Microsoft Security Update KB2744842, issued on September 21, 2012, prevents Internet Explorer 9 from remotely executing possibly malicious executable code contained in web pages. This security update prevents the Java applets used to display the G3 graphics from being downloaded into the browser.
After this security update is installed the graphic page will be displayed as a blank white page with or without a boxed red X in the upper left corner of the graphic page.
For more information on the vulnerability, refer to Microsoft Security Bulletin MS12-063, available from the Microsoft web site.
Use of alternate web browsers such as Google Chrome or Mozilla Firefox are not affected by the installation of this update.
TAC I/A Series
I/A Series G3 ENS or ENC with web access
Internet Explorer 9 being used to display the graphics pages.
Microsoft security update prevents Internet Explorer 9 from executing potential malware infected modules.
If the ENC or ENS station is running the I/A Series G3 software release 3.4 or earlier, there is no module upgrade available to correct the issue.
A new web.jar module is available that allows Internet Explorer 9 to download and execute the Java applets used when displaying I/A Series G3 graphics.
If the site is running G3 release 3.5.34, you will need to upgrade to release 3.5.39 with the latest security patches before installing the 3.5.403 web.jar file.
If the ENC or ENS station is running I/A Series G3 release 3.5.39, upgrade the web.jar to release 18.104.22.168.
If the ENC or ENS station is running I/A Series G3 release 3.6.x, upgrade the web.jar to release 22.214.171.124.
The upgraded web jar files are available on The Exchange Download Center.
After installing the new web.jar module, the following cache folders must be cleared on any computer that has been used to attempt to view the G3 graphics from an unpatched G3 station running on an ENC or on an ENS-1 system.
Clear the IE9 "temporary internet files" cache using the following procedure:
- From within Internet Explorer 9, select Internet Options from the Tools menu.
- On the General tab, select Browsing History then click [Delete].
- Uncheck all check boxes except "Temporary internet files" then click [Delete].
- Close the Internet Options window.
Delete the wbapplet cache folder. The location of the folder is //users/
/niagara where is the login name of the current Windows user. This folder can be accessed by typing the location into the Windows search box on the Windows Start menu.
Clear the Java browser cache using the following procedure:
- Open Java from the Windows control panel.
- Click the [About] button on the General tab to verify what version of Java is installed.
- If running Java 6, On the General tab, in the "Temporary Internet Files" section of the window, click [Settings] then in the "Delete Temporary Files" window, make sure that "Downloaded Applets" and "Downloaded Applications" checkboxes are checked then click [ok] to delete the files. When the delete process is complete, click [ok] to exit..
- If running Java 7, On the General tab, in the "Temporary Internet Files" section of the window, click [Delete Files...] then make sure that "Downloaded Applets" and "Downloaded Applications" checkboxes are checked then click [ok].
- Close the Java Control Panel window.
Note: These three caches must be cleared regardless of the browser being used if the web.jar file is been updated on the ENS or ENC being accessed. If accessing some systems with the old web.jar file and some systems with the new web.jar file, it may be necessary to clear these caches any time you switch from accessing a system with the old web.jar file to a system with the new web.jar file.
There are two ways to resolve the issue when running G3 release 3.4 or earlier:
- Upgrade the installation to a newer I/A Series G3 software release (3.5.x or 3.6.x or when available, 3.7.x). This is the preferred option because these newer releases correct many known issues with the release 3.4 and earlier versions.
- Use a browser that is not affected by the Microsoft Security update. The known unaffected browsers include Mozilla Firefox, Google Chrome and Microsoft Internet Explorer version 7 or 8.