Summary
Microsoft has released a security advisory about this issue for IT professionals. The security advisory contains additional security-related information. To learn more about the vulnerability, go to advisory 4025685.
Guidance for older platforms
This section summarizes resources for customers who are running Windows XP, Windows Vista, Windows 8, or Windows Server 2003. At the time of release of this advisory (June 13, 2017), these platforms are no longer in mainstream or extended support. To determine the support life cycle for your software version or edition, see Microsoft Support Lifecycle.
Note This update does not check for Windows Genuine Advantage status.
For customers on these older platforms, the following tables provide information to manually download applicable security updates. Microsoft’s decision to release security updates for the additional platforms today should not be interpreted as a change in policy. Customers are encouraged to upgrade to a supported platform.
Vulnerability information
For more information about individual vulnerabilities addressed by these releases, follow the links at the top of each column.
Older platforms table 1 of 3
|
Operating system |
||||||
|
Windows XP |
||||||
|
Windows XP Service Pack 3 |
Not affected |
Not affected |
||||
|
Microsoft Windows XP Professional x64 Edition Service Pack 2 |
Not affected |
Not affected |
||||
|
Windows Server 2003 |
||||||
|
Windows Server 2003 Service Pack 2 |
Not affected |
|||||
|
Windows Server 2003 x64 Edition Service Pack 2 |
Not affected |
|||||
|
Windows Vista |
||||||
|
Windows Vista Service Pack 2 |
Not affected |
Not affected |
Not affected |
|||
|
Windows Vista x64 Edition Service Pack 2 |
Not affected |
Not affected |
Not affected |
|||
|
Windows 8 |
||||||
|
Windows 8 for 32-bit Systems |
Not affected |
Not affected |
Not affected |
Not affected |
||
|
Windows 8 for x64-based Systems |
Not affected |
Not affected |
Not affected |
Not affected |
||
Older platforms table 2 of 3
|
Operating system |
||||||
|
Windows XP |
||||||
|
Windows XP Service Pack 3 |
Internet Explorer 8 |
Not affected |
||||
|
Microsoft Windows XP Professional x64 Edition Service Pack 2 |
Internet Explorer 8 |
Not affected |
||||
|
Windows Server 2003 |
||||||
|
Windows Server 2003 Service Pack 2 |
Mitigated in default scenarios [1] |
Not affected |
||||
|
Windows Server 2003 x64 Edition Service Pack 2 |
Mitigated in default scenarios [1] |
Not affected |
||||
|
Windows Vista |
||||||
|
Windows Vista Service Pack 2 |
Not affected |
Internet Explorer 9 |
Not affected |
Not affected |
||
|
Windows Vista x64 Edition Service Pack 2 |
Not affected |
Internet Explorer 9 |
Not affected |
Not affected |
||
|
Windows 8 |
||||||
|
Windows 8 for 32-bit Systems |
Not affected |
Internet Explorer 10 |
Not affected |
Not affected |
||
|
Windows 8 for x64-based Systems |
Not affected |
Internet Explorer 10 |
Not affected |
Not affected |
||
[1] - By default, Internet Explorer on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2 runs in a restricted mode that is known as Enhanced Security Configuration. Enhanced Security Configuration is a group of preconfigured settings in Internet Explorer that can reduce the likelihood of a user or administrator downloading and running specially crafted web content on a server. This is a mitigating factor for websites that you have not added to the Internet Explorer Trusted sites zone.
Older platforms table 3 of 3
|
Operating system |
|||
|
Windows XP |
|||
|
Windows XP Service Pack 3 |
|||
|
Microsoft Windows XP Professional x64 Edition Service Pack 2 |
|||
|
Windows Server 2003 |
|||
|
Windows Server 2003 Service Pack 2 |
|||
|
Windows Server 2003 x64 Edition Service Pack 2 |
|||
|
Windows Vista |
|||
|
Windows Vista Service Pack 2 |
Not affected |
||
|
Windows Vista x64 Edition Service Pack 2 |
Not affected |
||
|
Windows 8 |
|||
|
Windows 8 for 32-bit Systems |
Not affected |
||
|
Windows 8 for x64-based Systems |
Not affected |
||
Frequently asked questions
I am running Internet Explorer on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, or Windows Server 2012 R2. Does this mitigate these vulnerabilities?
Yes. By default, Internet Explorer on Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2 runs in a restricted mode that is known as Enhanced Security Configuration. Enhanced Security Configuration is a group of preconfigured settings in Internet Explorer that can reduce the likelihood of a user or administrator downloading and running specially crafted web content on a server. This is a mitigating factor for websites that you have not added to the Internet Explorer Trusted sites zone.
Are these new releases for these platforms?
No. To help customers understand support for all platforms related to these updates we have assembled this page to discuss operating system versions that are in mainstream or extended support.
My operating system version is not listed here. Are updates available for other versions?
For newer operating systems still in mainstream or extended support, refer to this page. For other variations of operating systems listed above (i.e., RTM or different service pack levels), there are no updates available. Customers should update to the latest service pack version to receive security updates.
