles ActiveX controls will be permanent.

917425 Internet Explorer ActiveX compatibility patch for Mshtml.dll

</li> <li>Siebel programs that use ActiveX controls

Software update 912945 affects all Siebel 7 High Interactive clients. After you apply this update, you must click several times to interact with the Siebel program. You must click one time for each ActiveX control in the program. Siebel is working with Microsoft to identify a solution. A Siebel product update is expected to be released in the spring of 2006. Customers can apply the Compatibility Patch 917425 to disable the Internet Explorer ActiveX update behavior. For more information about Siebel product updates, visit the following Siebel Support Web site:

https://ebusiness.siebel.com/supportweb/

</li> <li>Siebel program hangs

There is a known issue where Siebel 7 client hangs when users apply security update 912812. Customers can apply the Compatibility Patch 917425 to disable the Internet Explorer ActiveX update behavior. A Siebel product update is expected to be released in the spring of 2006. For more information about Siebel product updates, visit the following Siebel Support Web site:

https://ebusiness.siebel.com/supportweb/

</li> <li>ActiveX controls that use Java Platform, Standard Edition 1.3 or Standard Edition 1.4

After you click on an ActiveX applet control in a program that runs the applet control by using Java Platform, Standard Edition (J2SE) 1.3 or J2SE 1.4, the focus does not go to the applet control. You must click the control a second time to establish focus. The focus behavior works correctly in J2SE 1.5. To obtain the latest version of J2SE, visit the following Sun Microsystems, Inc. Web site:

http://java.sun.com/j2se

For techniques that you can use to make sure that ActiveX controls function without user interaction, visit the following MSDN Web site:

http://msdn.microsoft.com/ieupdate

</li> <li>Cumulative security update 910620 includes the security fixes that are documented in security bulletin MS06-004. The update rollup also includes hotfixes for Microsoft Internet Explorer that have been released after the release of security bulletin MS04-004 and after the release of security bulletin MS04-038.</li> <li>If update rollup 873377, update rollup 889669, or an Internet Explorer hotfix that was released after security bulletin MS04-038 are not installed, and if you want to install the hotfixes that are included in update rollup 896727, you must follow the instructions in Microsoft Knowledge Base article 897225. Otherwise, all Internet Explorer hotfixes that you have installed are removed.

897225 How to install hotfixes that are included in cumulative security updates for Internet Explorer 6 Service Pack 1

</li></ul>

<div class="moreinformation_section">

Known issues
<ul> <li>In Microsoft Windows XP with Service Pack 2 and in Microsoft Windows Server 2003 with Service Pack 1, the Add or Remove Programs item in Control Panel lists software updates. Add or Remove Programs lists software updates under the name of the product that the updates apply to. In Windows XP with Service Pack 2, Add or Remove Programs lists this update under Windows XP - Software Updates. In Windows XP with Service Pack 2, Add or Remove Programs does not show &quot;Installed On&quot; information for this software update. Therefore, this software update does not appear in the order of installation. Instead, this software update appears at the top of the Windows XP – Software Updates list.</li> <li>After you install this security update, chapters in some Windows Media High Definition Video (WMV HD) DVDs do not play when you click the chapters in Microsoft Windows Media Player.

For more information about this issue, click the following article number to view the article in the Microsoft Knowledge Base:

884487 A chapter does not play when you click it in some WMV HD DVD disks in Windows Media Player

</li> <li>ActiveX controls may not load as you expect in Internet Explorer. For more information about this issue, click the following article number to view the article in the Microsoft Knowledge Base:

909889 ActiveX controls may not load as expected in Internet Explorer due to defense in depth changes introduced in cumulative security update 896688 (MS05-052)

</li> <li>A Web page that contains an ActiveX control may not load as you expect in Internet Explorer. For more information about this issue, click the following article number to view the article in the Microsoft Knowledge Base:

909738 A Web page that contains a custom ActiveX control may not load as expected in Internet Explorer due to defense in depth changes introduced in cumulative security update 896688 (MS05-052)

</li> <li>The use of monikers is no longer supported in Internet Explorer. For more information about this issue, click the following article number to view the article in the Microsoft Knowledge Base:

906294 The use of monikers is no longer supported in Internet Explorer after installing the security updates provided by cumulative security update 896727 (MS05-038)

</li> <li>A security warning dialog box for mixed content appears when you open PDF files by using HTTPS URLs. In certain cases, after you apply update 912945, a security warning dialog appears when mixed content is displayed. This problem occurs when you try to open a PDF file by using HTTPS URLs. This issue is resolved in the latest Internet Explorer cumulative update (916281). For more information, click the following article number to view the article in the Microsoft Knowledge Base:

916281 MS06-021: Cumulative security update for Internet Explorer

</li> <li>.NET controls

Access violations have been reported with pages that include Microsoft .NET WinForms controls. This issue is resolved in the latest Internet Explorer cumulative update (916281).</li> <li>Performance issues

In certain cases, when a page contains many ActiveX controls that require activation, the page may render very slowly. This issue is resolved in the latest Internet Explorer cumulative update (916281).</li> <li>After you apply this security update for Internet Explorer 6 Service Pack 1 in Microsoft Windows 98, in Microsoft Windows 98 SE, or in Microsoft Windows Millennium Edition, you may be unable to install new ActiveX controls from Internet Explorer. Microsoft plans to address the issue in the next Internet Explorer Cumulative Update. Until that time, customers may install the ActiveX control from a separate installation source that does not use Internet Explorer.</li></ul>

Additional query words: update security_patch security_update security bug flaw vulnerability malicious attacker exploit registry unauthenticated buffer overrun overflow specially-formed scope specially-crafted denial of service DoS TSE WinNT Win2000

Keywords: kbwinserv2003sp2fix kbqfe kbsecurity kbsecbulletin kbsecvulnerability kbwinxppresp2fix kbbug kbfix kbwinserv2003presp1fix kbwin2000presp5fix kbwinnt400presp7fix kbpubtypekc KB912812

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.