Why is MS13-037 marked as superseded when Microsoft does not have it marked as superseded? In fact, it appears that MS13-037 is a prerequisite for MS13-038. If I apply MS13-038 without applying MS13-037 it breaks IE in some cases.
You are correct. I see the same thing in http://technet.microsoft.com/en-us/security/bulletin
. However, on this link if I check the box labeled “Show most recent updates only” I should not see MS13-037, but I do. Also, I get a spreadsheet from Microsoft that shows supersedence, and it does not show that MS13-037 was superseded.
Also, we are having an issue where the browser (IE8) will not connect, and then when clicking on tools/options, the following message returns:
“This operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator”. This problem seemed to occur after applying MS13-047. I removed IE8 and then applied MS13-037 and the problem was resolved. When I removed IE8 and applied MS13-047 without applying MS13-037 the problem occurred. I also found a post online that indicated that MS13-037 had to be applied before MS13-047.
I have tried to reproduce the scenario you have mentioned on Win XP SP3 +IE 8 environment, MS13-047 was installed without MS13-037 and IE 8 can work properly without any issue.
After installed MS13-047 patch, I checked with Windows Update and it did not show MS13-037 patch as required to the system though the MS13-037 patch can be installed.
As for the supersedence information, MS has 3 sources:
I am not seeing any supersedence at all on the update catalog. http://catalog.update.microsoft.com/v7/site/Home.aspx
I do see supersedence on the spreadsheet and the security bulletin web page. Although the filter on the security bulletin web page that is supposed to show only the most recent updates does not work very well.
The problem I was having was only with Windows XP. If MS13-038 was applied, without applying MS13-037, IE 8 broke. MS13-037 was superseded in Bigfix with the release of MS13-047. However, MS13-038 was not superdeded. Therefore, I was applying MS13-038 without first applying MS13-037 which in some cases, not all, broke IE 8. Last week Bigfix marked MS13-038 as superseded. So, I have stopped deploying SM13-038.
Applying MS13-048 fixed the broken instances of IE.
From http://catalog.update.microsoft.com/v7/site/Home.aspx
, you can enter the KB number (e.g: 2829530 for MS13-037) in the search filter and all the patches for this KB will be listed. Click on the link for any patch, you can see a image as attached. The supersedence information is stated in Package Details tab.
Yes, MS13-038 has been superseded by MS13-047 as well. It was missed out when MS13-037 was superseded. Since MS13-037 is the prerequisite for MS13-038, it may cause issues when only MS13-38 is available.