Forum Thread: Internet Explorer 11 insecure on Win 7

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as locked.
Mikey83 Internet Explorer 11 insecure on Win 7
Member 12th May, 2017 04:17
Ranking: 1
Posts: 18
User Since: 15th Aug, 2014
System Score: N/A
Location: US
Last edited on 12th May, 2017 04:24

Secunia says Internet Explorer 11 insecure on Win 7
My system is running Windows 7 x64, and Secunia 3.0.0.11005

I have both versions of Internet Explorer 11, 32 bit (x32) and 64 bit (x64)

I ran Windows Update on Patch Tuesday.
I installed kb4019264 security update for May 9,2017

I did not other updates for Internet Explorer 11 because the updates were from 2014.

Secunia said Internet Explorer was insecure.

The update for KB4019264 says you need kb4018271, so I downloaded it from the Microsoft Update Catalog and installed it.

Secunia said it was now secure. It appears the issue is resolved.
A while later, the Secunia icon turned red again showing Internet Explorer 11 as insecure.

Mikey83 RE: Internet Explorer 11 insecure on Win 7
Member 12th May, 2017 04:27
Score: 1
Posts: 18
User Since: 15th Aug 2014
System Score: N/A
Location: US
Note: I had to breakup this post into parts, because when I submitted everything in one post the submitted post was blank.

Rerunning Windows update again only shows updates from 2014.

Secunia notes that I am running Internet Explorer 11 version 11.0.9600.18666


Internet Explorer 11 says (under help, about) I am running 11.0.9600.18665, update version 11.0.42, KB4018271, for both x32 and x64 versions.

Interestingly, if I navigate to the Internet Explorer executable iexplore.exe, and check the properties, it says it is at 11.0.9600.18666, just what Secunia

says. This is for both x32 and x64.
Paths to Internet Explorer:
x32 C:\Program Files (x86)\Internet Explorer
x64 C:\Program Files\Internet Explorer


Why is there an inconsistency with Internet Explorer? Internet Explorer (help , about) says I am running 11.0.9600.18665, but the file property details for

iexplore.exe says it is at 11.0.9600.18666,

Why is Secunia still showing Internet Explorer as insecure?
Is it a problem with Secunia not reporting correctly, or is Internet Explorer not up to the latest patch levels?
Was this reply relevant?
+0
-0
Maurice Joyce RE: Internet Explorer 11 insecure on Win 7
Handling Contributor 13th May, 2017 10:01
Score: 12325
Posts: 9,575
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Have you run MBSA to double check on any missing updates?

https://www.microsoft.com/en-gb/download/details.a...



--
Maurice

Microsoft Surface 4 Intel i7 64Bit
Windows 10 Pro version 1809 Build 17763.404
16 GB RAM
IE & Edge Only
Was this reply relevant?
+0
-0
Mikey83 RE: Internet Explorer 11 insecure on Win 7
Member 14th May, 2017 09:42
Score: 1
Posts: 18
User Since: 15th Aug 2014
System Score: N/A
Location: US
Last edited on 14th May, 2017 09:47
Maurice,
Thanks for your help.

Windows update reported that kb2987107 was required, but it is old (from 2014).

I installed Microsoft Baseline Security Analyzer
Microsoft Baseline Security Analyzer reported that kb2987107 was missing
and showed this link for more information
https://support.microsoft.com/en-us/help/2987107/m...
the web page notes
MS14-056: Cumulative security update for Internet Explorer: October 14, 2014
The update that this article describes has been replaced by a newer update.
We recommend that you install the most current cumulative security update for Internet Explorer.

I looked in my update history and it was installed on 10/14/14
Was this reply relevant?
+0
-0
Mikey83 RE: Internet Explorer 11 insecure on Win 7
Member 14th May, 2017 09:50
Score: 1
Posts: 18
User Since: 15th Aug 2014
System Score: N/A
Location: US
Last edited on 14th May, 2017 10:00
I hid update kb2987107, and then ran Windows Update again.
Windows Update reports "No important updates available"

Secunia still reports Internet Explorer 11 as insecure.
Was this reply relevant?
+0
-0
Maurice Joyce RE: Internet Explorer 11 insecure on Win 7
Handling Contributor 14th May, 2017 10:30
Score: 12325
Posts: 9,575
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Last edited on 14th May, 2017 10:36
Looks like a minor file corruption has occurred as Windows Update and MBSA appear to agree with each other.

I personally would allow Windows Update to run to see if that fixes the issue. I would understand your reluctance to take such an action given the research you have done but your options appear limited in clearing the vulnerability.

--
Maurice

Microsoft Surface 4 Intel i7 64Bit
Windows 10 Pro version 1809 Build 17763.404
16 GB RAM
IE & Edge Only
Was this reply relevant?
+0
-0
Mikey83 RE: Internet Explorer 11 insecure on Win 7
Member 14th May, 2017 21:18
Score: 1
Posts: 18
User Since: 15th Aug 2014
System Score: N/A
Location: US
The Windows Update system has had a lot of problems in the last year or two.

There were several reports from others that Windows was showing old/superseded updates this week.

The first update it said I needed was
kb3008923 Cumulative security update for Internet Explorer: December 9, 2014
https://support.microsoft.com/en-us/help/3008923/m...
notes:
The update that this article describes has been replaced by a newer update.
We recommend that you install the most current cumulative security update for Internet Explorer.

Kb3008923 stopped showing up after a day or two, but then kb2987107 (as noted earlier) was showing up-- another old outdated update.
Was this reply relevant?
+0
-0
Mikey83 RE: Internet Explorer 11 insecure on Win 7
Member 19th May, 2017 07:24
Score: 1
Posts: 18
User Since: 15th Aug 2014
System Score: N/A
Location: US
Last edited on 19th May, 2017 08:21
KB4019264's KB article is incorrect about the need to install KB4018271
https://support.microsoft.com/en-us/help/4019264/w...
This Monthly Rollup update does not include security fixes for Internet Explorer. In order to obtain the security fixes for Internet Explorer, the Cumulative Security Update for Internet Explorer KB4018271 should also be installed. Note that the Security Monthly Quality Rollup does contain security updates for Internet Explorer.
Was this reply relevant?
+0
-0
Mikey83 RE: Internet Explorer 11 insecure on Win 7
Member 19th May, 2017 08:22
Score: 1
Posts: 18
User Since: 15th Aug 2014
System Score: N/A
Location: US
Last edited on 19th May, 2017 08:24
KB4019264 already contains KB4018271, as noted in the KB4018271 KB article
https://support.microsoft.com/en-us/help/4018271/c...

it notes
The fixes included in this Security Update for Internet Explorer 4018271 are also included in the May 2017 Security Monthly Quality Rollup. Installing either the Security Update for Internet Explorer or the Security Monthly Quality Rollup installs the fixes that are resolved in this update.

And it notes
This Security Update for Internet Explorer is not applicable for installation on a computer where the Security Monthly Quality Rollup or the Preview of Monthly Quality Rollup from May 2017 (or a later month) is already installed. This is because those updates contain all fixes in this Security Update for Internet Explorer.
Was this reply relevant?
+0
-0
Mikey83 RE: Internet Explorer 11 insecure on Win 7
Member 19th May, 2017 08:25
Score: 1
Posts: 18
User Since: 15th Aug 2014
System Score: N/A
Location: US
Last edited on 19th May, 2017 08:29
So I didn't need to install KB4018271, and I removed it.
The Internet Explorer 11 version didn't change after the removal.
Was this reply relevant?
+0
-0
Mikey83 RE: Internet Explorer 11 insecure on Win 7
Member 19th May, 2017 08:30
Score: 1
Posts: 18
User Since: 15th Aug 2014
System Score: N/A
Location: US
Last edited on 19th May, 2017 08:35
I check my friend's computer which is similar.
On his computer, Windows Update only found KB4019264, and didn't indicate the KB4018271 was needed, just like on my computer.

Secunia says his Internet Explorer is secure and up to date.

His Internet Explorer 11 version is the same as my version.

Still stumped as to why Secunia is reporting my Internet Explorer is not secure.

Would it be worthwhile to forward this issue to Secunia support?

Was this reply relevant?
+0
-0
Mikey83 RE: Internet Explorer 11 insecure on Win 7
Member 19th May, 2017 08:38
Score: 1
Posts: 18
User Since: 15th Aug 2014
System Score: N/A
Location: US
Last edited on 19th May, 2017 08:39
Sorry about the multi-part post.
Many times my posts would show up as blank.
The only way to get the post to show up was to break the post up into parts.
Was this reply relevant?
+0
-0
Mikey83 RE: Internet Explorer 11 insecure on Win 7
Member 20th May, 2017 00:35
Score: 1
Posts: 18
User Since: 15th Aug 2014
System Score: N/A
Location: US
Last edited on 20th May, 2017 00:36
Problem solved.

I hid the update in Windows Update, and rescanned with Secunia.
Secunia reports all programs secure.

Apparently Secunia runs Windows Update and checks what updates show up, even if they are out-of-date and superseded.
Was this reply relevant?
+0
-0

This thread has been marked as locked.