Internet Explorer

Internet Explorer 8 is on the Horizon

The focus at Mix’07 has mainly been Microsoft Silverlight, the only other thing I can remember off of the top of my head is the mention of a Vista Gadget from Disney, but I am behind in my RSS reader. Ars Technica has posted an article about a post from Chris Wilson on the Internet Explorer blog, but, the site won’t come up for me, so I am just referencing the Ars Technica site.

While details may be lacking, the structure of the conferences planned for Mix’07 gives a few hints. Improvements in RSS, CSS, and AJAX support are all being given high priority. It is also widely speculated that IE 8 will include support for microformats, small tags embedded in HTML code that can be interpreted in various ways by software, such as calendar events or contact information. Microformat support is scheduled for Firefox 3, so IE 8 will have to include them in order to keep up. The new version may also include more options for user interface customization, as that was one of the biggest criticisms of IE 7, and one which the developers often blamed on lack of time.

The fact that there will be an IE 8 at all is a testament to the fact that the web browser market has become competitive again. When IE 6 finally vanquished Netscape, the team that created Microsoft’s browser was largely thrown to the winds, and development slowed to a crawl. It took Firefox gaining a ten percent market share to cause Microsoft to respond with IE 7. Source: Microsoft drops hints about Internet Explorer 8

At least we know Microsoft is working on the next version of IE, that is a good thing…

Be the first to comment - What do you think?  Posted by Jimmy Daniels - May 3, 2007 at 4:13 am

Categories: Internet Explorer   Tags: , , ,

VML Exploit Patched by Microsoft

Microsoft noted on their blog that they might release the patch to fix the VML exploit early, if it met all the tests and requirments, so apparently, it already has. Thanks Sunbeltblog.

A security issue has been identified in the way Vector Markup Language (VML) is handled that could allow an attacker to compromise a computer running Microsoft Windows and gain control over it. You can help protect your computer by installing this update from Microsoft. After you install this item, you may have to restart your computer.

Check Windows Update to get it.

Added: Just saw this post from a technet blog, “OUT OF BAND” Security Bulletin has been released – Microsoft Security Bulletin MS06-055,

On Tuesday September 26th 2006, the Microsoft Security Response Center (MSRC) released one (1) new Security Bulletin. This Security Bulletin Release is in addition to our regularly scheduled monthly security bulletin release for September 2006. A release of this type is often referred to as ?Out of Band?.

A remote code execution vulnerability exists in the Vector Markup Language (VML) implementation in Microsoft Windows. An attacker could exploit the vulnerability by constructing a specially crafted Web page or HTML e-mail that could potentially allow remote code execution if a user visited the Web page or viewed the message. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

And this post from the Microsoft Security Response Center Blog,

Hey everyone, Craig Gehre here. We’re in the process of releasing out of band update MS06-055 to address the VML issue. At the moment, Windows Update, Microsoft Update, and Autoupdate are live. We’re in the process of publishing the bulletin, associated packages, and updated content for WSUS, MBSA1.2.1, EST, and MBSA 2.0 to the Microsoft download center and normal locations and those should be up shortly. Until that time the links might not work in the bulletin until the packages appear on the download center. The WSUSscan.cab for SMS and MBSA 2.0 users is also in process and will be published soon. We?ll provide a follow-on blog post shortly once we get everything up.

We’re also re-releasing MS06-049 for Windows 2000 users and will have that information up shortly as well.

Anyway, finally, I know they want to test this stuff thoroughly, but sometimes you just gotta rush stuff, especially when you have unsuspecting users on the line.

Be the first to comment - What do you think?  Posted by Jimmy Daniels - September 26, 2006 at 5:29 pm

Categories: Internet Explorer, Microsoft News, Security, Windows XP   Tags: ,

IE7 Immune to VML Exploit

In testing on a couple different blogs, IE7 has proven to be immune to the vml exploit currently making the rounds. Ed Bott says Vista passes one security test,

Now, it’s important to note that the developers of IE7 clearly had no idea that this vulnerability existed in IE6. But their development process managed to block this particular exploit right out of the box, and the additional layers of security provided important clues that this page was potentially dangerous.

Sandi Hardmeier at Spyware Sucks says Important – IE VML Vulnerability – IE7 is immune and as a matter of fact says it has been immune to almost all the other vulnerabilities that have come out since its realease.

And the IE team says, “…With the exception of a very short list of issues we’re aware of and working on, we think the product is done…. Depending on your feedback, we may post another release candidate. We?re still on track to ship the final IE7 release in the 4th calendar quarter.”

Sounds like this may be as good of a time as any to read the release notes and upgrade to IE7, but be warned, there are still some software issues with other programs.

Be the first to comment - What do you think?  Posted by Jimmy Daniels - at 2:08 am

Categories: IE7, Internet Explorer, Security, Virus Info   Tags: , ,

MSIE VML Exploit Spreading

The Internet Storm center, Sans.org, has raised the Infocon level to yellow for the exploit I posted about here, Vulnerability in Vector Markup Language Could Allow Remote Code Execution. I recommend you update your anti virus software and possible even unregister the offending dll, Vgx.dll, instructions are in this post.

The VML exploit is now becoming more widespread, so we changed the InfoCon level to yellow to emphasize the need to consider fixes.

If you have not taken measures yet, please consider some emergency fixes to cover the weekend (especially for those laptops surfing the web from home; they might be at high risk). The exploit is widely known, easy to recreate, and used in more and more mainstream websites. The risk of getting hit is increasing significantly.

Outlook (including outlook 2003) is – as expected – also vulnerable and the email vector is being reported as exploited in the wild as well.

Weekends are moreover popular moments in time for the bad guys to build their botnets.

Ken Dunham from iDefense says,

We have seen a significant increase in attacks over the last 24 hours and “[at] least one domain hosts provider has suffered a large-scale attack leading to index file modifications on over 500 domains”. Those domains pointed visitors to a VML exploit. We’re happy to note they join us in recommending “implementing a workaround ASAP” and see the upcoming weekend as a factor in it.

The group, known as ZERT (Zero Day Emergency Response Team) has released a patch saying that Microsoft has to fix its patching cycle, and I agree on that part, having to wait two weeks for a patch to fix an exploit that is just now taking off is ridiculous, I understand they have to test it and such, but surely they can speed the process up so we can all be safer online.

A high-profile group of computer security professionals scattered around the globe has created a third-party patch for the critical VML vulnerability as part of a broader effort to provide an emergency response system for zero-day malware attacks.

The patch, which was created and tested by a roster of reverse engineering gurus and virus research experts, is available from the ZERT Web site for Windows 2000 SP4, Windows XP (SP1 and SP2), Windows Server 2003 (SP1 and R2 inclusive).

“Something has to be done about Microsoft’s patching cycle. In some ways, it works. But, in other ways, it fails us,” says Joe Stewart, a senior security researcher with SecureWorks, in Atlanta. Source: eWeek.com

Not sure about using a third party patch, and I know I won’t be installing it on any computers for other people, I will stick to keeping the anti virus updated everyday and teaching good internet practices.

Be the first to comment - What do you think?  Posted by Jimmy Daniels - September 22, 2006 at 6:17 pm

Categories: Internet Explorer, Microsoft News, Security   Tags: ,

Vulnerability in Vector Markup Language Could Allow Remote Code Execution

Microsoft released a security advisory yesterday, Microsoft Security Advisory (925568) Vulnerability in Vector Markup Language Could Allow Remote Code Execution. This involves the file Vgx.dll, which implements Vector Markup Language within Microsoft Windows. This vulnerability affects the following software:

Microsoft Windows 2000 Service Pack 4

Microsoft Windows XP Service Pack 1 and Service Pack 2

Microsoft Windows XP Professional x64 Edition

Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1

Microsoft Windows Server 2003 with SP1 for Itanium-based Systems Edition

Microsoft Windows Server 2003 x64 Edition

Someone who exploited this vulnerability could take complete control of the system just by getting the user to visit a website or open an attachment in email. It is even possible to use the vml exploit with a banner on a website, which opens up many avenues for attack.

Microsoft has confirmed new public reports of a vulnerability in the Microsoft Windows implementation of Vector Markup Language (VML) Microsoft is also aware of the public release of detailed exploit code that could be used to exploit this vulnerability. Based on our investigation, this exploit code could allow an attacker to execute arbitrary code on the user’s system. Microsoft is aware that this vulnerability is being actively exploited.

A security update to address this vulnerability is now being finalized through testing to ensure quality and application compatibility Microsoft?s goal is to release the update on Tuesday, October 10, 2006, or sooner depending on customer needs.

Customers are encouraged to keep their anti-virus software up to date. Customers can also visit Windows Live OneCare Safety Center and are encouraged to use the Complete Scan option to check for and remove malicious software that take advantage of this vulnerability. We will continue to investigate these public reports.

Until the patch is released, Microsoft says you can protect your system using the following four methods:

Un-register Vgx.dll on Windows XP Service Pack 1; Windows XP Service Pack 2; Windows Server 2003 and Windows Server 2003 Service Pack 1

Impact of Workaround: Applications that render VML will no longer do so once Vgx.dll has been unregistered.

Modify the Access Control List on Vgx.dll to be more restrictive

Impact of Workaround: Applications and Web sites that render VML may no longer display or function correctly.

Configure Internet Explorer 6 for Microsoft Windows XP Service Pack 2 to disable Binary and Script Behaviors in the Internet and Local Intranet security zone.

Impact of Workaround: Disabling binary and script behaviors in the Internet and Local intranet security zones may cause some Web sites that rely on VML to not function correctly.

Read e-mail messages in plain text format to help protect yourself from the HTML e-mail attack vector.

I recommend you update your anti-virus software, or, better yet, tell it to update automatically when you login to the system, so it checks everyday for updates. Microsoft said users of Windows Live OneCare and your current status is green, you are already protected from known malware that uses this vulnerability to attempt to attack systems. You can visit Windows Live OneCare Safety Center to check for and remove malicious software looking to exploit this vulnerability.

Sunbelt discovered the zero day exploit in the wild.

1 comment - What do you think?  Posted by Jimmy Daniels - September 20, 2006 at 3:52 pm

Categories: Internet Explorer, Malware, Microsoft News, Security   Tags: ,

IE Has Encountered a Problem and Must Shutdown

Saw a couple people searching for “IE Has Encountered a Problem and Must Shutdown” on the site, and found this article on Microsoft site, You receive an “Internet Explorer has encountered a problem and needs to close (Mshtml.dll)” error message.

This behavior may be caused by an older file from a Beta version of Microsoft Windows XP and the Internet Explorer 6 Public Preview releases. You might experience this symptom if you upgraded from a Beta release of Windows XP or from the Internet Explorer 6 Public Preview, or if you are still running a Windows XP Beta version or Internet Explorer 6 Public Preview release.

Click here for the resolution.

Other articles:
You receive an “Invalid page fault in module Tps108.dll” error message or an “Internet Explorer has encountered a problem and needs to close” error message when you start Internet Explorer.
You receive a “Internet Explorer has encountered a problem and needs to close” error when you use Internet Explorer 6 to view a Web page that hosts an ActiveX control.
You receive a “Microsoft Internet Explorer has encountered a problem and needs to close (Pdm.dll)” error message.
You receive a “Microsoft Internet Explorer has encountered a problem and needs to close.” error message when two pop-up windows appear at the same time in Internet Explorer 6 Service Pack 1.
Internet Explorer quits unexpectedly when you press F1 in a Web page dialog box.
Internet Explorer Quits with Error in Shell64.dll When You Browse the Internet.
Internet Explorer May Quit Unexpectedly with an Error in Mshtml.dll When You Click a Button on a Web Page.
An Error Occurs in Ssl.dll When You Try to Start Internet Explorer.
You may receive an error message in module Mshtml.dll and Internet Explorer quits when you run a custom Web program in Internet Explorer 6.
Error Message in Mfc42.dll Appears When Starting, and then Internet Explorer Quits.
Description and availability of Internet Explorer Error Reporting tool.
An Error Occurs in Mshtml.dll in Internet Explorer 6 on Windows Me.
“Iexplore.exe has encountered a problem and needs to close” error message when you try to start Internet Explorer.
Error Message: Iexplore.exe Has Generated Errors and Will Be Closed By Windows.
Error Message if Speech Recognition Is Not Configured Correctly.
Versions of Comet Cursor That Are Earlier Than Version 4.0 Cause an Error Message.
“Iexplorer.exe has encountered a problem and needs to close” error message when you try to view a timesheet in Microsoft Project Web Access.
FIX: Internet Explorer may unexpectedly quit with an error message in module Mshtml.dll when you try to locate a Web page in Windows XP Service Pack 2.
Internet Explorer or Outlook Express quits unexpectedly with an error in Mshtml.dll.
Access Violation in Internet Explorer When You Use RDS Under Stress.
Web site content is not updated or you receive an unrecoverable error in Internet Explorer.

Even more available at Microsoft.

Be the first to comment - What do you think?  Posted by Jimmy Daniels - September 13, 2006 at 12:00 am

Categories: Internet Explorer, Tips   Tags:

Browsershield Built to Block Malicious Code in Webpages

Microsoft has been working on a new project to help Internet Explorer block malicious code that’s hidden on webpages, one that will show a harmless version of the webpage instead. It’s called Browsershield and its just one of many security related products coming from Microsoft. From Neowin,

The BrowserShield project, the brainchild of Helen Wang, a project leader in Microsoft Research’s Systems & Networking Research Group, and an outgrowth of the company’s Shield initiative to block network worms could one day even become Microsoft’s answer to zero-day browser exploits such as the WMF (Windows Metafile) attack that spread like wildfire in December 2005.

“This can provide another layer of security, even on unpatched browsers,” Wang said in an interview with eWEEK. “If a patch isn’t available, a BrowserShield-enabled tool bar can be used to clean pages hosting malicious content.” BrowserShield, described by Wang as a tool for deleting embedded scripts before a Web page is displayed on a browser, can inspect and clean both static and dynamic content. Dynamic content has become a popular vector for Web-borne malware attacks of late, security experts have said.

We basically intercept the Web page, inject our logic and transform the page that is eventually rendered on the browser,” Wang said. “We’re inserting our layer of code at run-time to make the Web page safe for the end user.” If the prototype is eventually folded into a Microsoft product, it could also protect against drive-by attacks that target flaws in IE, which is used by approximately 90 percent of Web surfers worldwide. BrowserShield is one of many security-related projects coming out of Microsoft Research.

This sounds pretty cool, until it starts messing up my webpages. ;) Anything that can block some of this crap these losers put out there on the web, is fine with me. More info from Microsoft Research.

“This transformation logic,” Wang says, “can be injected at a firewall, as a browser extension, or by Web publishers.”

Dunagan provides an enthusiastic elaboration.

“That’s something that we both think is really, really nice about this,” he says. “It’s something where ISA can help protect all the people within a corporation, or it can be something where MSN Search makes it so that any of the cached Web pages that you can see on their site cannot contain these exploits; they can help protect everybody who is going to MSN Search to look at these things. There are two different value propositions, and they appeal to many people.”

Some search engines have been trumpeting something called “safe search,” which amounts to a blacklist of known malicious sites.

“BrowserShield can enable a much more powerful way of doing this safe search,” Wang states. “Basically, even for a malicious site that is not already blacklisted, BrowserShield can help prevent it from doing known bad things, such as exploiting a vulnerability of a browser.”

The technology, similarly, can deliver security-enhanced browsing.

“Say there’s a zero-day browser exploit,” Wang says. “At a particular time, a patch might not be available. But in the meantime, we can allow users to browse through a BrowserShield-enabled toolbar. Users would then be able to type URLs into the toolbar rather than in the usual address bar. This allows all Web sites to be sanitized by the BrowserShield toolbar and enables a safe browsing experience.”

Be the first to comment - What do you think?  Posted by Jimmy Daniels - September 5, 2006 at 11:44 pm

Categories: Internet Explorer, Security, Spyware Info, Virus Info   Tags: , ,

Microsoft Releases Internet Explorer 7 RC1

Paul Thurrott gives it four out of five stars.

Internet Explorer 7 RC1 is faster, more stable, and better looking than previous IE 7 betas, so it’s a required update for any users who installed IE 7 Beta 3 or earlier. As for IE 6 users, I think it’s both safe and prudent to migrate to IE 7 now: You’ll be able to upgrade to the final version fairly effortlessly and the security enhancements and new functionality should win over even the most jaded. It’s not a perfect browser, but IE 7 is hugely improved, and even in this prerelease version is worth considering. I don’t think there’s enough there to sway Firefox users quite yet–maybe IE 8?–but IE 7, even in RC1 garb, is looking good. Recommended.

Be the first to comment - What do you think?  Posted by Jimmy Daniels - August 24, 2006 at 5:15 pm

Categories: Internet Explorer   Tags:

Microsoft Releases Latest IE Beta

Microsoft is releasing the latest version of Internet Explorer, and has plans for one more release.

Microsoft Corp. is releasing a new test version of Internet Explorer, the market-leading Web browser that is facing competition from smaller players.

The new beta, available Tuesday for free download to English-languages customers, includes fixes for problems that were causing Internet Explorer 7 to stop working, said Dean Hachamovitch, general manager in charge of Internet Explorer development.

This is Microsoft’s third beta of Internet Explorer 7 made available to the general public, and Hachamovitch said there are plans for one more. The new version comes amid growing competition from browsers such as Firefox, which has long offered functions such as tabbed browsing. Some also consider other browsers to be more secure, since IE, with its market dominance, is a popular target for attacks.

The final version of Internet Explorer 7 is expected to be released in the second half of this year, around the time a version of Microsoft’s new Windows operating system is expected to be available for business users. Source: Yahoo

Grab the latest beta here, http://www.microsoft.com/ie.

In a semi-related article, John C Dvorak, long known for “running off at the mouth” on lots of stuff has posted an article calling the integration of IE into the Operating System the Great Microsoft Blunder.

Microsoft should pull the browser out of the OS and discontinue all IE development immediately. It should then bless the Mozilla.org folks with a cash endowment and take an investment stake in Opera, to influence the future direction of browser technology from the outside in.

He makes a good point this time, believe it or not.

Be the first to comment - What do you think?  Posted by Jimmy Daniels - April 25, 2006 at 12:14 pm

Categories: Internet Explorer   Tags: