After you install security update 961260 (MS09-002) on a computer that is running Windows Vista or Windows Server 2008, you may experience a problem when you visit some Web pages that are in different Internet Explorer security zones. When the problem occurs, you receive a message that resembles the following: This problem occurs if the navigation causes Protected Mode settings to change from On to Off. You can determine which Internet Explorer security zone a Web page is in by looking at the status bar at the bottom of the Internet Explorer 7 window.

This problem occurs because Internet Explorer 7 switches Protected Mode settings when certain Web pages are configured in the Trusted Sites area of the Security tab of the Internet Options dialog box. By default, Protected Mode is set to Off for Web sites that are configured in the Trusted Sites area.

Security update information

To resolve this problem, install the most current cumulative security update for Internet Explorer. To install the most current updates, visit the following Microsoft Web site: For more technical information about the most current cumulative security update for Internet Explorer, visit the following Microsoft Web site: Note This update was first included in security update 963027 (MS09-014). For more information, click the following article number to view the article in the Microsoft Knowledge Base: Note If you previously applied either of the following workarounds that were previously documented in this article, you must remove the specific workaround.

Undo workaround method 3: Disable Protected Mode for the "Trusted Sites" zone

1. Click Start
   Collapse this imageExpand this image

   
   , type Internet Options in the Start Search box, and then click Internet Options in the Programs list.
2. Click the Security tab, and then click Trusted Sites in the Select a zone to view or change security settings area.
3. Click to clear the Enabled Protected Mode (requires restarting Internet Explorer) check box, and then click OK.
4. Restart Internet Explorer.

Undo workaround method 4: Edit the registry to disable a Feature Control key that will enable the functionality that was introduced in security update 961260 (MS09-002)

To do this, modify the DWORD value that is named iexplore.exe and set its value to 1 in the following registry subkey:

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:

1. Click Start
   Collapse this imageExpand this image

   
   , type regedit in the Start Search box, and then click regedit.exe in the Programs list.
   
   
   Collapse this imageExpand this image

   
   If you are prompted for an administrator password or confirmation, type your password or click Continue.
2. Locate and then click the following subkey in the registry:
   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ABOUT_PROTOCOL
   Note If the "FEATURE_RESTRICT_ABOUT_PROTOCOL" subkey does not exist, you do not need to go further because the specific workaround has not bee applied to the computer.
3. In the details pane, right-click iexplore.exe, and then click Modify.
4. In the Value data box, type 1, and then click OK.
5. Exit Registry Editor.
6. Restart Internet Explorer.

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

For more information about security update 961260 (MS09-002), click the following article number to view the article in the Microsoft Knowledge Base: