MS15-009: Description of the security update for Internet Explorer: February 10, 2015

Applies to: Internet Explorer 11Internet Explorer 10Internet Explorer 9

Summary


This article describes the cumulative security update for Internet Explorer that is dated on February 10, 2015. For more information about this update, see KB article 3034682 and non-security-related fixes.

Introduction


Microsoft has released security bulletin MS15-009. To learn more about this security bulletin:

How to obtain help and support for this security update

Help installing updates: Support for Microsoft Update.

Security solutions for IT professionals:
TechNet Security Support and Troubleshooting.

Help protect your Windows-based computer from viruses and malware: Virus and Security Solution Center.

Local support according to your country:
International Support.

Functional fixes that are included in this security update

General distribution release (GDR) fix

Individual updates may not be installed, depending on your version of Windows and the version of the affected application. You should view the individual articles to determine your update status.
KB numberTitle
3034762 A dialog box or a window is blocked when the website uses a showModalDialog method in Internet Explorer 11
3038778 Update enables the setting to disable SSL 3.0 fallback for Protected Mode sites by default in Internet Explorer 11
3025945 Internet Explorer 9 stops working after you install update 3008923 in Windows

Security Update Deployment Information

This is a bundle update. For more information about the bundled child packages, click the following links:
  • 3036197 Update for Internet Explorer Administrative Template resources
  • 3023607 Secure Channel cumulative update changes TLS protocol renegotiation and fallback behavior
    Known issues in update 3023607
    • After you install security update 3023607, the Cisco AnyConnect Secure Mobility Client application may fail to establish virtual private network (VPN) connections in Windows 8.1 or Windows Server 2012 R2. To resolve this issue, apply the Fix it solution in KB3023607:
      3023607 Secure Channel cumulative update changes TLS protocol renegotiation and fallback behavior
Note for Windows Update, Windows Server Update Services (WSUS), and Microsoft Catalog customers

Updates 3036197 and 3023607 are installed automatically and transparently together with security update 3021952. Updates 3036197 and 3023607 will appear separately in the list of installed updates when it is viewed in the Add Remove Programs or the Programs and Features item in Control Panel. If you already have security update 3021952 installed, you will notice that security update 3021952 will be reoffered by Windows Update or by WSUS if updates 3036197 and 3023607 apply to your computer but were not installed. Installing three packages together will require only one restart.

Note for Download Center customers

If you downloaded and then installed this security update from the Microsoft Download Center, when you click Download, you are prompted to select updates 3021952, 3036197, and 3023607.

For non-Windows 8.1 computers, select the check box for updates 3021952 and 3023607 only, and then click Next to install the two updates. This update will require a restart.

For Windows 8.1-based computers, select all check boxes to download updates 3021952, 3036197, and 3023607.



Windows Technical Preview and Windows Server Technical Preview customers

Windows Technical Preview and Windows Server Technical Preview are affected. Customers who are running these operating systems are encouraged to apply the update from Windows Update.



More Information


Known issues with this security update

  • Issue 1
    After you install this security update, the Cisco AnyConnect Secure Mobility Client application may fail to establish virtual private network (VPN) connections in Windows 8.1 or Windows Server 2012 R2.

    Fix for Issue 1
    To resolve this issue, apply the following Fix it solution:
    3023607 Secure Channel cumulative update changes TLS protocol renegotiation and fallback behavior
  • Issue 2
    After you install this security update, applications may crash when they render table-based content in Internet Explorer 9 and Internet Explorer 8.

    Status of Issue 2
    Microsoft is working on a fix for this issue.
Third-party information disclaimer
The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.

Restart information

You may have to restart the computer after you install this security update.

In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message is displayed that advises you to restart the computer.

To help reduce the possibility that a restart will be required, stop all affected services and close all applications that may use the affected files before you install this security update.

For more information, see the following article in the Microsoft Knowledge Base:
887012 Why you may be prompted to restart your computer after you install a security update on a Windows-based computer for more information