Browse by Tags

IEBlog

Internet Explorer Team Blog
  • Blog Post: Enriching the Web Safely: How to Create Application Protocol Handlers

    Over the past few days, we’ve gotten several questions from customers about how you can invoke third-party applications on Windows by specially-crafted URLs that invoke Application URL protocol handlers (Firefox’s “firefoxurl:” has been the most discussed example). I wanted to provide some additional...
  • Blog Post: Extended Validation Guidelines v1 Released!

    I’ve talked several times in the past about Extended Validation SSL certificates and how they are a great step forward in establishing verified identity for websites. It is therefore with great pleasure that I am writing today about the official ratification of the EV Guidelines v1.0 by the Certification...
  • Blog Post: IE June Security Update is Now Available

    The IE Cumulative Security Update for June 2007 is now available via Windows Update . Alternatively, you can receive this and all other Microsoft updates via the new Microsoft Update . I encourage you to upgrade to Microsoft Update if you haven’t already to ensure that you receive the latest updates...
  • Blog Post: Follow Up to Internet Explorer May 2007 Security Update

    After downloading the Internet Explorer Cumulative Security Update for May 2007, some users have experienced an unexpected “Save File” security dialog upon launching Internet Explorer. This might occur when the “Temporary Internet Files” folder is moved to a custom location and Internet Explorer does...
  • Blog Post: IE May 2007 Security Update Available Now

    Good morning everyone, I am pleased to announce that the IE Cumulative Security Update for May 2007 is now available via Windows Update . Alternatively, you can receive this and all other Microsoft updates via the new Microsoft Update . I encourage you to upgrade to Microsoft Update if you haven’t already...
  • Blog Post: This Website Wants to Run the Following Add-on

    You may have encountered a warning similar to the following when browsing web sites with IE7: This website wants to run the following add-on: ‘MSXML 5.0’ from ‘Microsoft Corporation’. If you trust this website and the add-on and want to allow it to run, click here… The same warning may appear...
  • Blog Post: IE February 2007 Security Update is Now Available

    The IE cumulative February 2007 security update is now available via Windows Update . Alternatively, you can receive this and all other Microsoft updates via the new Microsoft Update . I encourage you to upgrade to Microsoft Update if you haven’t already. This update addresses 3 security issues –...
  • Blog Post: Security Update for Windows Vulnerability in Vector Markup Language

    Hi folks, this is Geoff again, IE Program Manager focused on security updates. A Windows Security Update was released today for a vulnerability in the Windows VML (vector markup language) component that can result in remote code execution. Although this is not an IE code vulnerability, we feel it is...
  • Blog Post: Extended Validation (EV) SSL and Small Businesses

    I’m Markellos Diorinos, and I am a product manager with the Internet Explorer team. Yesterday I read a story in the Wall St. Journal about how some small businesses, such as the featured Aunt Joy, will receive a lump of coal this Christmas, as they are unable to get the new EV SSL Certificates. Kelvin...
  • Blog Post: IE December 2006 Security Update is Now Available

    The IE cumulative December 2006 security update is now available via Windows Update . Alternatively, you can receive this and all other Microsoft updates via the new Microsoft Update . I encourage you to upgrade to Microsoft Update if you haven’t already. This update addresses 4 security issues: 2...
  • Blog Post: IE November 2006 Security Update Now Available

    The IE cumulative November 2006 security update is now available via Windows Update . Alternatively, you can receive this and all other Microsoft updates via the new Microsoft Update and I encourage you to upgrade to Microsoft Update if you haven’t already. This update addresses 2 security issues...
  • Blog Post: More Thoughts on Measuring Anti-Phishing Accuracy

    Some of you may have seen stories comparing IE7’s anti-phishing accuracy with our competitors, citing different studies than the one I blogged about earlier that showed IE7’s Phishing Filter had the best overall accuracy. Paul Robichaux, from 3Sharp (the company that ran the study I cited), provides...
  • Blog Post: How I'll Judge IE7 Security

    As an engineer, I’m proud of the protections we delivered by finishing IE7 but I want to set your expectations that we didn’t and, never will, reach perfection. There have been a few posts on ways to steal data or spoof URLs in IE7 but they really don’t detract from a very simple truth: IE7 will be more...
  • Blog Post: Update Released for Some Versions of MSXML

    We want you to know that some IE7 and Windows Vista users will need today’s security update for MSXML even though by default Windows XP and Windows Vista are not affected. Many applications install and use versions 4 and the original version 6 of the control as a part of the XML Core Services. The...
  • Blog Post: Improving SSL: Extended Validation (EV) SSL Certificates Coming in January

    Hi, I’m Kelvin Yiu, a program manager with the Windows Crypto team, and I’m very excited to be posting today on the IE blog, announcing plans to make Extended Validation (EV) SSL Certificates available in January 2007. For over a year, we’ve been working on shaping the form of the next generation...
  • Blog Post: IE7 and High Assurance at RSA Europe

    One of the best parts of IE7 is actually yet to come. High Assurance SSL certificates, now known as Extended Validation certificates are a critical part of our strategy to help customers avoid online fraud like phishing scams We’ve been hard at work with the other browsers and certification authorities...
  • Blog Post: An IE7 Security Vulnerability?

    Some people are discussing a recently announced security vulnerability that they claim is found in Internet Explorer 7 on Windows XP SP2 systems. While it is true that a vulnerability exists, the vulnerability is not actually in any components of IE7, although the attack vector makes it appear that...
  • Blog Post: SSL, TLS and a Little ActiveX: How IE7 Strikes a Balance Between Security and Compatibility

    We’ve been talking for a long time about making sure IE7 is as secure as possible but still compatible with the Internet. The principle that helps us balance security and compatibility is to not impact existing websites unless we need to change IE to help protect end users. As we asked web developers...
  • Blog Post: Security Update for Windows Vulnerability in Vector Markup Language - Now Available

    Hi folks, my name is Geoff and I am a Program Manager with the IE team focusing on security updates. On Tuesday, Windows released a security update for a vulnerability in the Windows component VML (vector markup language) that can result in remote code execution running on an affected system. Although...
  • Blog Post: Anti-Phishing Accuracy Study

    As we’ve worked on the new Phishing Filter in IE7, we knew the key measure would be how effective it is in protecting customers. In addition to our internal tests, we wanted to find some external measure of our progress to date as well as pointing to ways we could improve. We didn’t know of a publicly...
  • Blog Post: Direct Animation Overflow and IE7

    A researcher posted a vulnerability against IE6 yesterday that uses random input to create a heap overflow in a Direct Animation object. Our team is testing a security update right now to fix this overflow, but in the meantime you can keep your systems safe from this vulnerability by disabling ActiveX...
  • Blog Post: IE7 Phishing Filter Update

    Greetings! I’m Raghava Kashyapa, Program Manager for the Microsoft Phishing Filter technology in IE7. As you might already know - it is important to use the latest versions of IE7 to get the benefits of all the changes we have made over the past year since the release of the first public beta. We...
  • Blog Post: Update Available for IE 5.01, IE 6.0 SP1, and IE 6.0 on Server 2003

    This morning we re-released three versions of our August 2006 cumulative security update (MS06-042). As I had written about before , the original release of MS06-042 introduced a new security vulnerability for IE 6.0 SP1 users which we addressed in a subsequent re-release. However, with the increased...
  • Blog Post: RSS Secure by Design

    One of the reasons we went to Blackhat last month was to show how the Security Development Lifecycle (SDL) has changed the way that Microsoft builds products. I talked about how we’re reducing attack surface with features like ActiveX opt-in, improving code quality and building-in Defense in Depth with...
  • Blog Post: Update Available for IE 6.0 SP1 Security Vulnerability

    This morning we re-released our August security update (MS06-042) for IE 6.0 SP1. This update is available through all of our normal release channels including Windows Update , Automatic Update, Download Center and our deployment tools such as WSUS. As I mentioned Tuesday , the original release of...
Page 6 of 8 (180 items) «45678