Microsoft KB Archive/834707

= MS04-038: Cumulative Security Update for Internet Explorer =

Article ID: 834707

Article Last Modified on 6/5/2006

-

APPLIES TO


 * Microsoft Internet Explorer 5.01 Service Pack 3
 * Microsoft Internet Explorer 5.01 Service Pack 4
 * Microsoft Internet Explorer 5.5
 * Microsoft Internet Explorer 6.0
 * Microsoft Internet Explorer 6.0 Service Pack 1

-





Microsoft has released security bulletin MS04-038. The security bulletin contains all the relevant information about the security update, including file manifest information and deployment options. To view the complete security bulletin, visit the following Microsoft Web site:

Consumer:

http://www.microsoft.com/athome/security/update/bulletins/default.mspx

IT Professional:

http://www.microsoft.com/technet/security/bulletin/MS04-038.mspx

  Microsoft Internet Explorer 6 Service Pack 1 (SP1) hotfixes that were released after Microsoft security bulletin MS04-004 may not be included in the 834707 security update that is documented in Microsoft security bulletin MS04-038. Update rollup 873377 includes the cumulative security fixes in security update 834707 and Internet Explorer hotfixes that were released after Microsoft security bulletin MS04-004. Update rollup 873377 is available from the Microsoft Download Center. You may have to install update rollup 873377 if you require Internet Explorer 6 SP1 (Version 6.00.2800.1106) hotfixes. For more information about update rollup 873377, click the following article number to view the article in the Microsoft Knowledge Base:

873377 An update rollup is available for Internet Explorer 6 Service Pack 1

Known issues
Notes  If you are not running Internet Explorer 6 SP1 (Version 6.00.2800.1106), you do not have to install update rollup 873377. Instead, you can install the 834707 security update that is documented in Microsoft security bulletin MS04-038. The 834707 security updates for other versions of Internet Explorer include the hotfixes that were released after security update 832894 and the cumulative security fixes that are documented in Microsoft security bulletin MS04-038. When you connect to a Microsoft Exchange Server 2003 computer by using Outlook Web Access, you cannot open the Change Rules window by double-clicking the rule that you want. To modify the rule, click to select the rule, and then click Change Rule. Update 829165, update 831923, update 812989, update 813503, and update 873346 are included in all the 834707 security update packages.  Microsoft Baseline Security Analyzer (MBSA), the scanning tool that is used by Microsoft Systems Management Server (SMS), can detect computers that require the security updates that are documented in Microsoft security bulletin MS04-038. However, MBSA cannot provide SMS with the information that is required to download and deploy the appropriate MS04-038 security update packages for Internet Explorer 6 SP1 for Microsoft Windows NT 4.0 and Internet Explorer 6 SP1 for Microsoft Windows 2000 and Microsoft Windows XP. To resolve this problem, we have released an SMS deployment package to the Microsoft Download Center. For more information about how to obtain and use the SMS deployment package, click the following article number to view the article in the Microsoft Knowledge Base:

887437 Systems Management Server deployment packages are available for MS04-038 security updates for Internet Explorer 6 Service Pack 1

 After you install the MS04-038 security updates for Internet Explorer, some dynamic HTML (DHTML) drag-and-drop operations are blocked by Internet Explorer. For more information about this issue, click the following article number to view the article in the Microsoft Knowledge Base:

887614 Some DHTML drag-and-drop operations are blocked after you apply the MS04-038 security updates for Internet Explorer

</li> Security update 834707 includes a change to the way that Internet Explorer handles function pointers. This change in functionality occurs when an event handler points directly to a Document Object Model (DOM) function. For more information about this issue, click the following article number to view the article in the Microsoft Knowledge Base:

887741 Internet Explorer does not execute code when an event handler is set to directly reference a DOM function after you install the MS04-038 security update

</li> On Windows 2000-based computers, nothing occurs when you click the Close button in the Support Info dialog box for this security update. The Support Info dialog box is available from Add or Remove Programs in Control Panel. For more information about this issue, click the following article number to view the article in the Microsoft Knowledge Base:

887754 Close button does not work in the Add or Remove Programs Support Info dialog box

</li> You cannot uninstall Internet Explorer software updates on a computer that is running a Japanese version of Windows NT 4.0 SP6a Terminal Server Edition. To work around this problem, change to installation mode on the Terminal Server, uninstall the Internet Explorer software update, and then return to normal execution mode on the Terminal Server. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

887479 You cannot uninstall Internet Explorer software updates on Windows NT 4.0 SP6a Terminal Server Edition

</li> In Windows Media Player, when you click to play a chapter in some Windows Media High Definition Video (WMV HD) DVD disks, the chapter does not play after you install security update 834707. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

884487 A chapter does not play when you click it in some WMV HD DVD disks in Windows Media Player

</li></ul>

Additional query words: update security_patch security_update security bug flaw vulnerability malicious attacker exploit registry unauthenticated buffer overrun overflow specially-formed scope specially-crafted denial of service DoS TSE WinNT Win2000

Keywords: kbhotfixserver kbqfe kbsecurity kbsecbulletin kbsecvulnerability kbbug kbfix KB834707

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.