Microsoft KB Archive/931768

= MS07-027: Cumulative Security Update for Internet Explorer =

Article ID: 931768

Article Last Modified on 10/27/2007

-

APPLIES TO

 Windows Internet Explorer 7 Windows Internet Explorer 7, when used with:  Microsoft Windows Server 2003, Datacenter x64 Edition

 Microsoft Windows Server 2003, Standard x64 Edition

 

 Microsoft Windows XP Service Pack 2</li></ul>

 Microsoft Windows XP Professional x64 Edition</li></ul>

 Windows Vista Ultimate</li></ul>

 Windows Vista Enterprise</li></ul>

 Windows Vista Business</li></ul>

 Windows Vista Home Premium</li></ul>

 Windows Vista Home Basic</li></ul>

 Windows Vista Starter</li></ul>

<ul> <li>Windows Vista Ultimate 64-bit edition</li></ul>

<ul> <li>Windows Vista Enterprise 64-bit edition</li></ul>

<ul> <li>Windows Vista Business 64-bit edition</li></ul>

<ul> <li>Windows Vista Home Premium 64-bit edition</li></ul>

<ul> <li>Windows Vista Home Basic 64-bit edition</li></ul> </li> <li>Microsoft Windows Server 2003, Standard x64 Edition</li> <li>Microsoft Internet Explorer 6.0 Service Pack 1, when used with: <ul> <li>Microsoft Windows 2000 Service Pack 4</li></ul>

<ul> <li>Microsoft Windows 2000 Professional Edition</li></ul>

<ul> <li>Microsoft Windows 2000 Datacenter Server</li></ul>

<ul> <li>Microsoft Windows 2000 Advanced Server</li></ul> </li> <li>Microsoft Internet Explorer 6.0, when used with: <ul> <li>Microsoft Windows XP Service Pack 2</li></ul>

<ul> <li>Microsoft Windows XP Professional x64 Edition</li></ul>

<ul> <li></li></ul>

<ul> <li>Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)</li></ul>

<ul> <li></li></ul>

<ul> <li>Microsoft Windows Server 2003, Standard Edition (32-bit x86)</li></ul>

<ul> <li>Microsoft Windows Server 2003, Web Edition</li></ul>

<ul> <li>Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems</li></ul>

<ul> <li>Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems</li></ul>

<ul> <li>Microsoft Windows Server 2003, Datacenter x64 Edition</li></ul>

<ul> <li></li></ul>

<ul> <li>Microsoft Windows Server 2003, Standard x64 Edition</li></ul> </li> <li>Microsoft Internet Explorer 5.01 Service Pack 4, when used with: <ul> <li>Microsoft Windows 2000 Service Pack 4</li></ul>

<ul> <li>Microsoft Windows 2000 Professional Edition</li></ul>

<ul> <li>Microsoft Windows 2000 Datacenter Server</li></ul>

<ul> <li>Microsoft Windows 2000 Advanced Server</li></ul> </li></ul>

-

<div class="notice_section">

Notice
The update that this article describes has been replaced by a newer update. To resolve this problem, install the most current cumulative security update for Internet Explorer. To install the most current update, visit the following Microsoft Web site:

http://windowsupdate.microsoft.com

For more technical information about the most current cumulative security update for Internet Explorer, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/current.aspx

<div class="summary_section">

Introduction
Microsoft has released security bulletin MS07-027. The security bulletin contains all the relevant information about the security update. This information includes file manifest information and deployment options. To view the complete security bulletin, visit one of the following Microsoft Web sites: <ul> <li>Home users:

http://www.microsoft.com/athome/security/update/bulletins/200705.mspx

Skip the details: Download the update for your home computer or laptop from the Microsoft Update Web site now:

http://update.microsoft.com/microsoftupdate/

</li> <li>IT professionals:

http://www.microsoft.com/technet/security/bulletin/ms07-027.mspx

</li></ul>

<div class="moreinformation_section">

Known issues with this security update
<ul> <li>ActiveX controls that prompt before they are loaded

Note This issue occurs on Web sites that do not use the recommended techniques. This issue is resolved by using the techniques that are described on the following Microsoft Web site:

http://msdn2.microsoft.com/en-us/library/ms537508.aspx

When certain controls are loaded on a Web page, the controls are not correctly masked by the functionality of this update. These controls include controls that are used in Macromedia Shockwave Director, in QuickTime Player, and in Virtools Web Player. When Windows determines that a control is inactive, the system prompts the user before the control is loaded.</li> <li>Using monikers is no longer supported in Internet Explorer. For more information about this issue, click the following article number to view the article in the Microsoft Knowledge Base:

906294 The use of monikers is no longer supported in Internet Explorer after installing the security updates provided by cumulative security update 896727 (MS05-038)

</li> <li>After you install the Internet Explorer May 2007 Cumulative Security Update (MS07-027) for Windows Internet Explorer 7, you may be prompted with a File Download Security Warning dialog box that asks you to save the &quot;navcancl&quot; file. For more information about this issue, click the following article number to view the article in the Microsoft Knowledge Base:

937409 The &quot;File Download – Security Warning&quot; dialog box opens when you try to open Internet Explorer 7

</li> <li>You may receive an error message that resembles the following when you try to visit a Web page in Windows Internet Explorer 7:

Webpage cannot be displayed

For more information about this issue, click the following article number to view the article in the Microsoft Knowledge Base:

942818 Error message after you install a Windows Internet Explorer 7 update from Windows Update or from Microsoft Update: &quot;Webpage cannot be displayed&quot;

</li></ul>

General distribution release (GDR) fixes
Individual updates may or may not be installed depending on the version of Windows and the version of the affected application. Please view the individual articles to determine your update status. <ul> <li>

928494 InfoPath 2003 crashes when you click inside the Date Picker control on a form and then press the LEFT ARROW key

</li> <li>

928540 The &quot;File Download&quot; dialog box in Internet Explorer 6 closes unexpectedly even after you apply hotfix 896017

</li> <li>

929726 FIX: Error message when you enumerate the cache in Windows Internet Explorer 7: &quot;ERROR_INVALID_PARAMETER&quot;

</li> <li>

931657 The e-mail message header does not print when you try to print an e-mail message by using either Microsoft Office Outlook 2003 or Microsoft Outlook Express

</li> <li>

932538 When you print an e-mail message in either Office Outlook 2003 or Outlook Express, the printed message is so small that it is unreadable

</li> <li>

934817 BUG: A script that uses the execCommand function together with the SaveAs command does not save a Web page in Internet Explorer 7 on a Windows Vista-based computer

</li> <li>

929864 ActiveX controls are inactive when you access a Web page by using Internet Explorer 7

</li> <li>

932537 Web page content does not update as expected when you move the pointer into an inline frame in Internet Explorer 7

</li> <li>

932543 Internet Explorer 7 stops responding on a computer that is running the Korean version of Yahoo! Toolbar

</li> <li>

934819 FIX: After you install Internet Explorer 7, the Inetinfo.exe process may stop responding on a computer that is running both Windows Server 2003 Service Pack 1 and IIS 6.0

</li> <li>

932600 In some scenarios, you must remove Windows Server 2003 SP2 before you upgrade to the full retail version of Windows Small Business Server 2003 or migrate to Microsoft Windows Server 2003

</li></ul>

<div class="moreinformation_section">

Hotfixes
Security update 931768 packages for Windows XP and for Windows Server 2003 include Internet Explorer hotfix files and general distribution release (GDR) files. If no existing Internet Explorer files are from the hotfix environment, security update 931768 installs the GDR files. Hotfixes are intended to correct only the problems that are described in the Microsoft Knowledge Base articles that are associated with the hotfixes. Apply hotfixes only to systems that are experiencing these specific problems. These hotfixes may receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next service pack that contains these hotfixes. For more information about how to apply the hotfixes that are included in security update 931768, click the following article number to view the article in the Microsoft Knowledge Base:

897225 How to install hotfixes that are included in cumulative security updates for Internet Explorer

Note In addition to installing hotfix files, review the Microsoft Knowledge Base article that is associated with the specific hotfix that you have to install to determine the registry modification that is required to enable that specific hotfix. For more information about how to determine whether your existing Internet Explorer files are from the hotfix or from the GDR environment, click the following article number to view the article in the Microsoft Knowledge Base:

824994 Description of the contents of Windows XP Service Pack 2 and Windows Server 2003 software update packages

The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.

Additional query words: update security_patch security_update security bug flaw vulnerability malicious attacker exploit registry unauthenticated buffer overrun overflow specially-formed scope specially-crafted denial of service DoS TSE WinNT Win2000

Keywords: kbbug kbfix kbsecvulnerability kbqfe kbsecurity kbsecbulletin kbpubtypekc kbexpertisebeginner kbresolve KB931768

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.