Browse by Tags

IEBlog

Internet Explorer Team Blog
  • Blog Post: April 2014 Internet Explorer Updates

    Microsoft Security Bulletin MS14-018 - Critical This security update resolves six privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully...
  • Blog Post: IE 9.0.1 Available via Windows Update

    The June 2011 Cumulative Security Update for Internet Explorer is now available via Windows Update . This security update resolves seven vulnerabilities in Internet Explorer that were disclosed in coordination with Microsoft. The vulnerabilities could allow remote code execution if a user visits a...
  • Blog Post: February 2011 Cumulative Security Update for Internet Explorer Now Available

    The February 2011 Cumulative Security Update for Internet Explorer is now available via Windows Update . This security update resolves two privately reported vulnerabilities and two publicly disclosed vulnerabilities in Internet Explorer. The vulnerabilities could allow remote code execution if a user...
  • Blog Post: Suggested Sites & Privacy

    The IE8 feature Suggested Sites helps you discover related sites that can be helpful to get more information about your interests. Under the hood, Suggested Sites is a system that provides suggestions by using a collection of users’ visited sites. You may be wondering how Suggested Sites works with the...
  • Blog Post: Trustworthy Browsing with IE8: Summary

    Back in June, Dean Hachamovitch kicked off a series of blog posts explaining how the IE team approached the task of building a trustworthy browser. Trustworthiness is the foundation of Internet Explorer 8, and we’ve worked hard to deliver a product with improved security, reliability and privacy, while...
  • Blog Post: Privacy Beyond Blocking Cookies: Bringing Awareness to Third-Party Content

    Previous posts have covered trustworthy principles in general and some product specifics as well. Privacy is an important part of trustworthy computing. This post discusses one aspect of privacy on the web: third-party content. When most people browse the web, they think what they see in the address...
  • Blog Post: IE8 and Privacy

    As others have written here before, users should be in control of their information. That’s at the core of privacy. Privacy has two aspects: disclosure and choice. Disclosure means informing users in plain language about the data collected about them and how it’s used. Choice means putting users in control...
  • Blog Post: Securing Cross Site XMLHttpRequest

    As I mentioned in my post on Cross Document Messaging , client side cross domain request is an important area of interest for AJAX developers looking for ways to avoid expensive server side proxying calls. While Cross Document Messaging is useful for allowing third party components or gadgets embedded...
  • Blog Post: IE8 Security Part I: DEP/NX Memory Protection

    Hi, I’m Eric Lawrence from the Internet Explorer Security Team. With the RSA security conference kicking off this week, I wanted to start sharing more information about the security features and benefits of Internet Explorer 8 Beta 1. Over the next several weeks, we’ll blog in greater detail about some...
  • Blog Post: Using Frames More Securely

    HTML frames (FRAMESETs and IFRAMEs) are a feature of all modern web browsers that enable content from multiple pages to be displayed within a single view. Historically, frames were primarily used to enable partial page updates, where page navigation was contained in one frame, and page content was contained...
  • Blog Post: Developing Safer ActiveX Controls Using the Sitelock Template

    Last Friday, Microsoft released a new version of the SiteLock Template for ActiveX Controls . The SiteLock template helps ensure that controls you’ve developed for use on your websites cannot be repurposed and used by other (potentially malicious) websites. Why use the SiteLock template? Under the...
  • Blog Post: Good Practices for ActiveX Updates

    One of the most important activities we do in the software industry is service our customers through software updates. Like any other binary software, ActiveX controls often need to be updated with bug fixes and new functionality. So what is the best way to get updates to our customers? Steve, from...
  • Blog Post: New Training and Whitepaper on Internet Explorer 7 Security Now Available

    A while ago I talked about Internet Explorer sessions we were giving at Tech-Ed 2007 . And while it was a great pleasure for me to see many of you there, not everyone could make it to Tech-Ed. Working with TechNet’s IT Showtime, we’ve made my presentation Windows Internet Explorer 7 Security In-Depth...
  • Blog Post: Extended Validation Guidelines v1 Released!

    I’ve talked several times in the past about Extended Validation SSL certificates and how they are a great step forward in establishing verified identity for websites. It is therefore with great pleasure that I am writing today about the official ratification of the EV Guidelines v1.0 by the Certification...
  • Blog Post: Follow Up to Internet Explorer May 2007 Security Update

    After downloading the Internet Explorer Cumulative Security Update for May 2007, some users have experienced an unexpected “Save File” security dialog upon launching Internet Explorer. This might occur when the “Temporary Internet Files” folder is moved to a custom location and Internet Explorer does...
  • Blog Post: This Website Wants to Run the Following Add-on

    You may have encountered a warning similar to the following when browsing web sites with IE7: This website wants to run the following add-on: ‘MSXML 5.0’ from ‘Microsoft Corporation’. If you trust this website and the add-on and want to allow it to run, click here… The same warning may appear...
  • Blog Post: Extended Validation (EV) SSL and Small Businesses

    I’m Markellos Diorinos, and I am a product manager with the Internet Explorer team. Yesterday I read a story in the Wall St. Journal about how some small businesses, such as the featured Aunt Joy, will receive a lump of coal this Christmas, as they are unable to get the new EV SSL Certificates. Kelvin...
  • Blog Post: More Thoughts on Measuring Anti-Phishing Accuracy

    Some of you may have seen stories comparing IE7’s anti-phishing accuracy with our competitors, citing different studies than the one I blogged about earlier that showed IE7’s Phishing Filter had the best overall accuracy. Paul Robichaux, from 3Sharp (the company that ran the study I cited), provides...
  • Blog Post: How I'll Judge IE7 Security

    As an engineer, I’m proud of the protections we delivered by finishing IE7 but I want to set your expectations that we didn’t and, never will, reach perfection. There have been a few posts on ways to steal data or spoof URLs in IE7 but they really don’t detract from a very simple truth: IE7 will be more...
  • Blog Post: Improving SSL: Extended Validation (EV) SSL Certificates Coming in January

    Hi, I’m Kelvin Yiu, a program manager with the Windows Crypto team, and I’m very excited to be posting today on the IE blog, announcing plans to make Extended Validation (EV) SSL Certificates available in January 2007. For over a year, we’ve been working on shaping the form of the next generation...
  • Blog Post: SSL, TLS and a Little ActiveX: How IE7 Strikes a Balance Between Security and Compatibility

    We’ve been talking for a long time about making sure IE7 is as secure as possible but still compatible with the Internet. The principle that helps us balance security and compatibility is to not impact existing websites unless we need to change IE to help protect end users. As we asked web developers...
  • Blog Post: Security Update for Windows Vulnerability in Vector Markup Language - Now Available

    Hi folks, my name is Geoff and I am a Program Manager with the IE team focusing on security updates. On Tuesday, Windows released a security update for a vulnerability in the Windows component VML (vector markup language) that can result in remote code execution running on an affected system. Although...
  • Blog Post: Anti-Phishing Accuracy Study

    As we’ve worked on the new Phishing Filter in IE7, we knew the key measure would be how effective it is in protecting customers. In addition to our internal tests, we wanted to find some external measure of our progress to date as well as pointing to ways we could improve. We didn’t know of a publicly...
  • Blog Post: IE7 Phishing Filter Update

    Greetings! I’m Raghava Kashyapa, Program Manager for the Microsoft Phishing Filter technology in IE7. As you might already know - it is important to use the latest versions of IE7 to get the benefits of all the changes we have made over the past year since the release of the first public beta. We...
  • Blog Post: RSS Secure by Design

    One of the reasons we went to Blackhat last month was to show how the Security Development Lifecycle (SDL) has changed the way that Microsoft builds products. I talked about how we’re reducing attack surface with features like ActiveX opt-in, improving code quality and building-in Defense in Depth with...
Page 1 of 2 (45 items) 12