More problems with the March IE Security-only patches

Topic

New Reply

We’re seeing numerous reports of problems with the March Internet Explorer Security-only patches. These are the patches that you have to download and
[See the full post at: More problems with the March IE Security-only patches]

3 users thanked author for this post.

Elly, JDeC, walker

Reply | Quote

Replies

Once again I’m glad I didn’t dive right on the DEFCON change! I’ve gotten into the routine of installing updates the day before the next ones are released regardless of the DEFCON status and this is the second time over the past few months this was a wise decision.

Reply | Quote

Me too!

Being 20 something in the 70's was so much better than being 70 something in the insane 20's

Reply | Quote

I do not download the individual IE patches. I take the updates bundled together by Microsoft  and I am not failing the LOGJAM test

2 users thanked author for this post.

walker, abbodi86

Reply | Quote

bringing over my latest find from my original post on another thread….

“Ok, I did more research. Kb3061518 was superceded many times over, so I’m ok with that.
I did download the IE11 Cumulative Kb4012204 update first.
Rebooted then downloaded and applied the Hot fix patch Kb401664.

Did the Logjam test and passed.

Seriously, after spending hours of this……
Group A is looking better to me”.

just to add that I downloaded the updates to my download folder (from woody’s link) then installed them.

 

BTW,  I’m a “her”. (:

1 user thanked author for this post.

JDeC

Reply | Quote

@Woody:

I do not ever use the IE11 which I have, however have always kept it updated.   Is it still necessary to install these TWO updates for the IE?    Also I have no clue as to what the “logjam” test is.  It is becoming more and more difficult to try to stay in Group B at this point in time.

It would be great if it is NOT necessary to install the IE updates since I never use it.  Your guidance will be most sincerely appreciated.   Thank you.     🙂

Reply | Quote

IE is an integral part of Windows and, as such, needs to be updated even if you don’t use it. The system uses it. So yes, you need to apply the IE11 patches every month.

5 users thanked author for this post.

Elly, JDeC, abbodi86, walker, woody

Reply | Quote

PKCano:   Thank you very much for the information.    I know that in the past I was aware that the IE11 had to be updated because of other components which affected my Win 7 OS.  I appreciate the guidance with this and now know that it is impossible to ever be free of those updates.    Your help is most appreciated   🙂

Reply | Quote

@ walker

According to https://en.wikipedia.org/wiki/Logjam_(computer_security), you need millions of US$ in financial resources to exploit the Logjam vulnerability to intercept nearly any Internet communications of a target/suspect. The NSA have been doing it.

Maybe, with these problematic Security-Only updates for IE11, M$ wanna deprecate the security of Win 7/8.1 computer users who have chosen Group B against their wishes, in order to push them onto Group A.

1 user thanked author for this post.

walker

Reply | Quote

Yes indeed.  Also making group B’ers spend hours, if not days gathering info., trying to understand it, making sure they have the exact proper order to install each one, and then have to test to see if you were successful.  What a mess.  It does make one feel like giving up and playing M$’s game, but I’m an ornery cuss, and thanks to Woody and all who contribute so much to this site, I can resist!

Being 20 something in the 70's was so much better than being 70 something in the insane 20's

3 users thanked author for this post.

JDeC, samak, HiFlyer

Reply | Quote

Logjam Exploit explained:

https://weakdh.org/

 

-- rc primak

2 users thanked author for this post.

JDeC, Charlie

Reply | Quote

Well Woody, on my Win7 pro B group machine I downloaded and installed the security only IE patches as per your guidelines. I usually use Iron/chrome and on reading the above I used the link for the test……. I failed with Iron/chrome………. realised I should have used IE which I then did and found that I passed!
Your user agent has good protocol support.
Your user agent supports TLS 1.2, which is recommended protocol version at the moment.

The reason for the Iron/chrome failure was suspected firewall restrictions. Hope this helps. LT

Reply | Quote

Woody,

Win7 SP1-64 bits, Group B.  Both kb4016446 and kb4012204 installed.  Ran SSL Qualys.  Full results:
SSL/TLS Capabilities of Your Browser

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; MDDCJS; rv:11.0) like Gecko

Other User Agents »

Protocol Support

Your user agent has good protocol support.

Your user agent supports TLS 1.2, which is recommended protocol version at the moment.

Logjam Vulnerability
Your user agent is not vulnerable.

For more information about the Logjam attack, please go to weakdh.org.
To test manually, click here. Your user agent is not vulnerable if it fails to connect to the site.

FREAK Vulnerability
Your user agent is not vulnerable.

For more information about the FREAK attack, please go to http://www.freakattack.com.
To test manually, click here. Your user agent is not vulnerable if it fails to connect to the site.

POODLE Vulnerability
Your user agent is not vulnerable.

For more information about the POODLE attack, please read this blog post.

Protocol Features

Protocols

TLS 1.3  No
TLS 1.2 Yes
TLS 1.1 Yes
TLS 1.0 Yes
SSL 3 No
SSL 2 No

Cipher Suites (in order of preference)

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)   Forward Secrecy  256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)   Forward Secrecy  128
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)   Forward Secrecy  256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)   Forward Secrecy  128
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f)   Forward Secrecy  256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e)   Forward Secrecy  128
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)   Forward Secrecy  256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33)   Forward Secrecy  128
TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d)  256
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c)  128
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d)  256
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c)  128
TLS_RSA_WITH_AES_256_CBC_SHA (0x35)  256
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)  128
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)   Forward Secrecy  256
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)   Forward Secrecy  128
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024)   Forward Secrecy  256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)   Forward Secrecy  128
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)   Forward Secrecy  256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)   Forward Secrecy  128
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 (0x6a)   Forward Secrecy2  256
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 (0x40)   Forward Secrecy2  128
TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x38)   Forward Secrecy2  256
TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x32)   Forward Secrecy2  128
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa)  112
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x13)   Forward Secrecy2  112
(1) When a browser supports SSL 2, its SSL 2-only suites are shown only on the very first connection to this site. To see the suites, close all browser windows, then open this exact page directly. Don’t refresh.
(2) Cannot be used for Forward Secrecy because they require DSA keys, which are effectively limited to 1024 bits.

Protocol Details

Server Name Indication (SNI) Yes
Secure Renegotiation Yes
TLS compression No
Session tickets No
OCSP stapling Yes
Signature algorithms SHA512/RSA, SHA512/ECDSA, SHA256/RSA, SHA384/RSA, SHA1/RSA, SHA256/ECDSA, SHA384/ECDSA, SHA1/ECDSA, SHA1/DSA
Elliptic curves secp256r1, secp384r1
Next Protocol Negotiation No
Application Layer Protocol Negotiation No
SSL 2 handshake compatibility No

Mixed Content Handling

Mixed Content Tests

Images Passive Yes
CSS Active No
Scripts Active No
XMLHttpRequest Active No
WebSockets Active No
Frames Active No
(1) These tests might cause a mixed content warning in your browser. That’s expected.
(2) If you see a failed test, try to reload the page. If the error persists, please get in touch.

Related Functionality

Upgrade Insecure Requests request header (more info) No

edit to remove HTML

Reply | Quote

JNP:   This is waaaaaaaaaaaay over my head!   The SSL/TLS are something I know nothing about.    I’m not computer “literate”, and admire all of those that are, including you!   🙂

Reply | Quote

Walker, it’s way over my head too! I just wanted to provide Woody and the mavens (hmm, sounds like this should be the name of a rock group) with all the possible info in case it could be valuable to them in terms of troubleshooting.

1 user thanked author for this post.

walker

Reply | Quote

Could the installation method be part of the problem? Like if you installed both IE patches before rebooting?

2 users thanked author for this post.

HiFlyer, lizzytish

Reply | Quote

Well…….. I rebooted after each installation. Mind you I tried to install the ‘fix’ after installing the main IE patch, and my machine wouldn’t let me……….. I had to reboot before being able to proceed with the other. So that and also the client browser configuration that has been also mentioned could possible be the reason for some not working. But I must say so far touch wood and whistle…… Group B has been working for me very well……. and I really don’t see any cause to regret my being in Group B. Thanks to Woody and those who have given their input! LT

1 user thanked author for this post.

Kirsty

Reply | Quote

When things get this bad I always think of what the average John or Jane Q. Public computer user is going to do.  But then, they’re probably already on Win 10 and maybe even happy.  I’m gonna let it go there, any more and I’d have to put this in the rant section.

Being 20 something in the 70's was so much better than being 70 something in the insane 20's

1 user thanked author for this post.

Bill C.

Reply | Quote

Well, I had installed the first update when it came out and saw no problems. I saw this, and I checked and found I was vulnerable. I installed the hotfix, and after a restart, checked again. I was still vulnerable, although everything else was OK. I just uninstalled both updates, and on checking again, I came up as not vulnerable. I alternate between IE and Firefox, depending on website; and am uncertain what to do at this point. I’m group B, using a Dell XPS7100 (64 bit).

Reply | Quote

My Group B Windows 7 Pro failed the test for Internet Explorer with the two updates installed. I then uninstalled the updates, ran the test again and IE still failed! Firefox (my preferred browser) passed with flying colors. Not sure what to do now.

Reply | Quote

Did you reboot after the uninstall?

Reply | Quote

Yep. Rebooted everything individually, just to be sure, even if the pop-up window didn’t say a restart was required. I’m more concerned that even with the new patches uninstalled IE is failing the logjam test. My hard drive crashed in December so I re-installed Windows 7 plus IE11 with all patches through October, 2016 and security only thereafter. I didn’t even know about logjam, or the test for logjam, until reading these last couple of articles here on Ask Woody.

1 user thanked author for this post.

PKCano

Reply | Quote

Okay, I solved the problem! In Windows 7, SSL 2.0 must, repeat must, be disabled. There is a known conflict between SSL 2.0 and TLS 1.2 on Windows 7. If SSL 2.0 is enabled, Windows 7 will not pass the logjam test. Period. As soon as I changed the security settings in Internet Options, Advanced, in Internet Explorer, my computer passed the logjam test–first, without the updates installed, then with the IE 11 update installed, and, finally, with both the update and the hotfix installed. Hurray!

3 users thanked author for this post.

HiFlyer, lizzytish, walker

Reply | Quote

Once again, we provide beta testing for Microsoft paid Windows Update programmers. Thanks to you anonymous

CT

2 users thanked author for this post.

HiFlyer, walker

Reply | Quote

I don’t believe unchecking SSL  and being TSL is checked is the only factor.

Reply | Quote

Well, I am post 105898 (justaned-not yet registered). I just checked my settings and no ssl is checked; neither ssl2.0 nor ssl3.0, and I failed logjam with both installed. I passed with both removed. I’m attempting to reply to PKCano’s post 105966; not sure it will show in the proper place. #105967 says only tls12 is checked, whereas I have all 3 checked;1.0, 1.1 and 1.2. No idea if this helps or not, but…

BTW, I tried to reply using IE, and was unable to get the blinking curser. I had to switch to Firefox.

justaned

Reply | Quote

If you installed the March 2017 monthly rollup, then you have all of the code contained in the March 2017 cumulative Internet Explorer update, although the March 2017 cumulative Internet Explorer update isn’t listed separately in the list of installed Windows updates.

Reply | Quote

If you install the Monthly Rollup, then open IE11 and go to Help\About IE, you will find KB4012204 listed. Even it is not in the list of installed updates in WU.

2 users thanked author for this post.

HiFlyer, walker

Reply | Quote

That’s correct.

Also, with the March 2017 monthly rollup installed, I tried to uninstall KB4012204 via this command-line: wusa /uninstall /kb:4012204

Result: it reported that KB4012204 was not installed.

Reply | Quote

My Group B Windows 7 Home passed the Logjam test with both KB 4012204 & KB 4016446 installed. Noticed no problems as yet. Firefox passed, too.

Reply | Quote

Once again, this throws the whole concept of Group B into question. Come to think of it, it throws the whole concept of trusting Microsoft to do Windows Update into question.

Group C (W), anyone?

CT

4 users thanked author for this post.

Charlie, JDeC, walker

Reply | Quote

Agree. Might be time to lock down Windows 7 and 8.1 like XP for those who are comfortable doing this. Suspect they are having problems with providing updates for what we call Group B, ie, they can’t seem to do it now they have separated into two updating methods. Also, aren’t their update catalog pages insecure anyway? Wonder if this has something to do with this problem.

Reply | Quote

Group C (W), anyone?

I’m already there and have been since patchpocalypse.

 

Reply | Quote

I’ve been planning for Group W (or “L”). One laptop is Win 7, currently up to date (Group B). I’m keeping the financial data on it as well as the Windows-only applications. Haven’t decided if it will go on line or not. The main reason it’s going on line is for updates and virus definitions. If it were isolated from the ‘net, we’d still be fine.

The other Win 7 machine is my main web-surfer. I’ve found Linux equivalents for everything it needs to do, and I’ve prepared a Linux laptop with the packages I’ll need. I’m already using Pale Moon for Linux on that laptop; it’s easy to copy the profile from one machine to the other.

1 user thanked author for this post.

Elly

Reply | Quote

Win7 SP1 Home Premium, 64-bit, Group B. Both IE patches installed with a reboot after each install. Passed logjam test; SSL 2 and SSL 3 are unchecked in internet options (NO in logjam report). I use Chrome as my main browser.

Reply | Quote

The problem is at the server end. My understanding is that the patches are OK.

“it is important to note that this is a flaw in the TLS protocol and not a vulnerability due to the implementation itself”. The browser is able to detect the insecure connection.

https://tools.keycdn.com/logjam

Reply | Quote

The client’s (eg. browser) configuration can also affect vulnerability to Logjam.

Reply | Quote

If the server tries to connect with insecure protocols, the browser must defend itself by refusing the connection. Otherwise, there will be a vulnerability. But if the browser refuses the connection, the site may fail to load. Which from a security point of view is good, and makes the user not vulnerable to the exploit.

It does not just depend on the server end. But a secure server will not show the vulnerability even if the browser is not secure. It is the combination of an insecure server and an insecure browser which allows the vulnerability to be exploited.  Hence the need to patch the browser.

-- rc primak

3 users thanked author for this post.

Charlie, HiFlyer, PKCano

Reply | Quote

I am using windows 7 64bit with just KB 4012204 installed I failed but after I installed KB 4016446 I passed.tls 1.2 only one checked in internet explorer 11 advanced option’s.

Reply | Quote

I have installed KB4012204 and have not installed or been offered KB4016446.

Notepad++ v7.3.3 (64-bit) still works fine for me. (All other apps are working as well.)

Reply | Quote

Yesterday I installed the March security-only updates on three Windows 7 Pro 64bit SP1 computers: KB4012212, KB4012204, KB4016446 in that order and rebooting after each one. I barely use IE but after reading this I fired it up to do the Logjam test. It passes on all three computers. Sorry to be boring!

3 users thanked author for this post.

JDeC, HiFlyer, lizzytish

Reply | Quote

Two machines here- long term very basic user – HP Win 8.1 64-bit i-5 desktop circa 2012 and HP Win 8.1 64-bit i-3 Hybrid notebook. Both have Office 2010.

Group B – have updated both, Security Only, Office, Silverlight & Adobe (though I do not use), MSRT. Plus let through INTEL  – System 8/9/2016 on both and NVIDEA drivers (foolishly I now realise?). I wasn’t offered IE 11 updates on either machine which I was expecting.

All seems OK so far EXCEPT for Windows Update settings…the main screen which was showing the Crossed Red Shield Never Check setting was changed to the Yellow Check Now setting.

In the Change Settings screen, the Red Shield Never Check is showing, with my tick still there in Update Microsoft products when I Update Windows.

I have reticked the Never Check, OKed it and in Settings this is what it says, but still the Yellow Check For Updates is displayed and this is what happens…..what is going on?

 

Reply | Quote

Same poster – just to add, now realise you manually download the IE updates separately, which I have not done, especially after reading the other messages again.

I use Firefox and did the check described and it is fine. Don’t use IE these days, but understand it should be updated. Will leave until clear  or should I risk it?

Very nervous now.

2 users thanked author for this post.

JDeC, walker

Reply | Quote

anonymous wrote:

Could the installation method be part of the problem? Like if you installed both IE patches before rebooting?

Could well be. I was the “anonymous” who reported trouble with Notepad++ and I installed the security-only patch plus both IE patches before rebooting. Things went back to normal after uninstalling both IE patches and then rebooting.

I just tried reinstalling both IE patches, rebooting after the first one. The second one didn’t request a reboot. Things look OK now – I don’t see the problems I had before with Notepad++ or the SFC:OP game.

1 user thanked author for this post.

lizzytish

Reply | Quote

I may have spoken too soon; I’ve noticed other, more subtle problems such as my custom power-management profile being switched out on restarting and various slow downs in my system. I’ve uninstalled the IE updates again and plan to keep them uninstalled. In fact, I’m at the point of being ready to jump from Group B to Group W.

1 user thanked author for this post.

JDeC

Reply | Quote

Deep Lurker wrote:

anonymous wrote:

Could the installation method be part of the problem? Like if you installed both IE patches before rebooting?

Could well be. I was the “anonymous” who reported trouble with Notepad++ and I installed the security-only patch plus both IE patches before rebooting. Things went back to normal after uninstalling both IE patches and then rebooting. I just tried reinstalling both IE patches, rebooting after the first one. The second one didn’t request a reboot. Things look OK now – I don’t see the problems I had before with Notepad++ or the SFC:OP game.

It was an installation problem for me. After installing KB 4012204, I didn’t reboot and installed KB 4016446. I then rebooted. IE failed the Logjam test.

I uninstalled both IE patches, installed KB 4012204 and rebooted when prompted. I then installed KB 4016446. This patched also prompted a reboot. After installing KB 4012204, I ran the Logjam test, and IE passed. After installing KB 4016446, I ran the Logjam test again, and IE passed.

2 users thanked author for this post.

Elly, SueW

Reply | Quote

It occurs to me to wonder…

What good does it do Microsoft to release bug-free patches to older software?

Yeah, I really do think TODAY’s Microsoft really would stoop so low as to make their “support” of older systems a pain to make people crave better. They still apparently don’t realize Windows 10 is widely known as “not better”.

Perhaps you subscribe to the philosophy of “never attribute to malice that which can be explained by incompetence“… Fair enough. Unfortunately, it’s not all that much better than the first theory.

I don’t think I’m going to install the March updates myself on any of my Win 8.1 and older systems. Not yet anyway. Tweaking Win 10 Creator’s Update into becoming a desktop-only system in a test VM has me distracted for now.

-Noel

2 users thanked author for this post.

Charlie, HiFlyer

Reply | Quote

I think they realize that it is widely known as not better. So the question becomes what bad does it do to Microsoft to release bug-free patches to older software and not make it a pain to have only security updates installed.

1 user thanked author for this post.

HiFlyer

Reply | Quote

If M$ makes it enough of a pain to maintain Windows 7/8, then Windows 10 will look “better” if only by comparison to the trouble that holdouts need to go through.

That should be enough to convince some percentage of Win 7 users who dislike Win 10 but lack the time or inclination or skills to keep messing with the ever-more convoluted ways to keep 7 up to date.

2 users thanked author for this post.

Charlie, HiFlyer

Reply | Quote

Unfortunately it doesn’t do them any good, and it doesn’t seem like they care anyway. Some people have no recourse regardless, and those who do have moved on or are in the process of moving on.

2-5 years from now, I think MS will be asking “what went wrong” because I think they’ve gone further than burning bridges; they’re napalming the forests too. They still think they’re the only game in town, and yet they’re too oblivious to realize that no, they’re not.

3 users thanked author for this post.

Elly, Charlie, HiFlyer

Reply | Quote

I`m group A.   Win 7, home,  Mozilla Firefox 52. When defcon  3 was declared, downloaded the March monthly roll up.  No problems.  Took the logjam test, same thing.  All areas passed.

Reply | Quote

That makes sense, you did exactly what MS wants you to do.

Being 20 something in the 70's was so much better than being 70 something in the insane 20's

Reply | Quote

just wanted to say when i took the logjam test this afternoon it said user agent was vulnerable, this was for internet explorer 11 kb4012204 and kb40164466 both 64 bit, i just did it again an it came out o.k.

Reply | Quote

Perhaps that Logjam test is unreliable. I suggest trying the other two Logjam tests listed at https://www.askwoody.com/forums/topic/ie-security-update-kb-4012204-trips-a-logjam-security-test-warning/#post-106085.

Reply | Quote

? says:

passed the logjam test on weakDH.org and SSL Labs on 3 win7 pro machines after updating ie with both patches

then passed the weakDH.org and failed the SSL Labs test on a fourth win7 pro?

must be April Fools day

Reply | Quote

This may be related to 3/17 IE Security patch if that was included in the bundled Windows 10 update. But after my “successful” Windows 10 patch when it went t  MS-Defcon3, I find that Windows 10 does not fully shut down. I have to hold down the start button on the system to fully shut it down.

Reply | Quote

I think this screen grab says it all: The results from the ssllabs.com page are inconsistent at best. Some folks up above have noticed this as well.

I suggest not basing any decisions on such results.

-Noel

2 users thanked author for this post.

Elly, walker

Reply | Quote

Noel Carboni wrote:

I think this screen grab says it all: The results from the ssllabs.com page are inconsistent at best. Some folks up above have noticed this as well. I suggest not basing any decisions on such results.  -Noel

I think you might be right. After I updated a Windows 8.1 system yesterday, the sslabs.com page indicated the user agent was vulnerable for Logjam. It also showed IE as vulnerable before I installed the patches. I checked the ssllabs.com page today, and it’s now indicating the user agent is not vulnerable. I used the manual check as well, and the page did not display.

Reply | Quote

I am a Group A and when I clicked on the link for the logjam test and pasted it into IE11 it failed and I saw where one of the posters suggested to check and uncheck SSL 3.0 and that made the test not fail.

Reply | Quote

I think Noel may be on to something. Both win 7 computers on Group B done manually from MS catalog with 4012212 and 4012204 ONLY (no hotfix installed since it is needed if you had installed KB 4013073, “Forms in Dynamics CRM 2011 are broken after KB 4013073 for Internet Explorer 11 is installed”) seem to be OK with the SSL Labs test.

Reply | Quote

anonymous:    I think I replied to this msg. in another post……    Is there something wrong with the KB4016446 (hot patch)?    I haven’t seen anything about that or the other one that isn’t even on my list for Win7 (x64).     Thank you for any other information you may have on this one.

Reply | Quote

See the reply here https://www.askwoody.com/forums/topic/ie-security-update-kb-4012204-trips-a-logjam-security-test-warning/#post-106364

1 user thanked author for this post.

walker

Reply | Quote

PKCano:   Thank you for providing this link.    Just now trying to get caught up with everything  – – –  so my apologies.    Your help is always most appreciated, by me, and all of the others who have benefited greatly from your outstanding knowledge and expertise.    🙂

Reply | Quote

Walker, I think I saw your question about KB 4016446 and it wasn’t answered. As far as I can tell, based on the MS site, you don’t need the “hotfix” if you did not install KB 4013073.

https://support.microsoft.com/en-us/help/4016446/forms-in-dynamics-crm-2011-are-not-displayed-correctly-after-kb-401307    (yes the last 3 is missing).

“Forms in Microsoft Dynamics CRM 2011 are not displayed correctly after KB 4013073 is installed on a Windows system that is running Internet Explorer 11.”

Also if you are not using MS Dynamics 2011 does it really matter?

Hope this helps.

 

1 user thanked author for this post.

walker

Reply | Quote

@anonymous:   I think PKCano answered the question, however I appreciate you taking the time to reply to my question as well.   I appreciate all of the help I can get (being “totally computer illiterate).    Thank you for the information, and for taking the time to reply.    🙂

Reply | Quote

KB 4016446 is also applicable for those who installed the March 2017 monthly rollups. (I tested this on Windows 7.)

Reply | Quote

ARE THE MARCH IE SECURITY-ONLY PATCHES KB4012204 & KB4016446 SAFE?

Many Thanks as usual to you Woody and especially PK Cano for the March Windows Update Group B navigation!

Have done all you have advised and used PK’s excellent AKB article 2000003 to sort it.

Except the March IE Security-Only Patches.

Still not sure they’re safe.

As you advise I don’t use IE as a browser – Firefox is fine!

I do keep IE going because as PK says:
“IE is an integral part of Windows and, as such, needs to be updated even if you don’t use it. The system uses it. So yes, you need to apply the IE11 patches every month.”
<So are IE patches KB4012204 & KB4016446 really OK?
Or should I wait for another Hotfix of the Hotfix!
Cheers Mates!
sainty?⚓️⛵️??

Edited to remove HTML. Please convert your replies to text.

Reply | Quote

Yes, those March patches are safe.

1 user thanked author for this post.

walker

Reply | Quote

PHEW!

Thanks PK for your swift and clear response for this Non-Tekkie!

It was all going over my head with MSIP – Microsoft Induced Paranoia!

I don’t know how much Woody is paying you for your fine contributions but treble it!

Cheers Again!

sainty ?⚓️⛵️??

Reply | Quote

Thanks. We’re all volunteers here behind the scenes.

Reply | Quote

anonymous wrote:

Thanks PK for your swift and clear response for this Non-Tekkie! It was all going over my head with MSIP – Microsoft Induced Paranoia! I don’t know how much Woody is paying you for your fine contributions but treble it!

What a lovely thought!   🙂

Askwoody is funded by donations, and staffed by volunteers, who really appreciate your feedback.
https://www.askwoody.com/forums/topic/betanews-microsoft-is-disgustingly-sneaky-windows-10-isnt-an-operating-system-its-an-advertising-platform/#post-100800

Reply | Quote

Woody’s Happy Crew of Volunteers!
Fabulous!

Your good will, patience and expertise is so very much appreciated.
Especially by us non-tekkies navigating the low seas of Micro-Bergs!

Three Cheers from me and my little Win7 boat “Toshy”.
Safely sorted again!

sainty ?⚓️⛵️??

Reply | Quote