MS10-090: Cumulative security update for Internet Explorer

The update that this article describes has been replaced by a newer update. To resolve this problem, install the most current cumulative security update for Internet Explorer. To install the most current update, visit the following Microsoft website:

http://update.microsoft.com/microsoftupdate

For more technical information about the most current cumulative security update for Internet Explorer, visit the following Microsoft website:

http://www.microsoft.com/technet/security/current.aspx
Important This article contains information that shows you how to help lower security settings or how to turn off security features on a computer. You can make these changes to work around a specific problem. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this workaround in your particular environment. If you implement this workaround, take any appropriate additional steps to help protect the computer.

INTRODUCTION

Microsoft has released security bulletin MS10-090. To view the complete security bulletin, visit one of the following Microsoft websites:

Home users:

http://www.microsoft.com/security/updates/bulletins/201012.aspxSkip the details: Download the updates for your home computer or laptop from the Microsoft Update website now:

http://update.microsoft.com/microsoftupdate/
IT professionals:

http://www.microsoft.com/technet/security/bulletin/MS10-090.mspx

How to obtain help and support for this security update

Help installing updates:
Support for Microsoft Update

Security solutions for IT professionals:
TechNet Security Troubleshooting and Support

Help protect your computer that is running Windows from viruses and malware:
Virus Solution and Security Center

Local support according to your country:
International Support

More Information

Known issues with this security update

Note The following issues are resolved by security update 2482017. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

2482017 MS11-003: Cumulative security update for Internet Explorer

After you install this security update, you may also have to install update 2467659. To determine whether you have to install update 2467659, review the known issues in the following list:

This security update contains a fix that turns off the automatic detection of Japanese Industrial Standard (JIS) encoding. However, some software uses a component in Internet Explorer to interpret Japanese email messages that are in HTML format. Therefore, the content of the email message may be displayed in unreadable code. This issue occurs because the JIS encoding is not automatically detected. To resolve this issue, install update 2467659.
When you print or view the Print Preview page of an affected webpage in Internet Explorer, garbled characters may appear on the Print Preview and on the printed documents. This issue occurs even if you press F5 to reload the website.
After you install this security update, you may be prompted to install this security update again when you scan the system by using Windows Update, Microsoft Update, Microsoft Windows Server Update Services (WSUS) server or Microsoft Baseline Security Analyzer (MBSA). This issue may occur if you installed this security update, but you have not installed update 2467659. To resolve this issue, approve the installation of update 2467659 in WSUS or install update 2467659 from Windows Update, Microsoft Update or from the Microsoft Download center.
After you install this security update, some Japan Industrial Standard (JIS) websites may not appear correctly in Internet Explorer. This issue can occur if the JIS-based website does not specify JIS encoding in the HTTP headers. For example, the website only specifies JIS in a Meta tag.

To work around this issue, use one of the following methods:

Server-side workaround
To work around this problem from the server-side, the website's administrator can configure the webpage to use the following HTTP header:
Content-Type: text/html;charset=iso-2022-jp

Client-side workaroundsUse either of the following methods on the client computer to work around this issue:
- To work around this issue while you are viewing the website, press F5 to refresh the page.
- Alternatively, you can delete the Iexplore.exe and explore.exe registry DWORD entries from the registry on the client computer to unblock the JIS auto-detection.
  
  Warning This workaround may make a computer or a network more vulnerable to attack by malicious users or by malicious software such as viruses. We do not recommend this workaround but are providing this information so that you can implement this workaround at your own discretion. Use this workaround at your own risk. Specifically, if you delete the Iexplore.exe and explore.exe registry DWORD entries, the system may be more vulnerable to the security issues that are described in CVE-2010-3342 and CVE-2010-3348. For more information, see the following security bulletin:
  
  http://www.microsoft.com/technet/security/bulletin/MS10-090.mspxThe security bulletin provides more information about the issue in the following sections:
  - Cross-Domain Information Disclosure Vulnerability - CVE-2010-3342
  - Cross-Domain Information Disclosure Vulnerability - CVE-2010-3348
  This information includes the following:
  - Mitigating Factors
  - Workarounds
  - FAQ
  ImportantThis section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
  
  322756How to back up and restore the registry in Windows
  To delete the Iexplore.exe and Explore.exe registry DWORD entries, follow these steps:
  1. Click Start , type regedit in the Start Search box, and then click regedit.exe in the Programs list.
    
    If you are prompted for an administrator password or confirmation, type your password or click Continue.
  2. Locate and then click the following subkey in the registry:
    
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_ISO_2022_JP_SNIFFING
  3. Right-click Iexplore.exe, and then click Delete.
  4. Click Yes to verify.
  5. Right-click Explore.exe, and then click Delete.
  6. Click Yes to verify.
  7. Exit Registry Editor, and then restart the computer.
  For more information about the FEATURE_DISABLE_ISO_2022_JP_SNIFFING registry subkey, see the following article in the Microsoft Knowledge Base:
  
  2467659 An update is available for Internet Explorer: December 14, 2010

Update 2467659

For more information about update 2467659, click the following article number to view the article in the Microsoft Knowledge Base:

2467659 An update is available for Internet Explorer: December 14, 2010
To install update 2467659, visit the following Microsoft website:

http://update.microsoft.com

Non-security-related fixes that are included in this security update

General distribution release (GDR) fixes

Individual updates may not be installed, depending on the version of Windows and the version of the affected application. Please view the individual articles to determine your update status.

Article number	Article title
2437070	A memory leak occurs when you use the WinINet API in an application to send HTTPS requests to a server
925683	In Internet Explorer 6 or in Internet Explorer 8, the OnChange event in a field does not occur when you change the "?" character to "ss" characters, or when you change "ss" characters to the "?" character
975736	A memory leak occurs when you open a Web page that contains a circular reference in an iframe

Hotfixes

Security update 2416400 packages for Windows XP and for Windows Server 2003 include Internet Explorer hotfix files and general distribution release (GDR) files. If no existing Internet Explorer files are from the hotfix environment, security update 2416400 installs the GDR files.

Hotfixes are intended to correct only the problems that are described in the Microsoft Knowledge Base articles that are associated with the hotfixes. Apply hotfixes only to systems that are experiencing these specific problems.

These hotfixes may receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next service pack that contains these hotfixes. For more information about how to install the hotfixes that are included in security update 2416400, click the following article number to view the article in the Microsoft Knowledge Base:

897225How to install hotfixes that are included in cumulative security updates for Internet Explorer
NoteIn addition to installing hotfix files, review the Microsoft Knowledge Base article that is associated with the specific hotfix that you have to install to determine the registry modification that is required to enable that specific hotfix.

For more information about how to determine whether your existing Internet Explorer files are from the hotfix or from the GDR environment, click the following article number to view the article in the Microsoft Knowledge Base:

824994Description of the contents of Windows XP Service Pack 2 and Windows Server 2003 software update packages

Fix it for me

The Fix it solutions that are described in this section are not intended to be replacements for any security updates. We recommend that you always install the latest security updates. However, we offer the Fix it solutions as workaround options for some scenarios. These Fix it solutions help to resolve the security issue described in CVE-2010-3962. For more information about the security issue and the workarounds, visit the following Microsoft Security Bulletin webpage:

http://www.microsoft.com/technet/security/bulletin/MS10-090.mspxThe security bulletin provides more information about the issue in the "Uninitialized Memory Corruption Vulnerability - CVE-2010-3962" section. This information includes the following:

Mitigating Factors
Workarounds
FAQ

Two Fix it solutions are available:

Fix it solution for the user-defined CSS
A Fix it solution is available that enables supported versions of Internet Explorer to override a website's cascading style sheets style by using a custom CSS for formatting documents.

To remove the user-defined CSS and to restore the original settings, click the Fix it button or link under the Remove User-Defined CSS heading in the "Fix it solution for the user-defined CSS" section.
Fix it solution for Data Execution Prevention in Internet Explorer 7
We have created an application compatibility database that will enable Data Execution Prevention (DEP) for all versions of Internet Explorer that support DEP.

To install this application compatibility database, click the Fix it button in the "Fix it solution for Data Execution Prevention in Internet Explorer 7" section.

Fix it solution for the user-defined CSS

To enable or to disable the user-defined CSS workaround automatically, click the Fix it button or link under the Apply User-Defined CSS heading or under the Remove User-Defined CSS heading. Click Run in the File Download dialog box, and then follow the steps in the Fix it wizard.

Apply User-Defined CSS	Remove User-Defined CSS

Notes

These wizards may be in English only. However, the automatic fixes also work for other language versions of Windows.
If you are not logged on to the computer that has the problem, you can save the automatic fix to a flash drive or to a CD and then run the automatic fix on the computer that has the problem.
If you decide not to install the current security update and instead choose to use the workaround that is described in security bulletin MS10-090, you can click the Fix it button to enable or to disable applying the user-defined CSS.

Known issues with the Fix it solution for the user-defined CSS

In some scenarios, Group policy may block this Fix it solution from being installed on systems that are running Windows Server 2008 or Windows Server 2008 R2. When the issue occurs, you may receive an error message that resembles the following:

The system administrator has set policies to prevent this installation.

Contact the system administrator for more information about how to change the policy to allow the installation.
You may be unable to install this fixit solution if a Styles registry subkey exists in the following location in the registry:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles
To resolve this issue, remove the Styles registry subkey, and then install the Fix it.

Note you can export the Styles registry subkey, and then re-import the key after you install the fixit solution. To do this, follow these steps:
1. Right-click the Styles registry subkey, and then click Export.
2. Type a name for the temporary .REG file, and then save it to the desktop.
3. Right-click the Styles registry subkey, and then click Delete key. Click Yes to verify.
4. Install the fixit solution.
5. Double-click the temporary .REG file that you saved on the desktop to import the registry subkey. Click Yes to verify.

Fix it solution for Data Execution Prevention in Internet Explorer 7

To enable or to disable DEP automatically in Internet Explorer 7, click the Fix itbutton or link. Click
Runin the
File Downloaddialog box, and then follow the steps in the Fix it wizard.

Enable the application compatibility database	Disable the application compatibility database

Notes

You do not have to have this database if you are using Internet Explorer 8 on Windows XP Service Pack 3 (SP3), on Windows Vista SP1, or on later versions of Windows. This is because Internet Explorer 8 opts-in to DEP by default on these platforms.
If you decide not to install the current security update and instead decide to use the workaround that is described in MS10-018, you can click the Fix it button to enable or to disable DEP. Then, click Run in the File Download dialog box, and follow the steps in the wizard.
These wizards may be in English only. However, the automatic fixes also work for other language versions of Windows.
If you are not logged on to the computer that has the problem, you can save the Fix it solution to a flash drive or to a CD and then run the Fix it solution on the computer that has the problem.
For this workaround to be effective, your processor must support hardware-enforced DEP. For more information about how to determine whether your system supports hardware-enforced DEP, click the following article number to view the article in the Microsoft Knowledge Base:

912923How to determine that hardware DEP is available and configured on your computer

FILE INFORMATION

For a list of files that are provided within these packages, click the following link:

File attributes tables for security update 2416400.csv

If you are not sure which version of Windows that you are running or whether it is a 32-bit version or 64-bit version, open System Information (Msinfo32.exe), and review the value that is listed for System Type.

You must know which kind of processor platform (x86-based, x64-based, or Itanium-based) that you have. Most users have x86-based processors. If you are not sure which kind of processor platform you have, install the x86-based update on the computer. To do this, follow these steps:

Click Start, and then click Run, or click Start Search.
Type msinfo32.exe and then press ENTER.
In System Information, review the value for System Type.
- For 32-bit editions of Windows, the System Type value is x86-based PC.
- For 64-bit editions of Windows, the System Type value is x64-based PC.