Internet Explorer Team Blog

  • IEBlog

    Security Update for Windows Vulnerability in Vector Markup Language - Now Available

    Hi folks, my name is Geoff and I am a Program Manager with the IE team focusing on security updates. On Tuesday, Windows released a security update for a vulnerability in the Windows component VML (vector markup language) that can result in remote code execution running on an affected system. Although this is not an IE vulnerability, we feel it is important to mention here, as IE can be used as an attack vector for the exploit. The VML team and MSRC have investigated the issue, produced a fix, and...
  • IEBlog

    Anti-Phishing Accuracy Study

    As we’ve worked on the new Phishing Filter in IE7, we knew the key measure would be how effective it is in protecting customers. In addition to our internal tests, we wanted to find some external measure of our progress to date as well as pointing to ways we could improve. We didn’t know of a publicly available study covering the area, only some internal and media product reviews. (We’ve blogged a few times about the new Phishing Filter in IE7; in addition to these technical details we published...
  • IEBlog

    More Add-Ons: NewsGator Desktop Sync (Beta)

    Add-ons for the IE platform are more than just toolbars, custom browsers and find-on-page add-ons . The edges of what you can do with the platform are virtually unlimited. Earlier this year at Mix06 , Greg Reinacker and Walter VonKoch demo’d a tool for synchronizing the RSS platform state with your NewsGator online account. On Monday, Nick Harris (no relation) at NewsGator announced that the tool, renamed “NewsGator Desktop Sync” is available for general beta. From his post: “Desktop Sync...
  • IEBlog

    September Chat Transcript Now Available

    Hey all, Here’s the link to the transcript for the September Expert chat: . We will be holding another chat in November for those of you who couldn’t make this one. Information about our upcoming chats can be found at: Cheers, Uche Enuha Program Manager
  • IEBlog

    The IE7 User-Agent String

    In April 2005, we blogged about the new Internet Explorer 7 User Agent string sent to websites by the browser to identify itself. Since our original blog posting, we have also posted two new articles on the topic to MSDN: Understanding User-Agent Strings , and Best Practices for detecting the Internet Explorer version . A quick recap: On Windows XP SP2, IE7 will send the following User-Agent header: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1) On Windows 2003 Server, IE7 will send the following...
  • IEBlog

    IE7 Dialog Sizes - A Quick Update

    This is just a follow up to my recent post about dialog sizing in IE7 . Based on your feedback regarding the minimum dialog height restrictions, my team re-evaluated our position and changed the minimum height from 150 to 100 pixels. We think this change: Reduces application compatibility issues where dialogs were coded to the IE6 minimum height Is more consistent with other browsers’ minimum height providing more consistency for content developers Again, we appreciate your constructive...
  • IEBlog

    Direct Animation Overflow and IE7

    A researcher posted a vulnerability against IE6 yesterday that uses random input to create a heap overflow in a Direct Animation object. Our team is testing a security update right now to fix this overflow, but in the meantime you can keep your systems safe from this vulnerability by disabling ActiveX controls in the internet zone. If you’re a desktop administrator responsible for a set of desktops, you can publish a more tactical fix by disabling the control. If you have the ability to set registry...
  • IEBlog

    IE7 Phishing Filter Update

    Greetings! I’m Raghava Kashyapa, Program Manager for the Microsoft Phishing Filter technology in IE7. As you might already know - it is important to use the latest versions of IE7 to get the benefits of all the changes we have made over the past year since the release of the first public beta. We made improvements to the client based on feedback and want to ensure users use these new and improved builds of the browser. The impact of these improvements means that older IE7 beta versions prior to...
  • IEBlog

    CreateURLMoniker Considered Harmful

    While working on IE7 application compatibility, we’ve seen many cases of interesting and strange invalid file URIs. I believe a substantial amount of responsibility for the confusion over file URIs lies with the deprecated urlmon.dll function CreateURLMoniker. This function is used by Windows application developers mainly to convert a string URI into an object that can be used to obtain the data represented by the URI. CreateURLMoniker does a couple of horrible things to file URIs that if misused...
  • IEBlog

    Update Available for IE 5.01, IE 6.0 SP1, and IE 6.0 on Server 2003

    This morning we re-released three versions of our August 2006 cumulative security update (MS06-042). As I had written about before , the original release of MS06-042 introduced a new security vulnerability for IE 6.0 SP1 users which we addressed in a subsequent re-release. However, with the increased scrutiny this release received, a security researcher responsibly disclosed to us that a similar vulnerability was also discovered in IE5.01 on Windows 2000, IE 6.0 SP1 (in a different location), and...
  • IEBlog

    RSS Secure by Design

    One of the reasons we went to Blackhat last month was to show how the Security Development Lifecycle (SDL) has changed the way that Microsoft builds products. I talked about how we’re reducing attack surface with features like ActiveX opt-in, improving code quality and building-in Defense in Depth with Protected Mode . I didn’t get a chance to cover the new RSS feed support but I think the RSS team’s work is a great example for anyone building a new client to handle RSS feeds and a case study in...
  • IEBlog

    September IE Expert Zone Chat

    Just wanted to remind everyone that the IE team will be having our Expert Zone chat on Thursday September 14 th at 10.00AM PDT (5.00PM GMT). We’ll also post the transcript shortly after the chat for those of you who can’t make it. Cheers, Uche Enuha Program Manager
  • IEBlog

    Extending IE Quick and Dirty

    As a scripting junkie at heart, I set out to write an extension in script for IE7: inline search – searching the document for text while I type. Before you get too excited, this does not replace the Find functionality in IE7. It’s just me getting excited about scripting. After investigating the different places I could extend IE with script, I decided to implement inline search as a context menu . All I had to do was create an HTML or JavaScript file with my script in it and add keys to the registry...
  • IEBlog

    IE Developer Center Refresh

    We've just completed a redesign and refresh of the IE Developer Center on MSDN. The goal is to make it easier to find IE related developer content and even includes an updated photo of me with the neon blue 'e' behind me that you can find in the lobby of our building on the Redmond campus! We've worked to make some of the essential links such as reference material easier to find and we will be promoting different content on the front page regularly making it well worth visiting on a regular basis...
  • IEBlog

    Search in IE7 RC1

    Last time I posted about search I talked about our new extensibility mechanisms: window.external.AddSearchProvider, and Search Discovery . Today I’d like to talk about enhancements we made since that post, and point you to a tool that you can use to create your own custom providers. To recap the last post: In Beta 2, window.external.AddSearchProvider gave website authors the ability to put a link on their page to prompt users to add a new search provider. We locked this call down using logic similar...
  • IEBlog

    Notes on the interaction of ClearType with DXTransforms in IE7

    Hello again, this is Peter Gurevich, IE PM for ClearType (among other things, as my blog posts have shown). Today I want to give you a little heads up on an issue we have seen with DXTransforms and ClearType, and let you know what we have done to ensure good readability of text in IE. During our testing we noticed that DXTransforms are sometimes applied to elements that contain text (now rendered in ClearType). As our users also noticed, the ClearType text then looks extremely blurry - unfortunately...
  • IEBlog

    IE7, IE6 and The Windows Lifecycle

    I’ve been getting questions from folks lately who are wondering what will happen to IE6 (SP1) when IE7 ships. “Will Microsoft continue to provide security updates for IE6 after IE7 ships?” “Will customers have to migrate to IE7 by some point in time?” The answer is simple: IE6SP1’s support policy will not change when IE7 ships. Everywhere that IE6SP1 is supported today, IE6SP1 will continue to be supported until the OS it ships with expires. Are you running IE6SP1 on Windows 2000 SP4? You will...
  • IEBlog

    IE + JavaScript Performance Recommendations - Part 1

    Hello again, this is Peter Gurevich, Performance PM (among other things) for IE7. We have heard a lot of requests to improve our Jscript engine, especially now that AJAX sites are becoming more prevalent on the web. I want you all to know that we have been listening and have recently made some great fixes to our engine to improve the garbage collection routine and to reduce unbounded memory growth. You should see noticeable improvements on AJAX sites in the Release Candidate we shipped last week...
  • IEBlog

    Checking for Incompatible Add-ons With RC1

    Hi there, it’s Max again, and with the availability of our first release candidate (RC1) build of IE7, I wanted to explain a new feature some of you might have seen when installing and running RC1. As an overall goal for IE we want to build the most stable and reliable browser that we can. We know that we sometimes make mistakes that cause crashes or hangs, but we actively try to find and fix the cause for as many as possible. Tools such as Windows Error Reporting help us a lot here, and we encourage...
  • IEBlog

    Why Does IE Resize My Dialogs?

    Hi, Travis here, a program manager for Trident/OM. In Beta3, you may have noticed that modal or modeless dialogs created from script seem to be slightly bigger than their IE6 counterparts. This is due to a recent change to bring the behavior of these dialogs closer to their cousins. In essence, we want to free developers from worrying about how much content size they are going to get when they request a modal or modeless dialog (from IE7 and onward). Note: our definition of content size...
  • IEBlog

    A Quick Reference Sheet for Internet Explorer 7

    My name is Seth McLaughlin and I have been working as a Program Manager intern on the User Experience team for the past few months. The summer is coming to an end and I will soon be returning to school at the Rochester Institute of Technology. Before I go, I wanted to let you know about a new resource that’s available for all of you keyboard lovers out there. There are many great shortcuts in IE7 - two of my favorites are CTRL+E to quickly access the Search box and ALT+D to select the Address...
  • IEBlog

    Update Available for IE 6.0 SP1 Security Vulnerability

    This morning we re-released our August security update (MS06-042) for IE 6.0 SP1. This update is available through all of our normal release channels including Windows Update , Automatic Update, Download Center and our deployment tools such as WSUS. As I mentioned Tuesday , the original release of MS06-042 introduced a new security vulnerability for IE 6.0 SP1 users. This re-release fixes that vulnerability. We recommend all IE 6.0 SP1 customers install the update immediately. Users running Windows...
  • IEBlog

    Installation Changes in IE7 Release Candidate

    Hi everyone, I’d like to point out a few changes we made to the installation process for the Release Candidate that we think you’ll like. Installation of the Release Candidate will automatically remove any previous version of IE7. If installation detects a previous version of IE7, it begins uninstall for you so you don’t have to dig through ‘Add/Remove Programs’. After uninstall completes and the machine restarts, installation begins automatically and reboots the machine immediately when...
  • IEBlog

    Internet Explorer 7 Release Candidate Now Available

    This morning we released our first public release candidate, IE7 RC1, for Windows XP. You can download it at . The RC1 build includes improvements in performance, stability, security, and application compatibility. You may not notice many visible changes from the Beta 3 release ; all we did was listen to your feedback, fix bugs that you reported, and make final adjustments to our CSS support. I do want to call attention to two changes in particular. First, IE7 RC1...
  • IEBlog

    Update coming for IE 6.0 SP1 security vulnerability

    You may have read reports of a new, irresponsibly disclosed vulnerability that affects IE 6.0 SP1. We are aware of this issue and are actively working on an update that addresses the problem, which was introduced with our last security update (MS06-042). This issue only impacts customers running IE 6.0 SP1; customers running Windows XP SP2, Server 2003 SP1, IE 5.01 on Windows 2000, or any of the IE7 betas including Windows Vista are not affected. As far as we know, there are no active exploits at...
Page 32 of 43 (1,068 items) «3031323334»