MS13-038: Security update for Internet Explorer: May 14, 2013

INTRODUCTION

Microsoft has released security bulletin MS13-038. To view the complete security bulletin, visit one of the following Microsoft websites:

How to obtain help and support for this security update

Help installing updates:
Support for Microsoft Update

Security solutions for IT professionals:
TechNet Security Troubleshooting and Support

Help protect your computer that is running Windows from viruses and malware:
Virus Solution and Security Center

Local support according to your country:
International Support

To have us fix this problem for you, go to the "Fix it for me" section.

Fix it for me

CVE-2013-1347 MSHTML Shim Workaround

The Fix it solution that is described in this section is not intended to be a replacement for any security update. We recommend that you always install the latest security updates. However, we offer this Fix it solution as a workaround option for some scenarios.

For more information about this workaround, go to the following Microsoft Security Advisory website:
The advisory provides more information about the issue, including the following:
  • The scenarios in which you might apply or disable the workaround
  • How to manually apply the workaround
To enable or disable this Fix it solution, click the Fix it button or link under the Enable heading or under the Disable heading, click Run in the File Download dialog box, and then follow the steps in the Fix it wizard.
EnableDisable
Notes
  • These wizards may be in English only. However, the automatic fixes also work for other language versions of Windows.
  • If you are not on the computer that has the problem, you can save the automatic fix to a flash drive or to a CD, and then you can run it on the computer that has the problem.

More Information

Note to Enterprise Administrators The security update for Internet Explorer 9 has a MSRC Severity of Unassigned. The severity rating does not apply to the security update for Internet Explorer 9 because the attack vector of the vulnerability discussed in the bulletin is blocked in a default configuration. However, as a defense-in-depth measure, Microsoft has released the update and recommends customers apply this security update. For more information about this change, click the following article number to view the article in the Microsoft Knowledge Base:
2849195 Changes to the classification of security content in advisories and bulletins

Known issues with this security update

  • To avoid potential compatibility issues, customers should make sure that the latest Internet Explorer cumulative security update, MS13-037, is installed.  

FILE INFORMATION

File hash information
The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). Note that dates and times for these files on your local computer are displayed in your local time and with your current daylight saving time bias. The dates and times may also change when you perform certain operations on the files.

Windows XP and Windows Server 2003 file information

  • The files that apply to a specific milestone (SPn) and service branch (QFE, GDR) are noted in the "SP requirement" and "Service branch" columns.
  • GDR service branches contain only fixes that are broadly released to address widespread, critical issues. QFE service branches contain hotfixes in addition to broadly released fixes.
  • In addition to the files that are listed in these tables, this software update also installs an associated security catalog file (KBnumber.cat) that is signed with a Microsoft digital signature.

Internet Explorer 8

Internet Explorer 8 on all supported 32-bit versions of Windows XP
Internet Explorer 8 on all supported 32-bit versions of Windows Server 2003
Internet Explorer 8 on all supported x64-based versions of Windows Server 2003 and Windows XP Professional

Windows Vista and Windows Server 2008 file information

  • The files that apply to a specific product, milestone (SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:
    VersionProductMilestoneService branch
    6.0.6002.18xxxWindows Vista SP2 and Windows Server 2008 SP2SP2GDR
    6.0.6002.23xxxWindows Vista SP2 and Windows Server 2008 SP2SP2LDR
  • GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.
Note The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.



Internet Explorer 8

Internet Explorer 8 on all supported 32-bit versions of Windows Vista and Windows Server 2008
Internet Explorer 8 on all supported x64-based versions of Windows Vista and Windows Server 2008

Internet Explorer 9

Internet Explorer 9 on all supported 32-bit versions of Windows Vista and Windows Server 2008
Internet Explorer 9 on all supported x64-based versions of Windows Vista and Windows Server 2008

Windows 7 and Windows Server 2008 R2 file information

  • The files that apply to a specific product, milestone (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:
    VersionProductMilestoneService branch
    6.1.7600.17xxxWindows 7 and Windows Server 2008 R2RTMGDR
    6.1.7600.21xxxWindows 7 and Windows Server 2008 R2RTMLDR
    6.1.7601.18xxxWindows 7 and Windows Server 2008 R2SP1GDR
    6.1.7601.22xxxWindows 7 and Windows Server 2008 R2SP1LDR
  • GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.
Note The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.

Internet Explorer 8

Internet Explorer 8 on all supported x86-based versions of Windows 7
Internet Explorer 8 on all supported Itanium-based versions of Windows Server 2008 R2
Internet Explorer 8 on all supported x64-based versions of Windows 7 and Windows Server 2008 R2

Internet Explorer 9

Internet Explorer 9 on all supported x86-based versions of Windows 7
Internet Explorer 9 on all supported x64-based versions of Windows 7 and Windows Server 2008 R2

How to determine whether you are running a 32-bit or a 64-bit edition of Windows

If you are not sure which version of Windows that you are running or whether it is a 32-bit version or 64-bit version, open System Information (Msinfo32.exe), and review the value that is listed for System Type. To do this, follow these steps:
  1. Click Start, and then click Run, or click Start Search.
  2. Type msinfo32.exe and then press ENTER.
  3. In System Information, review the value for System Type.
    • For 32-bit editions of Windows, the System Type value is x86-based PC.
    • For 64-bit editions of Windows, the System Type value is x64-based PC.
For more information about how to determine whether you are running a 32-bit or 64-bit edition of Windows, click the following article number to view the article in the Microsoft Knowledge Base:
827218 How to determine whether a computer is running a 32-bit version or a 64-bit version of the Windows operating system
Properties

Article ID: 2847204 - Last Review: May 23, 2013 - Revision: 1

Feedback