none
Sites in Trusted Sites zone still being warned about insecure Java since November cumulative IE update RRS feed

  • Question

  • Since the November cumulative IE 11 update was deployed to our users, we are getting reports of the users seeing prompts about running the outdated Java version on sites in the trusted zone. It was my understanding that the alert should not be triggered for sites in the Trusted sites zone.

    2 odd things I have noticed also:

    • Users who see this can click Run this time but it just regenerates the alert, and the user can never actually get Java to execute.
    • This only seems to affect existing user accounts/profiles. If a new domain user logs in, it does not do this.

    I confirmed the behavior started after the patch was applied. Anyone else seen this?

    Monday, December 1, 2014 9:34 PM

Answers

  • I opened a support call, and the cause is a defect in the November cumulative update for IE (MS14-065/KB3003057)

    When a client has this patch installed and the GPO setting "Turn off blocking of outdated ActiveX controls for Internet Explorer on specific domains" (in Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management) is applied, it causes this behavior.

    In our case we disabled the GPO with this setting. Support said it was hoped this would be fixed in the December cumulative IE update, but he could not promise that.

    Wednesday, December 3, 2014 4:58 PM

All replies

  • Windows verion(s) would be...?

    What "outdated Java versions" are installed (e.g., v1.8.0_24; v1.7.0_70; v1.6.0_14)?

    Does the behavior persist after (temporarily) uninstalling KB3003057, followed by a reboot?


    ~Robear Dyer (PA Bear) MS MVP-Windows Client since 2002 Disclaimer: MS MVPs neither represent nor work for Microsoft

    Monday, December 1, 2014 9:47 PM
  • We are experiencing the same bug but the behavior is not consistent across all endpoints.

    Uninstalling resolved the issue. We did add the remove update button reg and are testing the removal. 

    Confirming ADMX's are current.

    Tuesday, December 2, 2014 12:17 PM
  • Yes, the issue does persist after a reboot, but I have not tried uninstalling that update. I will test that.

    Specifically, we are testing with Java 6 versions (in my case update 43). This issue presents on both Windows 7 and 8.1. in my testing.


    • Edited by BryanCP Tuesday, December 2, 2014 12:29 PM
    Tuesday, December 2, 2014 12:18 PM
  • Like Eric, I just confirmed removal of the update "addresses" the issue. I am wondering if there is a problem with this update, but have a hard time believing this is just being noticed now 3 weeks after release.

    Tuesday, December 2, 2014 12:35 PM
  • Something in the versionlist.xml files in C:\Users\USerID\AppData\Local\Microsoft\Internet Explorer\VersionManager folder is the cause of this (which makes sense as this defines the out of date plugins). Removing it is another pseudo-fix for the issue.

    The real questions are:

    1. Why won't clicking "Run this time" work at all?
    2. Why is the site in question still being warned despite being listed in trusted sites?
    3. We have a GPO that is supposed to disable the Java Version blocking on our websites, but it does not seem to be working either. ???

    Bryan


    • Edited by BryanCP Tuesday, December 2, 2014 6:24 PM
    Tuesday, December 2, 2014 1:47 PM
  • HI Bryan,

    Do you have any errors in a gpupdate /force?

    Just checking if related; as we get

    Windows failed to apply the Internet Explorer Zonemapping settings. Internet Exp
    lorer Zonemapping settings might have its own log file. Please click on the "Mor
    e information" link.

    Wednesday, December 3, 2014 1:26 PM
  • I opened a support call, and the cause is a defect in the November cumulative update for IE (MS14-065/KB3003057)

    When a client has this patch installed and the GPO setting "Turn off blocking of outdated ActiveX controls for Internet Explorer on specific domains" (in Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management) is applied, it causes this behavior.

    In our case we disabled the GPO with this setting. Support said it was hoped this would be fixed in the December cumulative IE update, but he could not promise that.

    Wednesday, December 3, 2014 4:58 PM
  • FOLLOW-UP:

    Fixed in MS14-080 by:

    .

    KB3024033 is one of many GDR fixes included in the December 2014 Cumulative Security Update for Internet Explorer (MS14-80; KB3008923).


    ~Robear Dyer (PA Bear) MS MVP-Windows Client since 2002 Disclaimer: MS MVPs neither represent nor work for Microsoft

    Thursday, December 11, 2014 6:43 PM