Cumulative security update for Internet Explorer: September 10, 2019

Applies to: Internet Explorer 11 on Windows Server 2012 R2Internet Explorer 11 on Windows Server 2012Internet Explorer 11 on Windows Server 2008 R2 SP1

Summary


This security update resolves several reported vulnerabilities in Internet Explorer. To learn more about these vulnerabilities, see Microsoft Common Vulnerabilities and Exposures.

Additionally, see the following articles for more information about this cumulative update:

Important

  • Except for Internet Explorer 11 on Windows Server 2012, the fixes that are included in this Security Update for Internet Explorer (KB4516046) are also included in the September 2019 Security Monthly Quality Rollup. Installing either the Security Update for Internet Explorer or the Security Monthly Quality Rollup installs the fixes that are in this update.

  • To obtain this update for Internet Explorer 11 on Server 2012, you must install this Security Update for Internet Explorer (KB4516046). This update is not included in any Security Monthly Quality Rollup or Security Only Quality Update. For Internet Explorer 10 on Windows Server 2012, other called-out installation methods are applicable.

  • If you use update management processes other than Windows Update, and you automatically approve all security updates classifications for deployment, this Security Update for Internet Explorer (KB4516046), the September 2019 Security Only Quality Update, and the September 2019 Security Monthly Quality Rollup are deployed. We recommend that you review your update deployment rules to make sure that the desired updates are deployed.

  • Except for Internet Explorer 11 on Windows Server 2012, this Security Update for Internet Explorer is not applicable for installation on a computer on which the Security Monthly Quality Rollup or the Preview of Monthly Quality Rollup from September 2019 (or a later month) is already installed. This is because those updates contain all the fixes that are in this security update for Internet Explorer.

  • If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Add language packs to Windows.

How to get and install the update


Before installing this update

Prerequisite

You must install the updates listed below and restart your device before installing the latest Rollup. Installing these updates improves the reliability of the update process and mitigates potential issues while installing the Rollup.

  1. The latest servicing stack update (SSU) (KB4516655). If you are using Windows Update, the latest SSU will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the Microsoft Update Catalog
  2. The latest SHA-2 update (KB4474419) released September 10, 2019. If you are using Windows Update, the latest SHA-2 update will be offered to you automatically. For more information on SHA-2 updates, see 2019 SHA-2 Code Signing Support requirement for Windows and WSUS.

Install this update

Release Channel Available Next Step
Windows Update and Microsoft Update Yes

None. This update will be downloaded and installed automatically from Windows Update for Internet Explorer 11 for Windows Server 2012 and Windows Embedded 8 Standard.

For all other versions, see the other options below.

Microsoft Update Catalog Yes To get the standalone package for this update, go to the Microsoft Update Catalog website.
Windows Server Update Services (WSUS) Yes

This update will automatically synchronize with WSUS if you configure Products and Classifications as follows:

Product: Windows Server 2008 Service Pack 2, Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, Windows Server 2012, Windows Embedded 8 Standard, Windows 8.1, Windows Server 2012 R2

Classification: Security Updates

Known issues in this security update


Known issue

Mitigation

Users who have upgraded to Internet Explorer 11 by installing KB4492872 on Windows Server 2012 and Windows Embedded 8 Standard may still be offered “Cumulative Security Update for Internet Explorer 10” through Windows Server Update Services (WSUS) or other update management solutions.

This issue is now resolved on the server-side and requires no action from users. The Internet Explorer 10 version of this update should no longer be offered if you have Internet Explorer 11 installed.

For Windows 7 SP1 and Windows Server 2008 R2 SP1, VBscript in Internet Explorer 11 should be disabled by default after installing updates starting with KB4507437 (Preview of Monthly Rollup released July 16, 2019) or KB4511872 (Internet Explorer Cumulative Update released August 13, 2019) but in some circumstances, may not be disabled as intended.

This issue was resolved in KB4519974.

Deployment information


For deployment details for this security update, see the following article in the Microsoft Knowledge Base:

Security update deployment information: September 10, 2019

File Information


File verification


File attributes

The English (United States) version of this software update installs files that have the attributes that are listed in the following tables.

Windows 8.1, Windows RT 8.1 and Windows Server 2012 R2 file information

Windows Server 2012 file information

Internet Explorer 10

Internet Explorer 11


Windows 7 and Windows Server 2008 R2

Internet Explorer 11

Windows Server 2008

Information about protection and security


References


Learn about the terminology that Microsoft uses to describe software updates.