MS13-008: Security update for Internet Explorer: January 14, 2013

INTRODUCTION

Microsoft has released security bulletin MS13-008. To view the complete security bulletin, go to one of the following Microsoft websites:

How to obtain help and support for this security update

Help installing updates:
Support for Microsoft Update

Security solutions for IT professionals:
TechNet Security Troubleshooting and Support

Help protect your computer that is running Windows from viruses and malware:
Virus Solution and Security Center

Local support according to your country:
International Support

To have us fix this problem for you, go to the "Fix it for me" section.

More Information

FAQ

Is this update, MS13-008, a cumulative security update for Internet Explorer?
No. This security update, MS13-008, only addresses the vulnerability described in this bulletin.

Do I have to install the last cumulative security update for Internet Explorer, MS12-077? 
Yes. In all cases MS13-008 protects customers from the vulnerability discussed in this bulletin. However, customers who have not installed the latest cumulative security update for Internet Explorer may experience compatibility issues after they install the MS13-008 update. 

Customers must make sure that the latest cumulative security update for Internet Explorer, MS12-077, is installed to avoid compatibility issues.



Fix it for me

Prerequisites for this Fix it solution

Before you install this Fix it solution, you must first install the latest updates for Internet Explorer 6, Internet Explorer 7, or Internet Explorer 8. To install the most current update for Internet Explorer, go to the following Microsoft website: For more technical information about the most current cumulative security update for Internet Explorer, go to the following Microsoft website:
For more information about the latest security update for Internet Explorer at the time of this writing, click the following article number to view the article in the Microsoft Knowledge Base:
2761465 MS12-077: Cumulative Security Update for Internet Explorer: December 11, 2012


The Fix it solution that is described in this section is not intended to be a replacement for any security update. We recommend that you always install the latest security updates. However, we offer this Fix it solution as a workaround option for some scenarios.

For more information about this workaround, go to the following Microsoft Security Bulletin webpage:
The Bulletin provides more information about the issue, including the following:
  • The scenarios in which you might apply or disable the workaround.
  • How to manually apply the workaround.
To enable or disable this Fix it solution, click the Fix it button or link under the Enable heading or under the Disable heading. Click Run in the File Download dialog box, and then follow the steps in the Fix it wizard.
Enable MSHTML shim workaroundDisable MSHTML shim workaround
Notes
  • These wizards may be in English only. However, the automatic fixes also work for other language versions of Windows.
  • If you are not on the computer that has the problem, you can save the automatic fix to a flash drive or to a CD, and then you can run it on the computer that has the problem.
  • If you want to run a quiet installation of this Fix it solution, follow these steps:
    1. Open an elevated Command Prompt window with administrator credentials.
    2. Type the following command, and then press Enter:
      msiexec /i MicrosoftFixit50971.msi /quiet

Verification that this Fix it solution is successfully installed

To verify that this Fix it solution is successfully installed, use either of the following methods:
  • Method 1
    Open Registry Editor and verify that the following entries exist:

    The following entry should exist on 32-bit and 64-bit systems:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{a1447a51-d8b1-4e93-bb19-82bd20da6fd2}.sdb


    The following entry should exist on 64-bit systems:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6631f21e-4389-4c67-9b10-cf2b559b8d4a}.sdb
  • Method 2
    Open Registry Editor and verify that the following REG_QWORD entries exist in the iexplore.exe subkey, which is found here: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\iexplore.exe

    The following entry should exist on 32-bit and 64-bit systems:
    {a1447a51-d8b1-4e93-bb19-82bd20da6fd2}.sdb


    The following entry should exist on 64-bit systems:
    {6631f21e-4389-4c67-9b10-cf2b559b8d4a}.sdb

Deploying an application compatibility database across multiple computers

To deploy an application compatibility database across multiple computers, you can use a system management solution, such as Microsoft System Center Configuration Manager 2007, and then use the SDBInst.exe command-line tool to install the database. For detailed information about how to use the SDBInst application, go to the following TechNet webpage:
To deploy Microsoft Fix it 50971 to multiple computers by using SDBInst, follow these steps:


Note For more information about command-line options for installing this fix, see the following MSDN webpage:

  1. Extract the CAB file from the Fix it package. To do this, type the following command at a command prompt:
    msidb.exe -x CabFile -d MicrosoftFixit50971.msi
    Note Msidb.exe is part of Windows Installer Development Tools. For more information, go to the following Microsoft webpage:
  2. Extract the SDB files from CabFile by using any CAB extraction utility:
    extract.exe /E CabFile
  3. Use SDBInst to apply the previously extracted .sdb files. To do this, type the following command at a command prompt:
    SDBInst -p Path_of_sdb_file\FileName.sdb

    File hash table

    The following table lists the thumbprints of the certificates that are used to sign the .sdb files. Verify the certificate thumbprint in this table against the certificate thumbprint that is indicated on the .sdb that you extracted.
    File NameHash information
    mshtml_shim32.sdb(SHA1 695750970F6595D247FA30775579BD22E034252B)
    mshtml_shim64.sdb(SHA1 29444332522F8F06A88953071B3BA13C14FBD70A)

FILE INFORMATION

The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). Note that dates and times for these files on your local computer are displayed in your local time and with your current daylight saving time bias. The dates and times may also change when you perform certain operations on the files.

Windows XP and Windows Server 2003 file information

  • The files that apply to a specific milestone (SPn) and service branch (QFE, GDR) are noted in the "SP requirement" and "Service branch" columns.
  • GDR service branches contain only fixes that are broadly released to address widespread, critical issues. QFE service branches contain hotfixes in addition to broadly released fixes.
  • In addition to the files that are listed in these tables, this software update also installs an associated security catalog file (KBnumber.cat) that is signed with a Microsoft digital signature.

Internet Explorer 6

Internet Explorer 6 on all supported 32-bit versions of Windows XP
Internet Explorer 6 on all supported 32-bit versions of Windows Server 2003
Internet Explorer 6 on all supported Itanium-based versions of Windows Server 2003
Internet Explorer 6 on all supported x64-based versions of Windows Server 2003 and Windows XP Professional

Internet Explorer 7

Internet Explorer 7 on all supported 32-bit versions of Windows XP
Internet Explorer 7 on all supported 32-bit versions of Windows Server 2003
Internet Explorer 7 on all supported Itanium-based versions of Windows Server 2003
Internet Explorer 7 on all supported x64-based versions of Windows Server 2003 and Windows XP Professional

Internet Explorer 8

Internet Explorer 8 on all supported 32-bit versions of Windows XP
Internet Explorer 8 on all supported 32-bit versions of Windows Server 2003
Internet Explorer 8 on all supported x64-based versions of Windows Server 2003 and Windows XP Professional

Windows Vista and Windows Server 2008 file information

  • The files that apply to a specific product, milestone (SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:
    VersionProductMilestoneService branch
    6.0.6002. 18xxxWindows Vista SP2 and Windows Server 2008 SP2SP2GDR
    6.0.6002. 22xxxWindows Vista SP2 and Windows Server 2008 SP2SP2LDR
  • GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.
Note The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.

Internet Explorer 7

Internet Explorer 7 on all supported 32-bit versions of Windows Vista and Windows Server 2008
Internet Explorer 7 on all supported Itanium-based versions of Windows Server 2008
Internet Explorer 7 on all supported x64-based versions of Windows Vista and Windows Server 2008

Internet Explorer 8

Internet Explorer 8 on all supported 32-bit versions of Windows Vista and Windows Server 2008
Internet Explorer 8 on all supported x64-based versions of Windows Vista and Windows Server 2008

Windows 7 and Windows Server 2008 R2 file information

  • The files that apply to a specific product, milestone (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:
    VersionProductMilestoneService branch
    6.1.7600. 16xxxWindows 7 and Windows Server 2008 R2RTMGDR
    6.1.7600. 20xxxWindows 7 and Windows Server 2008 R2RTMLDR
    6.1.7601. 17xxxWindows 7 and Windows Server 2008 R2SP1GDR
    6.1.7601. 21xxxWindows 7 and Windows Server 2008 R2SP1LDR
  • GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.
Note The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.

Internet Explorer 8

Internet Explorer 8 on all supported x86-based versions of Windows 7
Internet Explorer 8 on all supported Itanium-based versions of Windows Server 2008 R2
Internet Explorer 8 on all supported x64-based versions of Windows 7 and Windows Server 2008 R2

How to determine whether you are running a 32-bit or a 64-bit edition of Windows

If you are not sure which version of Windows that you are running or whether it is a 32-bit version or 64-bit version, open System Information (Msinfo32.exe), and review the value that is listed for System Type. To do this, follow these steps:
  1. Click Start, and then click Run or click Start Search.
  2. Type msinfo32.exe and then press ENTER.
  3. In System Information, review the value for System Type.
    • For 32-bit editions of Windows, the System Type value is x86-based PC.
    • For 64-bit editions of Windows, the System Type value is x64-based PC.
For more information about how to determine whether you are running a 32-bit or 64-bit edition of Windows, click the following article number to view the article in the Microsoft Knowledge Base:
827218 How to determine whether a computer is running a 32-bit version or a 64-bit version of the Windows operating system
Properties

Article ID: 2799329 - Last Review: Jan 14, 2013 - Revision: 1

Windows Internet Explorer 8, Windows Internet Explorer 7, Windows Server 2008 for Itanium-Based Systems, Microsoft Internet Explorer 6.0

Feedback