Browse by Tags

IEBlog

Windows Internet Explorer Engineering Team Blog
  • Blog Post: SSL, TLS and a Little ActiveX: How IE7 Strikes a Balance Between Security and Compatibility

    We’ve been talking for a long time about making sure IE7 is as secure as possible but still compatible with the Internet. The principle that helps us balance security and compatibility is to not impact existing websites unless we need to change IE to help protect end users. As we asked web developers...
  • Blog Post: Security Update for Windows Vulnerability in Vector Markup Language - Now Available

    Hi folks, my name is Geoff and I am a Program Manager with the IE team focusing on security updates. On Tuesday, Windows released a security update for a vulnerability in the Windows component VML (vector markup language) that can result in remote code execution running on an affected system. Although...
  • Blog Post: Anti-Phishing Accuracy Study

    As we’ve worked on the new Phishing Filter in IE7, we knew the key measure would be how effective it is in protecting customers. In addition to our internal tests, we wanted to find some external measure of our progress to date as well as pointing to ways we could improve. We didn’t know of a publicly...
  • Blog Post: Direct Animation Overflow and IE7

    A researcher posted a vulnerability against IE6 yesterday that uses random input to create a heap overflow in a Direct Animation object. Our team is testing a security update right now to fix this overflow, but in the meantime you can keep your systems safe from this vulnerability by disabling ActiveX...
  • Blog Post: IE7 Phishing Filter Update

    Greetings! I’m Raghava Kashyapa, Program Manager for the Microsoft Phishing Filter technology in IE7. As you might already know - it is important to use the latest versions of IE7 to get the benefits of all the changes we have made over the past year since the release of the first public beta. We...
  • Blog Post: Update Available for IE 5.01, IE 6.0 SP1, and IE 6.0 on Server 2003

    This morning we re-released three versions of our August 2006 cumulative security update (MS06-042). As I had written about before , the original release of MS06-042 introduced a new security vulnerability for IE 6.0 SP1 users which we addressed in a subsequent re-release. However, with the increased...
  • Blog Post: RSS Secure by Design

    One of the reasons we went to Blackhat last month was to show how the Security Development Lifecycle (SDL) has changed the way that Microsoft builds products. I talked about how we’re reducing attack surface with features like ActiveX opt-in, improving code quality and building-in Defense in Depth with...
  • Blog Post: Update Available for IE 6.0 SP1 Security Vulnerability

    This morning we re-released our August security update (MS06-042) for IE 6.0 SP1. This update is available through all of our normal release channels including Windows Update , Automatic Update, Download Center and our deployment tools such as WSUS. As I mentioned Tuesday , the original release of...
  • Blog Post: Update coming for IE 6.0 SP1 security vulnerability

    You may have read reports of a new, irresponsibly disclosed vulnerability that affects IE 6.0 SP1. We are aware of this issue and are actively working on an update that addresses the problem, which was introduced with our last security update (MS06-042). This issue only impacts customers running IE 6...
  • Blog Post: Script in Feeds, the IE7 Feed View and the Windows RSS Platform

    A presentation at Black Hat last week has sparked some discussion in the community. The presentation talks about the potential dangers of script in feeds. I posted on the RSS Team blog regarding the mitigations that are implemented in the IE7 Feed View and the Windows RSS Platform that specifically address...
  • Blog Post: IE August 2006 Security Update is now available

    The IE cumulative August 2006 security update is now available via Windows Update . Alternatively, you can receive this and all other Microsoft updates via the new Microsoft Update and I encourage you to upgrade to Microsoft Update if you haven’t already. This update addresses 8 security issues: 5...
  • Blog Post: A Note about the DHTML Editing Control in IE7+

    Hi, I’m B. Ashok, the Product Unit Manager for Web Development Tools – we have our own team blog ( http://blogs.msdn.com/webdevtools ), but I wanted to post over here to discuss a change my team has made which has an effect on users of IE7+ in Windows Vista. Specifically, we are removing the DHTML Editing...
  • Blog Post: Enforcement takes the fight to the phishers

    Hi, I’m Aaron Kornblum, Internet Safety Enforcement Attorney at Microsoft, and a member of Microsoft’s global team committed to help fight cybercrime and protect our customers while they are online. As a parent, former Air Force prosecutor and civil litigator, and now in-house corporate counsel focused...
  • Blog Post: IE ActiveX Update in June Security Update

    The June Security Update for IE also contains a non-security change to the handling of ActiveX controls; this is the same functionality that was contained in the April IE Security update . However, unlike the April release, there is no publicly available Compatibility Patch. If your company has issues...
  • Blog Post: IE June 2006 Security Update is now available

    The IE cumulative June 2006 security update is now available via Windows Update . Alternatively, you can receive this and all other Microsoft updates via the new Microsoft Update and I encourage you to upgrade to Microsoft Update if you haven’t already. This update addresses 8 security issues: 5 remote...
  • Blog Post: A Caching Issue in IE7 Beta 2

    Hello, Eric Lawrence here from the IE Networking team. I’ve seen a few bug reports and blog comments regarding an observed change in IE7 Beta 2’s caching behavior, and I wanted to post a quick explanation about the situation and assure you that it will be resolved in the next beta. In IE7 Beta 2,...
  • Blog Post: User Privacy and the Phishing Filter

    When we shipped the Microsoft Phishing Filter in Internet Explorer 7 Beta 1, many readers on the blog asked: if the Phishing Filter is checking suspicious URLs against a web service, how would Microsoft protect user privacy? We know that for customers to benefit from the work we put into the Phishing...
  • Blog Post: IE ActiveX Update in April Security Update

    Just a notice that the April Security Update for IE also contains a non-security change to the handling of ActiveX controls, as we’ve previously mentioned . Again, due to the nature of this topic, we are not taking comments on this post. - Tony Chor
  • Blog Post: IE April 2006 Security Update is now available

    The IE April 2006 security update is now available! This security update is now available via Windows Update . Alternatively, you can receive this and all other Microsoft updates available via the new Microsoft Update . I would encourage you to upgrade to Microsoft Update if you haven’t already. This...
  • Blog Post: New info on IE ActiveX update

    For new information on the IE ActiveX Update, please see Mike Nash’s announcement . Due to the sensitive nature of this issue, we are not taking comments on this post. Thanks for your understanding. - Tony Chor
  • Blog Post: Safety First at Mix06

    I’m really excited for my talk tomorrow here at Mix06 . This conference feels more like a party than work. We’re free from the blue-shirt uniform of normal conferences and I’ve tried to make my talk all content - no slides (ok, there are a few slides for folks who don’t see the live show). I’m trying...
  • Blog Post: Security tweaks in IE7

    As we’ve described previously, we’ve made some major architectural improvements to improve browsing security in Internet Explorer 7, including Protected Mode , Phishing Filter , Enhanced Validation SSL , and other features in support of our overall security strategy . Our commitment...
  • Blog Post: Fix My Settings in IE7

    Hi, this is Max and Uche from the user experience team. We want to talk to you about what we call the Fix My Settings feature. You will encounter this if you set your security settings to an insecure state whilst in the Internet or Restricted zone. When you choose an insecure setting two things will...
  • Blog Post: Windows Vista and Parental Controls in IE7

    Hello World! I’m Sharon Cohen, Program Manager for parental controls in IE7. If you haven’t heard about Windows Vista Parental Controls, be sure to read Brian’s blog post which gives a great overview of the feature. I’d like to fill you in on the great features IE7 adds to Windows Vista Parental Controls...
  • Blog Post: Application Compatibility Logging In IE7

    As Rob pointed out in his last blog post on security and compatibility in IE7 , one of the biggest challenges in software development is making the software secure and compatible at the same time. In IE7, we have many new security features that help protect users against various attacks by blocking certain...
Page 6 of 7 (163 items) «34567