IEBlog

Windows Internet Explorer Engineering Team Blog

  • IEBlog

    February IE Security Updates Released

    • 40 Comments
    Yesterday’s security updates for February 2005 include two critical updates relating to Internet Explorer: MS05-013 – has a fix for an issue with the DHTML edit control (CAN-2004-1319) MS05-014 - Cumulative Security Update for Internet Explorer These are both rated “critical” and affect all supported IE configurations from IE5.01 to IE6 for XPSP2. In addition, there is a third update to mention - MS05-008 - which contains a fix for a drag-and-drop vulnerability in the Windows shell code. You need...
  • IEBlog

    Security Issues That Aren’t – Part 2

    • 27 Comments
    Part 1 of Security Issues That Aren't gave rise to a lot of interesting comments. Hearing back from you is really helpful in terms of understanding what issues folks are dealing with and where we need to focus our attention. To those of you who suggested I should worry more about security issues that are instead of those that aren’t : I do! That’s exactly why I chose the subject: The fewer non-security reports I need to investigate, the more time I can spend on more severe problems. So bear with...
  • IEBlog

    IE content-type logic

    • 55 Comments
    The information published in this post is now out-of-date and one or more links are invalid. —IEBlog Editor, 21 August 2012 This being my first post on the IE blog, I should introduce myself quickly. My name is Vishu Gupta; I am a developer on the IE team. There have been several posts in the recent past asking for more information on how does Internet Explorer sniff the content-type of a downloaded file. The whole thing looks totally inconsistent or should I say...non-compliant! Before reaching...
  • IEBlog

    Http Debugging with Fiddler

    • 31 Comments
    The information published in this post is now out-of-date and one or more links are invalid. —IEBlog Editor, 21 August 2012 We’ve just published an MSDN article on a tool called Fiddler . As the article explains it is very useful for http debugging and was written by Eric Lawrence one of the Program Managers on the IE team. Thanks -Dave
  • IEBlog

    IE Security Zones

    • 23 Comments
    Greetings. My name is Mike Friedman. I’m on the Internet Explorer Security Test Team. In IE, the different areas of the Web are partitioned into a set of security zones. The topic I would like to talk about is programmatically adding sites to those zones. Zones were introduced in IE4 as a way to give users and admins more control, to strike a balance between user experience and gradations of risk. If you have a high degree of trust in a site, placing it in a lower-security zone can reduce the number...
  • IEBlog

    New IE Security News Group Launches

    • 26 Comments
    The information published in this post is now out-of-date and one or more links are invalid. —IEBlog Editor, 21 August 2012 There is now a new forum for discussions related to IE security: microsoft.public.internetexplorer.security Here’s the initial posting: Welcome Everyone, This newsgroup is dedicated to the discussion of Internet Explorer security issues. Questions/comments about browser security features, security updates, and IE security best practice are all topics for discussion here...
  • IEBlog

    New Community Article

    • 50 Comments
    On the Internet Explorer Community site there’s a new article covering personalising your browser by one of our Internet Explorer MVPs. There are some great tips there that the novice user might find very useful. This is part of a series of articles on the community site and I’d particularly call attention to the article Help Protect Yourself from Online Crime that has great advice whatever browser you use. Feedback and ideas for articles are appreciated. Thanks -Dave
  • IEBlog

    IE Setup - From IExpress to Windows Package Installer

    • 11 Comments
    My name is John Hrvatin and I’m the Program Manager for Internet Explorer setup. That includes installers for security updates as well as integrating IE into Windows setup for future releases. In the past, IE has used IExpress as its installer. With the release of security update MS04-038 in October 2004, however, IE has begun using the Windows Package Installer, or “update.exe”, for all IE security updates and hot fixes on the following platforms: • Windows 2000 (all service pack levels) • Windows...
  • IEBlog

    The 64-bit browser in Windows x64

    • 23 Comments
    With the delivery of RC 1 of Windows Server 2003 & Windows x64 Client last month, we shipped not one but two browsers with the OS: a 32- and 64-bit version of IE6 for Windows Server 2003 SP1/x64. We had to make a choice with the 64-bit client as to which browser, the 32-bit or 64-bit, would be the default. Compatibility, performance, and interoperability all played a part in our decision, but ultimately our decision was swayed by the lack of 64-bit native controls. We found that in our own every...
  • IEBlog

    Internet Explorer Expert Zone Chat

    • 10 Comments
    The information published in this post is now out-of-date. —IEBlog Editor, 20 August 2012 On Thursday Jan 13th at 10:00AM PST we’ll be holding our regular monthly Internet Explorer chat with team members. See http://www.microsoft.com/WindowsXP/expertzone/chats/default.mspx for details. The focus of this chat will be currently supported versions of Internet Explorer and is an opportunity to interact with members of the product team getting assistance and giving feedback. We will not be discussing...
  • IEBlog

    Security Update for HTML Help Control Helps Blunt IE Attack Vectors

    • 8 Comments
    Microsoft released several security updates today – MS05-001, MS05-002 and MS05-003. MS05-001 has a fix for a remote code execution issue affecting the HTML Help Control. MS05-002 contains a fix for the “X-Focus” issues. MS05-003 has a fix for a remote code execution issue with Indexing Services The first two are rated “critical” and the third is “important”. MS05-001 is the most critical to reducing IE-based attack vectors. The HTML...
  • IEBlog

    Earthquake and Tsunami Donation Appeal

    • 2 Comments
    The information published in this post is now out-of-date. —IEBlog Editor, 20 August 2012 I didn’t expect to be posting before next year, but given the situation in southern Asian and eastern Africa, I thought it important to post something to help those affected by the earthquake and the tsunami. You can find a good list of organizations to which you can make a donation on Microsoft’s Helping Victims of the South Asian Earthquake and Tsunami web page. There are plenty of other sites with information...
  • IEBlog

    Happy Holidays!

    • 16 Comments
    The information published in this post is now out-of-date. —IEBlog Editor, 20 August 2012 I want to comment on a couple of things before we all disappear for the holidays. As you may have noticed, we have turned on comment moderation due to the copious amounts of blog spam we have gotten lately. This means there will be some delay for us to review the comments and then post the ones that are not spam. I don’t really like doing the comment filtering (it’s more work for us), but given the spam...
  • IEBlog

    Internet Explorer Developer Center

    • 65 Comments
    Today we relaunch the Internet Explorer Developer Center on MSDN. You can find this at the relatively easy to remember URL http://msdn.microsoft.com/ie and is a portal for developers using Internet Explorer technologies. On the developer center we highlight technologies and events and link to reference material, articles and other essential information. The Developer Center is useful for both web developers and Windows developers who are building their solution on the Internet Explorer platform....
  • IEBlog

    Security Issues That Aren’t – Part 1

    • 82 Comments
    My name is Patrick Mann and I’m a security tester on the IE team. A big part of my job is to research potential IE security vulnerabilities reported to Microsoft by 3 rd parties: security vendors, site developers, or simply observant users. These folks do the browsing public a great service by working with us to eliminate vulnerabilities before they can be exploited. However, I’ve also noticed that there are some misconceptions about IE security that lead people to worry about perceived security...
  • IEBlog

    New IE Security Update for IE6 SP1 and IE6 (but not IE6 in XPSP2 or Windows Server 2003)

    • 21 Comments
    Today we released a security update for IE, MS04-040. This fixes a heap-based buffer overflow that allows remote execution (see CAN-2004-1050 for more details on the specifics of the issue). Full details on the security update can be found in the security bulletin . If you are running IE6 SP1 or IE 6 I strongly suggest you go to Windows Update to get this security release. It’s nice to see the results of all the hard work we put into making XPSP2 and Windows Server 2003 more secure, since users running...
  • IEBlog

    A few of our favourite DHTML sites

    • 75 Comments
    The information published in this post is now out-of-date. —IEBlog Editor, 20 August 2012 Although most of the team does not spell favourite like this, I originally hail from England and occasionally enjoy antagonizing my colleagues with the British spelling. Here are a few sites that we believe are valuable to web developers. http://www.dynamicdrive.com/ Dynamic Drive has lots of useful widgets to add to web pages from menus to games. www.webreference.com Web Reference has lots of resources...
  • IEBlog

    Why I Like Windows

    • 197 Comments
    The information published in this post is now out-of-date and one or more links are invalid. —IEBlog Editor, 20 August 2012 The great thing about Windows is all the software that runs on it. Every day, there’s new software released for Windows. Today, with Firefox’s release, is no different. As someone who has worked on many big software projects over the last few years, I’m happy for the developers who worked on it. Signing off on your work and letting the rest of the world use it feels good...
  • IEBlog

    Internet Explorer Developer Documentation updates

    • 65 Comments
    The information published in this post is now out-of-date and one or more links are invalid. —IEBlog Editor, 20 August 2012 We’re working on improving our documentation for web developers on MSDN . Here are a few changes we’ve made over the last month or so. A Simplified Table of Contents This can be seen in the panel on the left under Web Development. The previous table of contents was a bit confused and often made it a struggle to find topics that were relevant. Removal of “new” tags As a...
  • IEBlog

    Red Sox Win the World Series!

    • 26 Comments
    Congratulations to the Boston Red Sox, the 2004 World Series Champions! It is amazing to think that they not only won the World Series for the first time since 1918, but they did it in extraordinary fashion, winning 8 straight games against two of the best teams in baseball. Before I started working with a VIC-20 or a Commodore 64, I was a baseball fanatic. I grew up in New England (Vermont to be exact) living and dying with the fate of the Red Sox. I was fortunate enough to see them play a number...
  • IEBlog

    Tweakomatic Utility for IE Settings

    • 8 Comments
    The information published in this post is now out-of-date and one or more links are invalid. —IEBlog Editor, 20 August 2012 I got an email thread the other day that started out with the question of how to add a trusted site into "LocalSystem"'s IE setting via command line or script (which is good question, but more on that later). As part of this thread it also talked about a power toy called Tweakomatic. Named to follow along in the great TweakUI power toy tradition, Tweakomatic is a tool...
  • IEBlog

    Scripting Debugging in Internet Explorer

    • 69 Comments
    The information published in this post is now out-of-date and one or more links are invalid. —IEBlog Editor, 20 August 2012 I thought I’d take a couple minutes to talk about Script Debugging and Internet Explorer. Script debugging is turned off by default you can enable it by going to: Tools->Internet Options…->Advanced->Disable Script Debugging Prior to XPSP2 the above will turn script debugging on for all applications that host the WebBrowser control (Outlook for example). On XPSP2...
  • IEBlog

    “IE Shines on Broken Code” Story on Slashdot

    • 77 Comments
    The information published in this post is now out-of-date and one or more links are invalid. —IEBlog Editor, 20 August 2012 Slashdot picked up a story from Bugtraq entitled Web browsers - a mini-farce in which Michael Zalewski talks about feeding a variety of browsers a healthy dose of bad content over 2 hours and seeing what happened. The story also includes pointers to the tools he used for hammering the browsers. Here is a bit of his report: 6) Pointless rants It appears that the overall...
  • IEBlog

    Compatibility, or “Just Don’t Break My Site!”

    • 94 Comments
    The information published in this post is now out-of-date and one or more links are invalid. —IEBlog Editor, 20 August 2012 We’ve had more than a few comments suggesting that IE works too hard at backwards compatibility, and we cater to those people who “don’t code their pages correctly”, or people who otherwise “didn’t do things the right way”. These comments frequently go on to suggest that we (the IE team) should use our market position to “force people to fix their broken stuff”. I’d like...
  • IEBlog

    A fresh IE security update

    • 27 Comments
    The information published in this post is now out-of-date. —IEBlog Editor, 20 August 2012 Earlier this week we released the latest security update for IE, MS04-038 . We’ve been working on this since XPSP2 shipped, and it’s nice to see it made available to customers on Windows Update . This update addresses, among other issues, the drag & drop vulnerability that’s been in the news & security circles lately. This is also the first IE update to use the our latest installation technology...
Page 39 of 41 (1,002 items) «3738394041