Microsoft Security Advisory (912945)
FYI...
Microsoft Security Advisory (912945)
Non-Security Update for Internet Explorer
- http://www.microsoft.com/technet/sec...ry/912945.mspx
Published: February 28, 2006
"Microsoft is releasing a non-security update for Internet Explorer on February 28, 2006.
For more information about this update, see Microsoft Knowledge Base Article 912945*. This update is separate from the security update released on February 14, 2006 as part of Microsoft Security Bulletin MS06-004.
Microsoft Knowledge Base Article 912945* and the accompanying non-security update targets the following software:
• Internet Explorer for Microsoft Windows XP Service Pack 2
• Internet Explorer for Microsoft Windows Server 2003 Service Pack 1
Microsoft Security Bulletin MS06-004 and the accompanying security update released on February 14, 2006 targeted the following software:
• Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4 ..."
* http://support.microsoft.com/kb/912945
Last Review : February 28, 2006
Revision: 5.0
INTRODUCTION
Microsoft is releasing a software update to Microsoft Internet Explorer 6 for Microsoft Windows XP Service Pack 2 and for Microsoft Windows Server 2003 Service Pack 1. This update changes the way in which Internet Explorer handles some Web pages that use ActiveX controls. Examples of programs that use ActiveX controls include the following:
- Adobe Reader
- Apple QuickTime Player
- Macromedia Flash
- Microsoft Windows Media Player
- Real Networks RealPlayer
- Sun Java Virtual Machine
After you install this update, you cannot interact with ActiveX controls from certain Web pages until these controls are enabled. To enable an ActiveX control, manually click the control. There are also techniques that Web developers can use to update their Web pages. For more information about these techniques, visit the following MSDN Web site:
http://msdn.microsoft.com/ieupdate
As part of this Internet Explorer update, Microsoft will release updates to the current versions of Windows XP and of Windows Server 2003. All client operating systems will be updated. These client operating systems include the following:
• Windows XP Starter Edition
• Windows XP Home Edition
• Windows XP Professional Edition
• Windows XP Tablet PC Edition
• Windows XP Media Center Edition
• Windows XP Professional for Embedded Systems
Additionally, updates for earlier versions of Internet Explorer will be released as part of the monthly security update packages.
MORE INFORMATION
Known issues
• Initial logon dialog boxes may reappear and reset to default configurations
This issue occurs if you deploy the hotfix version of this software update on 64-bit systems, such as a 64-bit version of Microsoft Windows Server 2003 with Service Pack 1 or a x64-bit version of Windows XP with Service Pack 2. In this case, the initial logon dialog boxes may appear for applications and for Windows components. Additionally, some settings reset to default. This behavior may cause the following issues:
• Applications ask users to opt in to privacy features.
• Default settings for Internet Explorer favorites are reset.
• Internet Explorer security zones are reset to default settings.
• Internet Explorer advanced settings are reset to default settings.
• Initial Windows Media Player dialog boxes appear.
This is a known issue and is expected to be fixed in the next update for Windows.
• Google Toolbar
You may experience an access violation in the Google Toolbar when you close a window that contains an inactive ActiveX control. Microsoft and Google technical teams have been working together to address this issue. Google is expected to fix this problem by using its automatic "servicing mechanism" for Google Toolbar users. This problem affects Google Toolbar versions before version 3.0.129.2. Visit the following Google Web site to download the latest version:
http://toolbar.google.com
• External script technique does not work when the "Disable Script Debugging in Internet Explorer" check box is cleared
Microsoft is investigating this problem and plans to fix it in a future cumulative update.
• ActiveX controls that use Java Platform, Standard Edition 1.3 or 1.4
After you click on an ActiveX applet control in a program that runs the applet control by using Java Platform, Standard Edition (J2SE) 1.3 or J2SE 1.4, the focus does not go to the applet control. You must click the control a second time to establish focus. The focus behavior works correctly in J2SE 1.5. To obtain the latest version of J2SE, visit the following Sun Microsystems, Inc. Web site:
http://java.sun.com/j2se
For recommended techniques to make sure that ActiveX controls function without user interaction, visit the following MSDN Web site:
http://msdn.microsoft.com/ieupdate
The following issues occur on Web sites that do not use the recommended techniques.
Note: All these issues are resolved by using the techniques that are described on the MSDN Web site.
• Scrolling
When you use the mouse wheel to scroll through a page that contains an interactive control, the control may not be displayed correctly. Microsoft is investigating this issue and plans to fix it in a future cumulative update.
• Abstract Window Toolkit
Access violations have been reported with Java programs that use Abstract Window Toolkit (AWT) classes in the user interface. Microsoft is investigating this issue and plans to fix it in a future cumulative update.
• Transparent Flash
A full-page ad disappears, but the focus rectangle remains. In this situation, the control is still there, but it is transparent. Therefore, the associated overlay window remains on the page.
• DHTML menus
When a DHTML menu is expanded, the menu may appear on top of an ActiveX control. If you click the menu in this situation, you enable the control instead of gaining access to the DHTML menu. The overlay window has the highest z-order. Therefore, this window receives the mouse-click message.
• Controls that prompt before they are loaded
When certain controls are loaded on a Web page, the controls are not correctly masked by the functionality of this update. These controls include controls that are used in Macromedia Shockwave Director, in QuickTime Player, and in Virtools Web Player. When Windows determines that a control is inactive, the system prompts the user before the control is loaded.
• CSS attributes on controls
Controls that are hidden or that have a display-mode setting of None, but that do have size dimensions, display the focus rectangle when you move the pointer over them.
The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products..."
---------------------------------------
(Verrryyy interesting - a "Non-Security Update for IE" issued under an MS "Security Advisory"... only in America.)
---------------------------------------------
EDIT/ADD:
Microsoft updates IE after patent spat
- http://news.com.com/2102-1032_3-6044...=st.util.print
Story last modified Tue Feb 28 17:38:18 PST 2006
"... Microsoft is modifying IE to shield itself from liability in a long-running patent dispute with Eolas Technologies and the University of California. Microsoft expects a second trial in the case to start sometime this year after a federal appeals court last March partially reversed a lower-court decision that exposed it to more than $500 million in damages. In September, the U.S. Patent Office upheld the validity of the patent at issue in the case. Microsoft is delivering the IE update in phases. The company last December said it would make the tweaks and a month later made the update available on MSDN, its Web site for developers. The update is now available to the general public as an optional download via Windows Update and Microsoft's Download Center Web site. "Microsoft expects the vast majority of existing IE customers will download the update as part of ongoing security updates in the next four to six months," the Microsoft representative said. The update is available for IE 6 on Windows XP with Service Pack 2 and Windows Server 2003 with SP 1, the Microsoft representative said."
.
