Microsoft KB Archive/822925

= MS03-032: August 2003 Cumulative Patch for Internet Explorer =

Article ID: 822925

Article Last Modified on 7/30/2007

-

APPLIES TO

 Microsoft Internet Explorer 6.0, when used with:  Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)

 Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)

 Microsoft Windows Server 2003, Standard Edition (32-bit x86)

 Microsoft Windows Server 2003, Web Edition</li></ul>

 Microsoft Windows XP Professional</li></ul>

 Microsoft Windows Server 2003, Datacenter x64 Edition</li></ul>

 Microsoft Windows Server 2003, Enterprise x64 Edition</li></ul>

 Microsoft Windows XP Professional for Itanium-based systems</li></ul> </li> Microsoft Internet Explorer 6.0 Service Pack 1, when used with:  Microsoft Windows XP Professional</li></ul>

 Microsoft Windows XP Embedded</li></ul>

 Microsoft Windows 2000 Service Pack 3</li></ul>

 <li>Microsoft Windows 2000 Service Pack 4</li></ul>

<ul> <li>Microsoft Windows NT 4.0 Service Pack 6a</li></ul>

<ul> <li>Microsoft Windows Millennium Edition</li></ul>

<ul> <li>Microsoft Windows 98 Second Edition</li></ul> </li> <li>Microsoft Internet Explorer 6.0, when used with: <ul> <li>Microsoft Windows XP Professional for Itanium-based systems</li></ul> </li> <li>Microsoft Internet Explorer 5.5, when used with: <ul> <li>Microsoft Windows 2000 Service Pack 3</li></ul>

<ul> <li>Microsoft Windows 2000 Service Pack 4</li></ul>

<ul> <li>Microsoft Windows NT 4.0 Service Pack 6a</li></ul>

<ul> <li>Microsoft Windows Millennium Edition</li></ul>

<ul> <li>Microsoft Windows 98 Second Edition</li></ul> </li> <li>Microsoft Internet Explorer 5.01 Service Pack 4, when used with: <ul> <li>Microsoft Windows 2000 Service Pack 4</li></ul> </li> <li>Microsoft Internet Explorer 5.01 Service Pack 3, when used with: <ul> <li>Microsoft Windows 2000 Service Pack 3</li></ul> </li></ul>

-

<div class="notice_section">

Technical Updates

 * November 4, 2003: In the &quot;Removal Information&quot; section, changed the reference from &quot;Internet Explorer Q818529&quot; to &quot;Internet Explorer Q822925.&quot;
 * September 19, 2003: Updated &quot;Known Issues&quot; section to include the &quot;HTTP 404 - File not found&quot; error message.
 * September 12, 2003: Updated the &quot;File Information&quot; section to correct the file list for Internet Explorer 5.5 SP2.
 * September 9, 2003: The following changes were made to this article:
 * Updated the &quot;File Information&quot; section to correct the file manifests for Internet Explorer 6 (32-Bit) for Windows Server 2003, Internet Explorer 6 (64-Bit) for Windows Server 2003 64-Bit Versions and Windows XP 64-Bit Edition, Version 2003, Internet Explorer 5.5 SP2 for Windows 2000 SP4, Windows 2000 SP3, Windows NT 4.0 SP6a, Windows Millennium Edition, and Windows 98 Second Edition, and Internet Explorer 5.01 for Windows 2000 SP4 and SP3.
 * Updated the &quot;Known Issues&quot; section to document an error that occurs when any request is made to ASP.NET 1.0 running on Windows XP or when you try to uninstall this patch if the Baan Front Office Client is installed.
 * August 25, 2003: Updated the &quot;Restart Requirements&quot; section of this article to indicate that you do not have to log on as an administrator to complete the installation of the Internet Explorer 6 versions of this update.

<div class="symptoms_section">

SYMPTOMS
Microsoft has released a cumulative patch for Internet Explorer. This cumulative patch includes updates for the issues that are described in the following Microsoft Knowledge Base article:

818529 MS03-020: June, 2003, Cumulative Patch for Internet Explorer

This cumulative patch also addresses the following newly-discovered vulnerabilities: <ul> <li>A vulnerability that involves the Internet Explorer cross-domain security model. The Internet Explorer cross-domain security model keeps windows of different domains from sharing information. This flaw could result in the execution of script in the My Computer zone. To exploit this flaw, an attacker would have to host a malicious Web site that contained a Web page that is designed to exploit this particular vulnerability and then persuade a user to visit that site. After the user has visited the malicious Web site, the attacker could run a malicious script by misusing the method that Internet Explorer uses to retrieve files from the browser cache, and cause that script to access information in a different domain. In the worst case, this could enable the Web site operator to load malicious script code onto a user's system in the context of the My Computer zone. Additionally, this flaw could also enable an attacker to run an executable file that was already present on the local system or to view files on the computer. The flaw exists because a file from the Internet with a maliciously-constructed URL can appear in the browser cache that is running in the My Computer zone.</li> <li>A vulnerability that occurs because Internet Explorer does not correctly determine an object type that is returned from a Web server. It could be possible for an attacker who exploited this vulnerability to run arbitrary code on a user's system. If a user visited an attacker's Web site, the attacker could exploit this vulnerability without any other user action. An attacker could also craft an HTML e-mail message that tried to exploit this vulnerability.</li> <li>A vulnerability that was discovered in the BR549.dll ActiveX control. This patch sets the Kill bit on the BR549 ActiveX control (CLSID: 167701E3-FDCF-11D0-A48E-006097C549FF). This control implemented support for the Microsoft Windows Reporting Tool, which is no longer supported by Internet Explorer. The control has been found to contain a security vulnerability, and, to protect customers who have this control installed, the patch prevents the control from running or from being reintroduced onto users' systems by setting the Kill bit for this control. For additional information about the Kill bit, click the following article number to view the article in the Microsoft Knowledge Base:

240797 How to Stop an ActiveX Control from Running in Internet Explorer

</li></ul>

In addition to these vulnerabilities, a change has been made to the way that Internet Explorer renders HTML files to address a flaw in the way that Internet Explorer renders Web pages. This flaw could cause the browser or Microsoft Outlook Express to fail. Internet Explorer does not correctly render an input type tag. When a user views an attacker's Web site, the user could inadvertently allow the attacker to exploit the vulnerability. Additionally, an attacker could craft a specially-formed HTML e-mail message that could cause Outlook Express to fail when the e-mail message is opened or is previewed.

Mitigating Factors

 * By default, Internet Explorer on Windows Server 2003 runs in Enhanced Security Configuration. This default configuration of Internet Explorer helps to block these attacks. If Internet Explorer Enhanced Security Configuration has been disabled, its protections that help to prevent these vulnerabilities from being exploited are removed.
 * In the Web-based attack scenario, the attacker would have to host a Web site that contained a Web page to exploit these vulnerabilities. An attacker would have no way to force users to visit a malicious Web site outside the HTML e-mail vector. Instead, the attacker would have to lure them there, typically by getting them to click a link that would take them to the attacker's site.
 * Code that is executed on the system would only run under the rights of the logged-on user.

Notes <ul> <li>As with the previous Internet Explorer cumulative patch that was released with security bulletin MS03-020 (818529), this cumulative patch also sets the Kill bit on the following ActiveX controls:

For additional information about the Kill bit, click the following article number to view the article in the Microsoft Knowledge Base:

240797 How to Stop an ActiveX Control from Running in Internet Explorer

</li> <li>Because this patch sets the Kill bit on the Microsoft HTML Help control, you may experience broken links in Help if you have not installed the updated HTML Help control from Microsoft Knowledge Base article 811630. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

811630 HTML Help Update to Limit Functionality When It Is Invoked with the window.showHelp Method

</li> <li>As with the previous Internet Explorer cumulative patches that were released with security bulletins MS03-004 (810847), MS03-015 (813489), and MS03-020 (818529), this cumulative patch causes the window.showHelp method to stop functioning if you have not applied the HTML Help update. If you have installed the updated HTML Help control from Microsoft Knowledge Base article 811630, you can still use HTML Help functionality after you apply this update. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

811630 HTML Help Update to Limit Functionality When It Is Invoked with the window.showHelp Method

</li></ul>

<div class="resolution_section">

Download Information
To download and to install this update, visit the Microsoft Windows Update Web site, and then install critical update 822925:

http://windowsupdate.microsoft.com

Administrators can download this update from the Microsoft Download Center or from the Microsoft Windows Update Catalog to deploy to multiple computers. If you want to install this update later on one or more computers, search for this article ID number by using the Advanced Search Options feature in the Windows Update Catalog. For additional information about how to download updates from the Windows Update Catalog, click the following article number to view the article in the Microsoft Knowledge Base:

323166 HOW TO: Download Windows Updates and Drivers from the Windows Update Catalog

To download this update from the Microsoft Download Center, visit the following Microsoft Web site:

http://www.microsoft.com/windows/ie/ie6/downloads/critical/822925/default.mspx

For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:

119591 How to Obtain Microsoft Support Files from Online Services

Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.

Installation Information
You must be logged on as an administrator to install this update. To download and to install this update, visit the Windows Update Web site, and then install critical update 822925:

http://windowsupdate.microsoft.com

To install a downloaded version of this update, run the 822925 critical update package that you downloaded by using the appropriate Setup switches. Administrators can deploy this update by using Microsoft Software Update Services (SUS). For additional information about SUS, click the following article number to view the article in the Microsoft Knowledge Base:

810796 Software Update Services Overview white paper available

To verify that this update has been installed, use the Microsoft Baseline Security Analyzer (MBSA). For additional information about MBSA, see the following Microsoft Web site:

http://www.microsoft.com/technet/security/tools/mbsahome.mspx

You may also be able to verify that this update has been installed by using any of the following methods: <ul> <li>Confirm that Q822925 is listed in the Update Versions field in the About Internet Explorer dialog box. You cannot use this method on Windows Server 2003 or on Windows XP 64-Bit Edition, Version 2003 because the package does not update the Update Versions field for these operating systems.</li> <li>Compare the versions of the updated files on your computer to the files that are listed in the &quot;File Information&quot; section in this article.</li> <li>Confirm that the following registry entries exist. <ul> <li>Windows Server 2003 and Windows XP 64-Bit Edition, Version 2003:

Confirm that the  DWORD value with a data value of 1 appears in the following registry key:

</li> <li>All other versions of Windows:

Confirm that the  DWORD value with a data value of 1 appears in the following registry key:

</li></ul> </li></ul>

Prerequisites
Microsoft has tested the versions of Windows and the versions of Internet Explorer that are listed in this article to assess whether they are affected by these vulnerabilities and to confirm that the update that is described in this article addresses these vulnerabilities.

To install the Internet Explorer 6 for Windows Server 2003 versions of this update, you must be running Internet Explorer 6 (version 6.00.3790.0000) on Windows Server 2003 (32-bit or 64-bit) or Internet Explorer 6 on Windows XP 64-Bit Edition, Version 2003.

To install the Internet Explorer 6 Service Pack 1 (SP1) versions of this update, you must be running Internet Explorer 6 SP1 (version 6.00.2800.1106) on Windows XP 64-Bit Edition, Version 2002, Windows XP SP1, Windows XP, Windows 2000 Service Pack 4 (SP4), Windows 2000 Service Pack 3 (SP3), Windows NT 4.0 Service Pack 6a (SP6a), or Windows Millennium Edition.

To install the Internet Explorer 6 version of this update, you must be running Internet Explorer 6 (version 6.00.2600.0000) on Windows XP.

To install the Internet Explorer 5.5 version of this update, you must be running Internet Explorer 5.5 SP2 (version 5.50.4807.2300) on Windows 2000 SP4, Windows 2000 SP3, Windows NT 4.0 SP6a, or Windows Millennium Edition.

To install the Internet Explorer 5.01 version of this update, you must be running Internet Explorer 5.01 SP4 (version 5.00.3700.1000) on Windows 2000 SP4 or Internet Explorer 5.01 SP3 (version 5.00.3502.1000) on Windows 2000 SP3.

Note Versions of Windows and versions of Internet Explorer that are not listed in this article are either in the extended phase of the product life cycle or are no longer supported. Although you can install some of the update packages that are described in this article on these versions of Windows and of Internet Explorer, Microsoft has not tested these versions to assess whether they are affected by these vulnerabilities or to confirm that the update that is described in this article addresses these vulnerabilities. Microsoft recommends that you upgrade to a supported version of Windows and of Internet Explorer and then apply the appropriate update. If you are running a version of Windows or of Internet Explorer that is in the extended phase of the product life cycle, and if you have an Extended Support Contract, contact your Technical Account Manager (TAM) or Applications Development Consultant (ADC) for information about an update for your configuration. For additional information about how to determine which version of Internet Explorer you are running, click the following article number to view the article in the Microsoft Knowledge Base:

164539 How to Determine Which Version of Internet Explorer Is Installed

For additional information about support life cycles for Windows components, visit the following Microsoft Web site:

http://www.microsoft.com/windows/lifecycle/default.mspx

For additional information about how to obtain Internet Explorer 6 SP1, click the following article number to view the article in the Microsoft Knowledge Base:

328548 How to Obtain the Latest Service Pack for Internet Explorer 6

For additional information about how to obtain the latest service pack for Internet Explorer 5.5, click the following article number to view the article in the Microsoft Knowledge Base:

276369 How to Obtain the Latest Service Pack for Internet Explorer 5.5

For additional information about how to obtain Internet Explorer 5.01 SP3, click the following article number to view the article in the Microsoft Knowledge Base:

267954 How to Obtain the Latest Internet Explorer 5.01 Service Pack

Restart Requirements
For the Internet Explorer 6 versions of this update, you must restart your computer to complete the installation of this update. For the Internet Explorer 5.01 and 5.5 versions of this update, you must restart your computer and then log on as an administrator to complete the installation of this update on Windows NT-based and Windows 2000-based computers.

Previous Update Status
This update supercedes the MS03-020: June, 2003, Cumulative Patch for Internet Explorer (818529).

Setup Switches
The Windows Server 2003 versions of this patch (including Windows XP 64-Bit Edition, Version 2003) support the following Setup switches:
 * /? Show the list of installation switches.
 * /u Use Unattended mode.
 * /f Force other programs to quit when the computer shuts down.
 * /n Do not back up files for removal.
 * /o Overwrite OEM files without prompting.
 * /z Do not restart when installation is complete.
 * /q Use Quiet mode (no user interaction).
 * /l List installed hotfixes.
 * /x Extract the files without running Setup.

For example, to install the Windows Server 2003 32-Bit patch without any user intervention, use the following command:

windowsserver2003-kb822925-x86-enu.exe /u /q

To install this patch without forcing the computer to restart, use the following command:

windowsserver2003-kb822925-x86-enu.exe /z

Note You can combine these switches in one command.

For information about how to deploy this patch by using Software Update Services, visit the following Microsoft Web site:

http://technet.microsoft.com/en-us/wsus/bb466201.aspx

The other update packages for this patch support the following switches:
 * /q: Use Quiet mode or suppress messages when the files are being extracted.
 * /q:u: Use User-Quiet mode. User-Quiet mode presents some dialog boxes to the user.
 * /q:a Use Administrator-Quiet mode. Administrator-Quiet mode does not present any dialog boxes to the user.
 * /t:  Specify the location of the temporary folder that is used by Setup or the target folder for extracting files (when using /c).
 * /c Extract the files without installing them. If /t:  is not specified, you are prompted for a target folder.
 * /c:  Specify the path and the name of the Setup .inf file or the .exe file.
 * /r:n Never restart the computer after installation.
 * /r:i Prompt the user to restart the computer if a restart is required, except when this switch is used with the /q:a switch.
 * /r:a Always restart the computer after installation.
 * /r:s Restart the computer after installation without prompting the user.
 * /n:v Do not check version. Use this switch with caution to install the update on any version of Internet Explorer.

For example, to install the update without any user intervention and to not force the computer to restart, use the following command:

q822925.exe /q:a /r:n

File Information
The English version of this patch has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

The following files are installed in the %Windir%\System folder on Windows 98 Second Edition and on Windows Millennium Edition. They are installed in the %Windir%\System32 folder on Windows NT 4.0, on Windows 2000, on Windows XP, and on Windows Server 2003.

Internet Explorer 6 (32-Bit) for Windows Server 2003
<pre class="fixed_text">  Date         Time   Version            Size    File name --  05-Aug-2003  22:37  6.0.3790.64     2,917,376  Mshtml.dll   RTMGDR 05-Aug-2003 22:37  6.0.3790.59     1,394,176  Shdocvw.dll  RTMGDR 05-Aug-2003 22:37  6.0.3790.75       509,440  Urlmon.dll   RTMGDR 05-Aug-2003 22:35  6.0.3790.72     2,917,376  Mshtml.dll   RTMQFE 05-Aug-2003 22:35  6.0.3790.59     1,394,176  Shdocvw.dll  RTMQFE 05-Aug-2003 22:35  6.0.3790.75       509,440  Urlmon.dll   RTMQFE

Internet Explorer 6 (64-Bit) for Windows Server 2003 64-Bit Versions and Windows XP 64-Bit Edition, Version 2003
<pre class="fixed_text">  Date         Time   Version            Size    File name    Platform   Folder -  05-Aug-2003  22:37  6.0.3790.64     8,209,920  Mshtml.dll       IA64   RTMGDR 05-Aug-2003 22:37  6.0.3790.59     3,359,744  Shdocvw.dll      IA64   RTMGDR 05-Aug-2003 22:37  6.0.3790.75     1,271,808  Urlmon.dll       IA64   RTMGDR 05-Aug-2003 22:37  6.0.3790.64     2,917,376  Wmshtml.dll      X86    RTMGDR 05-Aug-2003 22:37  6.0.3790.59     1,394,176  Wshdocvw.dll     X86    RTMGDR 05-Aug-2003 22:37  6.0.3790.75       509,440  Wurlmon.dll      X86    RTMGDR 05-Aug-2003 22:30  6.0.3790.72     8,209,920  Mshtml.dll       IA64   RTMQFE 05-Aug-2003 22:30  6.0.3790.59     3,359,744  Shdocvw.dll      IA64   RTMQFE 05-Aug-2003 22:30  6.0.3790.75     1,271,808  Urlmon.dll       IA64   RTMQFE 05-Aug-2003 22:35  6.0.3790.72     2,917,376  Wmshtml.dll      X86    RTMQFE 05-Aug-2003 22:35  6.0.3790.59     1,394,176  Wshdocvw.dll     X86    RTMQFE 05-Aug-2003 22:35  6.0.3790.75       509,440  Wurlmon.dll      X86    RTMQFE

Internet Explorer 6 SP1 (32-Bit) for Windows XP SP1, Windows XP, Windows 2000 SP3, Windows 2000 SP4, Windows NT 4.0 SP6a, Windows Millennium Edition, and Windows 98 Second Edition
<pre class="fixed_text">  Date         Time   Version            Size    File Name --  13-Jul-2003  20:02  6.0.2800.1226   2,793,472  Mshtml.dll 23-May-2003 17:15  6.0.2800.1203   1,338,880  Shdocvw.dll 13-Jul-2003 20:05  6.0.2800.1226     395,264  Shlwapi.dll 13-Jul-2003 20:03  6.0.2800.1226     483,840  Urlmon.dll

Internet Explorer 6 SP1 (64-Bit) for Windows XP 64-Bit Edition, Version 2002
<pre class="fixed_text">  Date         Time     Version           Size     File Name --  07/13/2003  03:18 PM  6.0.2800.1226  9,078,784   Mshtml.dll 05/23/2003 12:39 PM  6.0.2800.1203  3,648,000   Shdocvw.dll 07/13/2003 03:27 PM  6.0.2800.1226  1,095,168   Shlwapi.dll 07/13/2003 03:24 PM  6.0.2800.1226  1,412,096   Urlmon.dll

Internet Explorer 6 (32-Bit) for Windows XP
<pre class="fixed_text">  Date         Time   Version            Size    File Name --  17-Jun-2003  22:20  6.0.2730.1700   2,762,752  Mshtml.dll 11-Jul-2003 14:59  6.0.2722.900       34,304  Pngfilt.dll 05-Mar-2002 00:09  6.0.2715.400      548,864  Shdoclc.dll 22-May-2003 22:49  6.0.2729.2200   1,336,320  Shdocvw.dll 11-Jul-2003 14:59  6.0.2730.1200     391,168  Shlwapi.dll 11-Jul-2003 14:59  6.0.2715.400      109,568  Url.dll 11-Jul-2003 14:57  6.0.2731.1000     481,792  Urlmon.dll 06-Jun-2002 17:38  6.0.2718.400      583,168  Wininet.dll

Internet Explorer 5.5 SP2 for Windows 2000 SP4, Windows 2000 SP3, Windows NT 4.0 SP6a, Windows Millennium Edition, and Windows 98 Second Edition
<pre class="fixed_text">  Date         Time   Version         Size       File name --  17-Jun-2003  22:03  5.50.4930.1700  2,759,440  Mshtml.dll 17-Oct-2002 00:01  5.50.4922.900      48,912  Pngfilt.dll 22-May-2003 23:09  5.50.4929.2200  1,149,200  Shdocvw. 12-Jun-2003 20:24  5.50.4930.1200    300,816  Shlwapi.dll 05-Mar-2002 01:53  5.50.4915.500      84,240  Url.dll 10-Jul-2003 20:23  5.50.4931.1000    451,344  Urlmon.dll 06-Jun-2002 21:27  5.50.4918.600     481,552  Wininet.dll

Internet Explorer 5.01 for Windows 2000 SP4 and SP3
<pre class="fixed_text">  Date         Time   Version            Size    File name --  18-Jun-2003  00:32  5.0.3806.1700   2,281,744  Mshtml.dll 12-Jun-2003 23:15  5.0.3806.1200      48,912  Pngfilt.dll 12-Jun-2003 23:08  5.0.3806.1200   1,099,536  Shdocvw.dll 12-Jun-2003 23:07  5.0.3806.1200     279,824  Shlwapi.dll 05-Mar-2002 01:53  5.50.4915.500      84,240  Url.dll 12-Jun-2003 23:16  5.0.3806.1200     409,360  Urlmon.dll 12-Jun-2003 23:16  5.0.3806.1200     445,200  Wininet.dll Notes <ul> <li>When you install this security patch on a Windows Server 2003-based or Windows XP 64-Bit Edition Version 2003-based computer, the installer checks to see if any of the files that are being updated on your computer have previously been updated by a Microsoft hotfix. If you have previously installed a hotfix to update one of these files, then the installer copies the RTMQFE files to your computer. Otherwise, the installer copies the RTMGDR files to your computer. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

824994 Description of the Contents of a Windows Server 2003 Product Update Package

</li> <li>Because of file dependencies and Setup or removal requirements, these update packages may also contain additional files.</li></ul>

Removal Information
To remove this update, use the Add or Remove Programs tool (or the Add/Remove Programs tool) in Control Panel. Click Internet Explorer Q822925, and then click Change/Remove (or click Add/Remove).

On Windows Server 2003 and on Windows XP 64-Bit Edition, Version 2003, system administrators can use the Spunist.exe utility to remove this patch. The Spuninst.exe utility is located in the %Windir%\$NTUninstallKB818529$\Spuninst folder. This utility supports the following Setup switches:
 * /? Show the list of installation switches.
 * /u Use Unattended mode.
 * /f Force other programs to quit when the computer shuts down.
 * /z Do not restart when installation is complete.
 * /q Use Quiet mode (no user interaction).

On all other versions of Windows, system administrators can use the Ieuninst.exe utility to remove this update. This patch installs the Ieuninst.exe utility to the %Windir% folder. This utility supports the following command-line switches:
 * /? Show the list of supported switches.
 * /z Do not restart when installation is complete.
 * /q Use Quiet mode (no user interaction).

For example, to remove this update quietly, use the following command:

c:\windows\ieuninst /q c:\windows\inf\q822925.inf

Note This command assumes that Windows is installed in the C:\Windows folder.

<div class="moreinformation_section">

MORE INFORMATION
For more information about this patch, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/bulletin/MS03-032.mspx

Known Issues
<ul> <li>After you apply the cumulative security patch for Internet Explorer that is included in Microsoft Security Bulletin MS03-032, you may receive the following error message when you try to visit Web pages that are opened by JavaScript functions in frames or in windows:

HTTP 404 - File not found

For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

827667 &quot;HTTP 404 - File Not Found&quot; Error Message When You Try to Visit Web Pages That Are Opened by JavaScript Functions in Frames or in Windows

</li> <li>After you install this patch, you may receive the following error message when any request is made to ASP.NET 1.0 running on Windows XP:

Server Application Unavailable

For additional information about this issue, click the following article number to view the article in the Microsoft Knowledge Base:

827641 BUG: &quot;Server Application Unavailable&quot; Error Message from ASP.NET After You Install the MS03-032 Security Update

</li> <li>You may receive the following error message when you try to remove this patch:

There was an error in trying to uninstall the patch.

This problem may occur if you have the Baan Front Office Client installed. The Baan Front Office Client adds information to the Path string value in the following registry key:

To resolve this problem, follow these steps: <ol> <li>Click Start, click Run, type regedit, and then click OK.</li> <li>Locate and click the following registry key:

</li> <li>Right-click the Path string value, and then click Modify.</li> <li>In the Value data box, remove the semicolon and any text that appears after &quot;Internet Explorer.&quot; For example, the Value data box should contain text similar to the following:

C:\Program Files\Internet Explorer

</li></ol> </li> <li>To correctly remove (uninstall) more than one cumulative update for Internet Explorer on a computer that is running Windows Server 2003 or Windows XP 64-Bit Edition, Version 2003, you must remove the updates in the same order that they were installed. For example, if you install 818529, and then install 822925, you must remove 822925 before you remove 818529.</li> <li>On a Windows 2000-based or on a Windows XP-based computer, you can install the 813489 or the 818529 critical update after you install the 822925 critical update. If you do this, the updated files in the 822925 critical update are replaced by the older files in the 813489 or the 818529 critical updates. To resolve this issue, reinstall the 822925 critical update.</li> <li>You can install the Internet Explorer 5.5 SP2 version of the 822925 critical update on a Windows 2000 SP3-based computer that is running Internet Explorer 5.01 SP3. To resolve this issue, remove the Internet Explorer 5.5 SP2 version of the 818529 critical update, and then install the Internet Explorer 5.01 SP3 version of the 818529 critical update. Administrators can use the Ieuninst.exe tool to remove the Internet Explorer 5.5 SP2 update. For more information, see the &quot;Removal Information&quot; section of this article. For example, to remove the update quietly, use the following command:

c:\windows\ieuninst /q c:\windows\inf\q818529.inf

Note This command assumes that Windows is installed in the C:\Windows folder.</li> <li>On a computer that is running Windows XP, Windows 2000, Windows NT, Windows Millennium Edition, or Windows 98 Second Edition, after you remove the 818529 critical update, you cannot remove previous cumulative updates for Internet Explorer (such as the 813489 critical update). This behavior is by design. Removing is supported only for the last cumulative update that you installed.</li> <li>For additional information about known issues that may occur after you install this update, click the following article number to view the article in the Microsoft Knowledge Base:

325192 Issues After You Install Updates to Internet Explorer or Windows

</li></ul>

Keywords: KB822925

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.