IEBlog

Internet Explorer Team Blog

  • IEBlog

    Security Update for HTML Help Control Helps Blunt IE Attack Vectors

    • 8 Comments
    Microsoft released several security updates today – MS05-001, MS05-002 and MS05-003. MS05-001 has a fix for a remote code execution issue affecting the HTML Help Control. MS05-002 contains a fix for the “X-Focus” issues. MS05-003 has a fix for a remote code execution issue with Indexing Services The first two are rated “critical” and the third is “important”. MS05-001 is the most critical to reducing IE-based attack vectors. The HTML...
  • IEBlog

    Earthquake and Tsunami Donation Appeal

    • 2 Comments
    The information published in this post is now out-of-date. —IEBlog Editor, 20 August 2012 I didn’t expect to be posting before next year, but given the situation in southern Asian and eastern Africa, I thought it important to post something to help those affected by the earthquake and the tsunami. You can find a good list of organizations to which you can make a donation on Microsoft’s Helping Victims of the South Asian Earthquake and Tsunami web page. There are plenty of other sites with information...
  • IEBlog

    Happy Holidays!

    • 16 Comments
    The information published in this post is now out-of-date. —IEBlog Editor, 20 August 2012 I want to comment on a couple of things before we all disappear for the holidays. As you may have noticed, we have turned on comment moderation due to the copious amounts of blog spam we have gotten lately. This means there will be some delay for us to review the comments and then post the ones that are not spam. I don’t really like doing the comment filtering (it’s more work for us), but given the spam...
  • IEBlog

    Internet Explorer Developer Center

    • 65 Comments
    Today we relaunch the Internet Explorer Developer Center on MSDN. You can find this at the relatively easy to remember URL http://msdn.microsoft.com/ie and is a portal for developers using Internet Explorer technologies. On the developer center we highlight technologies and events and link to reference material, articles and other essential information. The Developer Center is useful for both web developers and Windows developers who are building their solution on the Internet Explorer platform....
  • IEBlog

    Security Issues That Aren’t – Part 1

    • 82 Comments
    My name is Patrick Mann and I’m a security tester on the IE team. A big part of my job is to research potential IE security vulnerabilities reported to Microsoft by 3 rd parties: security vendors, site developers, or simply observant users. These folks do the browsing public a great service by working with us to eliminate vulnerabilities before they can be exploited. However, I’ve also noticed that there are some misconceptions about IE security that lead people to worry about perceived security...
  • IEBlog

    New IE Security Update for IE6 SP1 and IE6 (but not IE6 in XPSP2 or Windows Server 2003)

    • 21 Comments
    Today we released a security update for IE, MS04-040. This fixes a heap-based buffer overflow that allows remote execution (see CAN-2004-1050 for more details on the specifics of the issue). Full details on the security update can be found in the security bulletin . If you are running IE6 SP1 or IE 6 I strongly suggest you go to Windows Update to get this security release. It’s nice to see the results of all the hard work we put into making XPSP2 and Windows Server 2003 more secure, since users running...
  • IEBlog

    A few of our favourite DHTML sites

    • 75 Comments
    The information published in this post is now out-of-date. —IEBlog Editor, 20 August 2012 Although most of the team does not spell favourite like this, I originally hail from England and occasionally enjoy antagonizing my colleagues with the British spelling. Here are a few sites that we believe are valuable to web developers. http://www.dynamicdrive.com/ Dynamic Drive has lots of useful widgets to add to web pages from menus to games. www.webreference.com Web Reference has lots of resources...
  • IEBlog

    Why I Like Windows

    • 197 Comments
    The information published in this post is now out-of-date and one or more links are invalid. —IEBlog Editor, 20 August 2012 The great thing about Windows is all the software that runs on it. Every day, there’s new software released for Windows. Today, with Firefox’s release, is no different. As someone who has worked on many big software projects over the last few years, I’m happy for the developers who worked on it. Signing off on your work and letting the rest of the world use it feels good...
  • IEBlog

    Internet Explorer Developer Documentation updates

    • 65 Comments
    The information published in this post is now out-of-date and one or more links are invalid. —IEBlog Editor, 20 August 2012 We’re working on improving our documentation for web developers on MSDN . Here are a few changes we’ve made over the last month or so. A Simplified Table of Contents This can be seen in the panel on the left under Web Development. The previous table of contents was a bit confused and often made it a struggle to find topics that were relevant. Removal of “new” tags As a...
  • IEBlog

    Red Sox Win the World Series!

    • 26 Comments
    Congratulations to the Boston Red Sox, the 2004 World Series Champions! It is amazing to think that they not only won the World Series for the first time since 1918, but they did it in extraordinary fashion, winning 8 straight games against two of the best teams in baseball. Before I started working with a VIC-20 or a Commodore 64, I was a baseball fanatic. I grew up in New England (Vermont to be exact) living and dying with the fate of the Red Sox. I was fortunate enough to see them play a number...
  • IEBlog

    Tweakomatic Utility for IE Settings

    • 8 Comments
    The information published in this post is now out-of-date and one or more links are invalid. —IEBlog Editor, 20 August 2012 I got an email thread the other day that started out with the question of how to add a trusted site into "LocalSystem"'s IE setting via command line or script (which is good question, but more on that later). As part of this thread it also talked about a power toy called Tweakomatic. Named to follow along in the great TweakUI power toy tradition, Tweakomatic is a tool...
  • IEBlog

    Scripting Debugging in Internet Explorer

    • 69 Comments
    The information published in this post is now out-of-date and one or more links are invalid. —IEBlog Editor, 20 August 2012 I thought I’d take a couple minutes to talk about Script Debugging and Internet Explorer. Script debugging is turned off by default you can enable it by going to: Tools->Internet Options…->Advanced->Disable Script Debugging Prior to XPSP2 the above will turn script debugging on for all applications that host the WebBrowser control (Outlook for example). On XPSP2...
  • IEBlog

    “IE Shines on Broken Code” Story on Slashdot

    • 77 Comments
    The information published in this post is now out-of-date and one or more links are invalid. —IEBlog Editor, 20 August 2012 Slashdot picked up a story from Bugtraq entitled Web browsers - a mini-farce in which Michael Zalewski talks about feeding a variety of browsers a healthy dose of bad content over 2 hours and seeing what happened. The story also includes pointers to the tools he used for hammering the browsers. Here is a bit of his report: 6) Pointless rants It appears that the overall...
  • IEBlog

    Compatibility, or “Just Don’t Break My Site!”

    • 94 Comments
    The information published in this post is now out-of-date and one or more links are invalid. —IEBlog Editor, 20 August 2012 We’ve had more than a few comments suggesting that IE works too hard at backwards compatibility, and we cater to those people who “don’t code their pages correctly”, or people who otherwise “didn’t do things the right way”. These comments frequently go on to suggest that we (the IE team) should use our market position to “force people to fix their broken stuff”. I’d like...
  • IEBlog

    A fresh IE security update

    • 27 Comments
    The information published in this post is now out-of-date. —IEBlog Editor, 20 August 2012 Earlier this week we released the latest security update for IE, MS04-038 . We’ve been working on this since XPSP2 shipped, and it’s nice to see it made available to customers on Windows Update . This update addresses, among other issues, the drag & drop vulnerability that’s been in the news & security circles lately. This is also the first IE update to use the our latest installation technology...
  • IEBlog

    Setting Google as Your Autosearch Provider (or One Thing I Don't Love About IE)

    • 30 Comments
    Like any piece of software I have worked on, I have intense affection for the resultant software we ship (warts and all). However, there are usually a number of things you wish you had had more time to make better and every time you run across it in the product it drives you crazy. One thing that bothers me with IE in XPSP2 is the amount of hoops you need to click through to set Google or some other search engine as your autosearch provider. A quick way to set Google is to use the reg file up on...
  • IEBlog

    Opting in to the Information Bar

    • 8 Comments
    The information published in this post is now out-of-date and one or more links are invalid. —IEBlog Editor, 20 August 2012 So this is my first post on this blog, my name is Phil Nachreiner, I’m a developer on the IE team. I’ll post more about myself in another time, but I’d like to talk briefly about opting into the security features we added in XPSP2. For example, we’ve made it extremely easy to opt existing applications that use the WebBrowser Control into the XPSP2 Information Bar without...
  • IEBlog

    MSDN articles on IE for XP SP2

    • 39 Comments
    The information published in this post is now out-of-date and one or more links are invalid. —IEBlog Editor, 20 August 2012 If you’re a developer hosting the WebBrowser control, you’ll want to read Compatibility in Internet Explorer 6 for Windows XP Service Pack 2 . This article has details about changes such as: Local Machine Zone Lockdown Object Caching MIME Handling MIME Sniffing Network Protocol Lockdown Window Restrictions File Download Restrictions ActiveX Restrictions Pop-up Blocker...
  • IEBlog

    More on IE's UA string and the SV1 token

    • 49 Comments
    In earlier posts, Christopher mentioned that for Windows XP SP2 and Windows Server 2003 SP1 the UA string was getting a new ‘SV1’ decorator. This has stirred up a flurry of questions and comments about our reasoning behind this decision. Why did we add ‘SV1’ instead of update the IE version number? Well, we know from past experience that changing the version number can have a huge impact on site and application compatibility. We felt that since IE for XPSP2 and WS03SP1 does not have significant changes...
  • IEBlog

    IE in Windows Server 2003 SP1 and Windows XP 64-bit edition v2003

    • 36 Comments
    With XPSP2 out the door, we’re turning our attention to bringing our latest security enhancements to upcoming Windows releases. Next up: Windows Server 2003 SP1 and Windows XP 64-bit edition v2003, which are both currently in Beta. Both these platforms will receive the same treatment as XPSP2 did for IE: they’ll get all our security improvements, the pop-up blocker, the information bar, etc. See Tony’s blog entry about IE in XPSP2 for more info & links about the changes we made in XPSP2. Customers...
  • IEBlog

    IE add-ons in Marketplace

    • 35 Comments
    The information published in this post is now out-of-date and one or more links are invalid. —IEBlog Editor, 20 August 2012 Hi, I’m Gary Schare and I run the product management team for IE. This includes defining and communicating the IE value proposition for all customer segments and helping the product team with long-term product strategy. I posted a comment last week about Windows Marketplace on the Community Site entry and wanted to follow up with more info. Windows Marketplace went live...
  • IEBlog

    XPSP2 and its slightly updated user agent string

    • 34 Comments
    The information published in this post is now out-of-date and one or more links are invalid. —IEBlog Editor, 20 August 2012 Hi, I’m Christopher Vaughan, and I’m the lead project manager for the Internet Explorer team. I’ve worked on IE on and off since the IE 3.0 days, and have been involved in every major Windows release since Windows 95. I work with Dean, Scott, Tony, Dave, and the others who have or will be posting here to make sure that the IE team is working on the right things and at...
  • IEBlog

    CERT Advisory on XPSP2 – “significantly improves your computer’s defenses”

    • 15 Comments
    US-CERT published an advisory on XPSP2 the other day. Main statement – “Microsoft Windows XP Service Pack 2 (SP2) significantly improves your computer's defenses against attacks and vulnerabilities.” They specifically talked about IE changes, including local machine zone lockdown. Full advisory is at http://www.us-cert.gov/cas/alerts/SA04-243A.html . Thanks. Scott
  • IEBlog

    New Internet Explorer Community Site

    • 22 Comments
    We’ve just launched a new Community site for Internet Explorer to help support end users. This is linked from the main Internet Explorer page on www.microsoft.com . It includes links to other Internet Explorer sites, downloads and hints and tips. This site is focused on providing resources to end users but we also have sites with information for other parts of the wide audience for Internet Explorer: Resources for developers at the Internet Explorer Developers Center on MSDN Resources for the IT...
  • IEBlog

    More details on Pop-Up Blocking in XPSP2

    • 5 Comments
    There have been some questions about how pop-up blocking works in XPSP2 in the comments. Jeff Davis , one of the IE developers who worked on this feature in XPSP2, has put together a post ( http://blogs.msdn.com/jeffdav/archive/2004/08/25/220737.aspx ) that gives more details on what we consider a user initiated click. If you want to get better sense for how it works, please take a read through his latest entry - mouseDown + mouseUp = click . Thanks. Scott
Page 41 of 42 (1,042 items) «3839404142