MS13-080: Cumulative security update for Internet Explorer: October 8, 2013

The update that this article describes has been replaced by a newer update. We recommend that you install the most current cumulative security update for Internet Explorer. To install the most current update, visit the following Microsoft website:



For more technical information about the most current cumulative security update for Internet Explorer, visit the following Microsoft website:

INTRODUCTION

Microsoft has released security bulletin MS13-080. Learn more about how to obtain the fixes that are included in this security bulletin:

How to obtain help and support for this security update

Help installing updates:
Support for Microsoft Update

Security solutions for IT professionals:
TechNet Security Troubleshooting and Support

Help protect your Windows-based computer from viruses and malware: Virus Solution and Security Center

Local support according to your country:
International Support

More Information

If you are running Internet Explorer 11 in Windows 8.1 and Windows Server 2012 R2, you should install security update 2884101. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
2884101 MS13-080: Description of the security update for Internet Explorer 11 in Windows 8.1 and Windows Server 2012 R2: October 8, 2013

Fix it for me

Notes about this Fix it solution
  • This Fix it solution addresses the issue that was previously described in Microsoft Security Advisory (2887505): Vulnerability in Internet Explorer could allow remote code execution We are providing this Fix it solution as workaround if you are not able to apply security update 2879017.
  • You must restart Internet Explorer after you apply this Fix it solution.
  • The Fix it solution that is described in this section applies only 32-bit versions of Internet Explorer.
  • You must have security update 2870699 installed for this Fix it to provide effective protection against this issue. For more information about security update 2870699, click the following article number to view the article in the Microsoft Knowledge Base:
    2870699 MS13-069: Cumulative security update for Internet Explorer: September 10, 2013
  • This Fix it solution is not intended to be a replacement for any security update. We recommend that you always install the latest security updates. However, we offer this Fix it solution as a workaround option for some scenarios.

    For more information about this workaround, go to the following Microsoft Security Bulletin webpage:
    The bulletin provides more information about the issue. This includes the following:
    • The scenarios in which you might apply or disable the workaround.
    Specifically, to see this information, look for the General Information heading, expand the Suggested actions section, and then expand the Workaround section.
  • These wizards may be in English only. However, the automatic fixes also work for other language versions of Windows.
  • If you are not on the computer that has the problem, you can save the automatic fix to a flash drive or a CD and then run the fix on the computer that has the problem.
To enable or disable this Fix it solution, click the Fix it button or link under the Enable heading or under the Disable heading. Click Run in the File Download dialog box, and then follow the steps in the Fix it wizard.
Enable CVE-2013-3893 MSHTML Shim WorkaroundDisable CVE-2013-3893 MSHTML Shim Workaround

More Information

Non-security-related fixes that are included in this security update

General distribution release (GDR) fixes

Individual updates may not be installed, depending on the version of Windows and the version of the affected application. You can view the individual articles to determine your update status.
Article numberArticle title
2889289 Memory leak when you access a web page that uses the "navigator.geolocation" object in Internet Explorer 9
2893031 Proxy setting of a VPN client that do not support IPv6 is not used in Internet Explorer 10
2893030 Backspace, delete and tab keys do not work in the text box of an Explorer bar in Internet Explorer 9
2893028 You cannot add an item to Favorites bar in Internet Explorer 10 when Windows 8 has EPM and folder redirection enabled
2893027 Certain Images are not printed or displayed in print preview output in Internet Explorer 10
2893026 Data loss occurs when you open an Office file in Internet Explorer 10
2880217 A fault in Mshtml.dll may occur in an application that hosts the Internet Explorer 8 or Internet Explorer 9 WebBrowser control

Hotfixes

Security update 2879017 packages for Windows XP and Windows Server 2003 include Internet Explorer hotfix files and general distribution release (GDR) files. If no existing Internet Explorer files are from the hotfix environment, security update 2879017 installs the GDR files.

Hotfixes are intended to correct only the problems that are described in the Microsoft Knowledge Base articles that are associated with the hotfixes. Apply hotfixes only to systems that are experiencing these specific problems.

These hotfixes may receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next service pack that contains these hotfixes. For more information about how to install the hotfixes that are included in security update 2879017, click the following article number to view the article in the Microsoft Knowledge Base:
897225 How to install hotfixes that are included in cumulative security updates for Internet Explorer

Note In addition to installing hotfix files, you should review the Microsoft Knowledge Base article that is associated with the specific hotfix that you have to install to determine the registry modification that is required to enable that specific hotfix.

For more information about how to determine whether your existing Internet Explorer files are from the hotfix or from the GDR environment, click the following article number to view the article in the Microsoft Knowledge Base:
824994 Description of the contents of Windows XP Service Pack 2 and Windows Server 2003 software update packages

FILE INFORMATION

The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). Be aware that dates and times for these files on your local computer are displayed in your local time and with your current daylight saving time bias. The dates and times may also change when you perform certain operations on the files.
Windows XP and Windows Server 2003 file information
Windows Vista and Windows Server 2008 file information
Windows 7 and Windows Server 2008 R2 file information
Windows 8 and Windows Server 2012 file information
File hash information

How to determine whether you are running a 32-bit or 64-bit edition of Windows

If you are not sure which version of Windows you are running or whether the version that you are running is a 32-bit version or 64-bit version, you can open System Information (Msinfo32.exe) and review the value that is listed for System Type. To do this, follow these steps:
  1. Click Start, and then click Run, or click Start Search.
  2. Type msinfo32.exe and then press Enter.
  3. In System Information, review the value for System Type.
    • For 32-bit editions of Windows, the System Type value is x86-based PC.
    • For 64-bit editions of Windows, the System Type value is x64-based PC.
For more information about how to determine whether you are running a 32-bit or 64-bit edition of Windows, click the following article number to view the article in the Microsoft Knowledge Base:
827218 How to determine whether a computer is running a 32-bit version or a 64-bit version of the Windows operating system
Properties

Article ID: 2879017 - Last Review: Jan 22, 2014 - Revision: 1

Feedback