Microsoft Internet Explorer Patch Download

Mar 19, 2018  Official Download—Get the latest IE internet browser for your system. Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11 web browsers. Microsoft releases additional. Which can be found in the Download. Security Bulletin Security Update Security Advisory Internet Explorer. Internet Explorer; Microsoft Edge. You to download and run the security patch. That you are experiencing issue with Internet Explorer patch version.

The flaw allows an attacker to hijack control of your computer via Internet Explorer – just by visiting a boobytrapped webpage.

Microsoft has urged Windows users to update their machines after discovering a bug in Internet Explorer that could allow hackers to take control of their machines.

It would allow an attacker to hijack control of your computer via Internet Explorer – just by visiting a boobytrapped webpage.

All versions of Windows, including Windows 10 are vulnerable to the bug, the firm said - although its new Edge browser is not.

In its advisory, Microsoft warns that vulnerable computers can be exploited just by visiting maliciously-crafted webpages using Internet Explorer, with no further user interaction is required.

'This security update resolves a vulnerability in Internet Explorer,' it says.

'The vulnerability could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.

'An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.

Microsoft Internet Explorer Update Free Download

'This security update is rated Critical for Internet Explorer 7 (IE 7), Internet Explorer 8 (IE 8), Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on affected Windows clients, and Moderate for Internet Explorer 7 (IE 7), Internet Explorer 8 (IE 8), Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on affected Windows servers.'

Share this article

The update addresses how Internet Explorer handles objects in memory, preventing any further interference.

Experts say the bug is a major flaw.

'If Microsoft calls a vulnerability 'critical,' warns that it affects all versions of Windows, and is prepared to issue a patch outside of its normal Patch Tuesday monthly schedule, you should sit up and listen,' said security expert Graham Cluley.

Microsoft Internet Explorer Patch Download

Source: StatCounter Global Stats - Browser Market Share

Around 17.64 per cent of the world currently uses Internet Explorer, and around 23.35 per cent of the UK, according to StatCounter.

A BRIEF HISTORY OF IE

Internet Explorer, which was first called Windows Internet Explorer, was first released as part of the add-on package Plus! for Windows 95 in 1995.

Internet Explorer was one of the most widely used web browsers, attaining a peak of about 95 per cent during 2002 and 2003.

However, it struggled in the face of competition, and in May 2012 it was announced that Google's Chrome overtook Internet Explorer as the most used browser worldwide.

The brand has struggled to shake off the bad reputation of Internet Explorer 6, which was notoriously insecure.

He says it is most likely, attempts would be made to redirect potential victims to boobytrapped websites using spammed-out links, or by tricking users into opening an unsolicited email attachment.

Microsoft's advisory states:

'The CVE-2015-2502 memory corruption vulnerability exists because IE does not properly manage certain objects in memory. The vulnerability is rated critical for Windows non-Server operating systems,' says Lane Thames, Software Development Engineer at Tripwire.

'However, the vulnerability is rated moderate for Windows Server platforms including Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2.'

Around 17.64 per cent of the world currently uses Internet Explorer, and around 23.35 per cent of the UK, according to StatCounter.

Microsoft's new operating system will run on the 'broadest types of devices ever'.

It will come with Cortana and the personal assistant app will run on the desktop.

It merges various app stores into one platform, called the One Store.

Microsoft is bringing back the Start Menu, which was removed from Windows 8.

And users can create multiple desktops to keep things organised.

EDGE: THE NEW INTERNET EXPLORER

Microsoft has released an entirely new browser to replace Internet Explorer in Windows 10.

some of its features include:

Cortana in Edge is a personal assistant that helps make Web browsing easier for you, with whatever you're trying to get done.

Inking and sharing so you can capture and communicate your thoughts: Enables you to write or type directly on the page, comment on what's interesting or clip what you want – then easily share this 'Web Note' via mail, or a social network.

The Spartan browser is designed to be faster, clearer and even let people wrote on web pages using a stylus

Reading List and Reading View

The new rendering engine is built around the idea that the Web 'just works,' while being fast, more secure and more reliable.

-->

Security Update for Internet Explorer (3088903)

Published: August 18, 2015 | Updated: August 20, 2015

Version: 1.1

Executive Summary

This security update resolves a vulnerability in Internet Explorer. The vulnerability could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

This security update is rated Critical for Internet Explorer 7 (IE 7), Internet Explorer 8 (IE 8), Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on affected Windows clients, and Moderate for Internet Explorer 7 (IE 7), Internet Explorer 8 (IE 8), Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on affected Windows servers. For more information, see the Affected Software section.

The security update addresses the vulnerability by modifying how Internet Explorer handles objects in memory.

For more information about the vulnerability, see the Vulnerability Information section.

For more information about this update, see Microsoft Knowledge Base Article 3088903.

Affected Software

The following software versions or editions are affected. Versions or editions that are not listed are either past their support life cycle or are not affected. To determine the support life cycle for your software version or edition, see Microsoft Support Lifecycle.

Microsoft internet explorer

Affected Software

**Operating System****Component****Maximum Security Impact****Aggregate Severity Rating****Updates Replaced**
**Internet Explorer 7**
Windows Vista Service Pack 2[Internet Explorer 7](http://www.microsoft.com/downloads/details.aspx?familyid=fdc9a2ff-11ba-4b3d-9cc4-d5e236eb62e6) (3087985)Remote Code ExecutionCriticalNone
Windows Vista x64 Edition Service Pack 2[Internet Explorer 7](http://www.microsoft.com/downloads/details.aspx?familyid=908bd2cf-630b-4715-84c4-c3cbd870d608) (3087985)Remote Code ExecutionCriticalNone
Windows Server 2008 for 32-bit Systems Service Pack 2[Internet Explorer 7](http://www.microsoft.com/downloads/details.aspx?familyid=f40669c3-2a8d-4bbf-bb74-82aaac679b65) (3087985)Remote Code ExecutionModerateNone
Windows Server 2008 for x64-based Systems Service Pack 2[Internet Explorer 7](http://www.microsoft.com/downloads/details.aspx?familyid=6501aafb-a123-4956-b70c-7bf209695ddf) (3087985)Remote Code ExecutionModerateNone
Windows Server 2008 for Itanium-based Systems Service Pack 2[Internet Explorer 7](http://www.microsoft.com/downloads/details.aspx?familyid=77545ff7-ee00-4f73-9bb6-df8171a7a8fc) (3087985)Remote Code ExecutionModerateNone
**Internet Explorer 8**
Windows Vista Service Pack 2[Internet Explorer 8](http://www.microsoft.com/downloads/details.aspx?familyid=4917a747-d4b5-4faa-b859-cb38ecd8dd3b) (3087985)Remote Code ExecutionCriticalNone
Windows Vista x64 Edition Service Pack 2[Internet Explorer 8](http://www.microsoft.com/downloads/details.aspx?familyid=fc37cccd-3909-4ba2-be82-0f44144ab3ba) (3087985)Remote Code ExecutionCriticalNone
Windows Server 2008 for 32-bit Systems Service Pack 2[Internet Explorer 8](http://www.microsoft.com/downloads/details.aspx?familyid=578a2d2a-2d13-4588-8ca3-3149286960d8) (3087985)Remote Code ExecutionModerateNone
Windows Server 2008 for x64-based Systems Service Pack 2[Internet Explorer 8](http://www.microsoft.com/downloads/details.aspx?familyid=32b112fb-b6b5-4a61-9331-900ea3bf912f) (3087985)Remote Code ExecutionModerateNone
Windows 7 for 32-bit Systems Service Pack 1[Internet Explorer 8](http://www.microsoft.com/downloads/details.aspx?familyid=569bfacd-d612-4504-9bd4-7af42958cb9d) (3087985)Remote Code ExecutionCriticalNone
Windows 7 for x64-based Systems Service Pack 1[Internet Explorer 8](http://www.microsoft.com/downloads/details.aspx?familyid=11de8d57-295a-41db-b179-f94979259e26) (3087985)Remote Code ExecutionCriticalNone
Windows Server 2008 R2 for x64-based Systems Service Pack 1[Internet Explorer 8](http://www.microsoft.com/downloads/details.aspx?familyid=d528a684-df53-48d8-b1b8-1dbdf815782c) (3087985)Remote Code ExecutionModerateNone
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1[Internet Explorer 8](http://www.microsoft.com/downloads/details.aspx?familyid=1d5e7c73-139a-4263-aef9-02fb2aba957f) (3087985)Remote Code ExecutionModerateNone
**Internet Explorer 9**
Windows Vista Service Pack 2[Internet Explorer 9](http://www.microsoft.com/downloads/details.aspx?familyid=ea1a609d-10f8-4f78-a230-0a7892d24cf3) (3087985)Remote Code ExecutionCriticalNone
Windows Vista x64 Edition Service Pack 2[Internet Explorer 9](http://www.microsoft.com/downloads/details.aspx?familyid=4da928c7-c9c4-45c5-84f9-05cad38cc261) (3087985)Remote Code ExecutionCriticalNone
Windows Server 2008 for 32-bit Systems Service Pack 2[Internet Explorer 9](http://www.microsoft.com/downloads/details.aspx?familyid=4e3c0593-dc45-4def-ae53-5d6b23bf47bc) (3087985)Remote Code ExecutionModerateNone
Windows Server 2008 for x64-based Systems Service Pack 2[Internet Explorer 9](http://www.microsoft.com/downloads/details.aspx?familyid=4fdd0d5e-6929-4dfa-b0e5-160465d54e4a) (3087985)Remote Code ExecutionModerateNone
Windows 7 for 32-bit Systems Service Pack 1[Internet Explorer 9](http://www.microsoft.com/downloads/details.aspx?familyid=0baf2b37-bdb8-412d-a8ec-32b1d97343b8) (3087985)Remote Code ExecutionCriticalNone
Windows 7 for x64-based Systems Service Pack 1[Internet Explorer 9](http://www.microsoft.com/downloads/details.aspx?familyid=607663a8-4b76-4c02-ba59-281352a78c29) (3087985)Remote Code ExecutionCriticalNone
Windows Server 2008 R2 for x64-based Systems Service Pack 1[Internet Explorer 9](http://www.microsoft.com/downloads/details.aspx?familyid=7857857e-93ee-47aa-a14c-4d7b6d258187) (3087985)Remote Code ExecutionModerateNone
**Internet Explorer 10**
Windows 7 for 32-bit Systems Service Pack 1[Internet Explorer 10](http://www.microsoft.com/downloads/details.aspx?familyid=e9bc0f6d-308e-4094-8012-a2282158a599) (3087985)Remote Code ExecutionCriticalNone
Windows 7 for x64-based Systems Service Pack 1[Internet Explorer 10](http://www.microsoft.com/downloads/details.aspx?familyid=150f2735-3a7d-4497-b2e4-698ec0b6af36) (3087985)Remote Code ExecutionCriticalNone
Windows Server 2008 R2 for x64-based Systems Service Pack 1[Internet Explorer 10](http://www.microsoft.com/downloads/details.aspx?familyid=08d4be9b-7283-4718-9bb5-68755090146a) (3087985)Remote Code ExecutionModerateNone
Windows 8 for 32-bit Systems[Internet Explorer 10](http://www.microsoft.com/downloads/details.aspx?familyid=47b4ec1c-2ca6-49b2-882e-c5262fef540d) (3087985)Remote Code ExecutionCriticalNone
Windows 8 for x64-based Systems[Internet Explorer 10](http://www.microsoft.com/downloads/details.aspx?familyid=b08a013a-9335-47eb-9f00-9d31b99184bc) (3087985)Remote Code ExecutionCriticalNone
Windows Server 2012[Internet Explorer 10](http://www.microsoft.com/downloads/details.aspx?familyid=825724a0-0b2f-4312-94e5-b52dc7367c29) (3087985)Remote Code ExecutionModerateNone
Windows RTInternet Explorer 10[1](3087985)Remote Code ExecutionCriticalNone
**Internet Explorer 11**
Windows 7 for 32-bit Systems Service Pack 1[Internet Explorer 11](http://www.microsoft.com/downloads/details.aspx?familyid=77b5f5cd-efd5-4fb5-a01c-66b0b1c7f66d) (3087985)Remote Code ExecutionCriticalNone
Windows 7 for x64-based Systems Service Pack 1[Internet Explorer 11](http://www.microsoft.com/downloads/details.aspx?familyid=4d5fb8a9-bb7c-4dc1-823e-3f2394cf3089) (3087985)Remote Code ExecutionCriticalNone
Windows Server 2008 R2 for x64-based Systems Service Pack 1[Internet Explorer 11](http://www.microsoft.com/downloads/details.aspx?familyid=114f134e-27d4-4998-9a27-fe678a201669) (3087985)Remote Code ExecutionModerateNone
Windows 8.1 for 32-bit Systems[Internet Explorer 11](http://www.microsoft.com/downloads/details.aspx?familyid=5fb74b22-3fc7-413d-b913-4425acc616be) (3087985)Remote Code ExecutionCriticalNone
Windows 8.1 for x64-based Systems[Internet Explorer 11](http://www.microsoft.com/downloads/details.aspx?familyid=74577736-ce17-4722-96b2-831a890309e7) (3087985)Remote Code ExecutionCriticalNone
Windows Server 2012 R2[Internet Explorer 11](http://www.microsoft.com/downloads/details.aspx?familyid=8df9eae6-bd91-4df8-bf51-4117056b6983) (3087985)Remote Code ExecutionModerateNone
Windows RT 8.1Internet Explorer 11[1](3087985)Remote Code ExecutionCriticalNone
[Windows 10 for 32-bit Systems](https://support.microsoft.com/en-us/kb/3081444)[2](3081444)Internet Explorer 11Remote Code ExecutionCritical3081436 in [MS15-079](http://go.microsoft.com/fwlink/?linkid=619622)
[Windows 10 for x64-based Systems](https://support.microsoft.com/en-us/kb/3081444)[2](3081444)Internet Explorer 11Remote Code ExecutionCritical3081436 in [MS15-079](http://go.microsoft.com/fwlink/?linkid=619622)
[1]This update is available via [Windows Update](http://go.microsoft.com/fwlink/?linkid=21130).

[2]The Windows 10 update is cumulative. In addition to containing non-security updates, it also contains all of the security fixes for all of the Windows 10-affected vulnerabilities shipping with this month’s security release. See Microsoft Knowledge Base Article 3081444 for more information and download links.

Microsoft Updates

Note Windows Server Technical Preview is affected. Customers running this operating system are encouraged to apply the update, which is available via Windows Update.

Severity Ratings and Vulnerability Identifiers

The following severity ratings assume the potential maximum impact of the vulnerability. For information regarding the likelihood, within 30 days of this security bulletin's release, of the exploitability of the vulnerability in relation to its severity rating and security impact, please see the Exploitability Index in the August bulletin summary.

Where specified in the Severity Ratings and Impact table, Critical, Important, and Moderate values indicate severity ratings. For more information, see Security Bulletin Severity Rating System. Refer to the following key for the abbreviations used in the table to indicate maximum impact:

AbbreviationMaximum Impact
RCERemote Code Execution
EoPElevation of Privilege
IDInformation Disclosure
SFBSecurity Feature Bypass
**Vulnerability Severity Ratings and Impact**
**CVE number****Vulnerability Title****Internet Explorer 7****Internet Explorer 8****Internet Explorer 9****Internet Explorer 10****Internet Explorer 11****Internet Explorer 11** **on Windows 10**
[CVE-2015-2502](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2502)Memory Corruption VulnerabilityWindows Clients: **Critical / RCE** Windows Servers: **Moderate / RCE**Windows Clients: **Critical / RCE** Windows Servers: **Moderate / RCE**Windows Clients: **Critical / RCE** Windows Servers: **Moderate / RCE**Windows Clients: **Critical / RCE** Windows Servers: **Moderate / RCE**Windows Clients: **Critical / RCE** Windows Servers: **Moderate / RCE**Windows Clients: **Critical / RCE**

Update FAQ

Is update 3081444 a cumulative security update for Internet Explorer 11?
Yes. Security update 3081444 is a cumulative security update for users running Internet Explorer 11 on Windows 10.

Is update 3087985 a cumulative security update for Internet Explorer?
No. Security update 3087985 is not a cumulative update.

Are there any prerequisites for update 3087985?
Yes. Customers running Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, or Internet Explorer 11 on Windows 7, Windows Server 2008 R2, Windows 8.1, Windows Server 2012 R2, or Windows RT 8.1 must first install the 3078071 update released on August 11, 2015 before installing the 3087985 update.

Note For Download Center customers:

Microsoft Internet Explorer 10

If you download and install updates manually, you must first install update 3078071 before installing update 3087985. Failure to follow the install order can lead to degraded functionality.

Vulnerability Information

Memory Corruption Vulnerability – CVE-2015-2502

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer, and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements by adding specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an instant messenger or email message that takes users to the attacker's website, or by getting them to open an attachment sent through email.

An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Systems where Internet Explorer is used frequently, such as workstations or terminal servers, are at the most risk from this vulnerability.

The update addresses the vulnerability by modifying how Internet Explorer handles objects in memory. The following table contains links to the standard entry for each vulnerability in the Common Vulnerabilities and Exposures list:

Vulnerability titleCVE numberPublicly disclosedExploited
Memory Corruption VulnerabilityCVE-2015-2502NoYes
### Mitigating Factors Microsoft has not identified any [mitigating factors](https://technet.microsoft.com/library/security/dn848375.aspx) for the vulnerability. ### Workarounds Microsoft has not identified any [workarounds](https://technet.microsoft.com/library/security/dn848375.aspx) for the vulnerability. ### FAQ **I am running Internet Explorer on Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, or Windows Server 2012 R2. Does this mitigate these vulnerabilities?** Yes. By default, Internet Explorer on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2 runs in a restricted mode that is known as [Enhanced Security Configuration](http://technet.microsoft.com/library/dd883248). Enhanced Security Configuration is a group of preconfigured settings in Internet Explorer that can reduce the likelihood of a user or administrator downloading and running specially crafted web content on a server. This is a mitigating factor for websites that you have not added to the Internet Explorer Trusted sites zone. **Can EMET help mitigate attacks that attempt to exploit these vulnerabilities?** Yes. The Enhanced Mitigation Experience Toolkit (EMET) enables users to manage security mitigation technologies that help make it more difficult for attackers to exploit memory corruption vulnerabilities in a given piece of software. EMET can help mitigate attacks that attempt to exploit these vulnerabilities in Internet Explorer on systems where EMET is installed and configured to work with Internet Explorer. For more information about EMET, see the [Enhanced Mitigation Experience Toolkit](http://technet.microsoft.com/security/jj653751). Security Update Deployment -------------------------- For Security Update Deployment information see the Microsoft Knowledge Base article referenced [here](#kbarticle) in the Executive Summary. Acknowledgments --------------- Microsoft recognizes the efforts of those in the security community who help us protect customers through coordinated vulnerability disclosure. See [Acknowledgments](https://technet.microsoft.com/library/security/dn903755.aspx) for more information. Disclaimer ---------- The information provided in the Microsoft Knowledge Base is provided 'as is' without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Revisions --------- - V1.0 (August 18, 2015): Bulletin published. - V1.1 (August 20, 2015): Bulletin revised to announce a detection change in the 3087985 update for Internet Explorer. This is a detection change only. Customers who have already successfully updated their systems do not need to take any action. *Page generated 2015-08-20 15:40Z-07:00.*