Archive

Archive for the ‘Internet Explorer 8’ Category

Download fix for Internet Explorer 8 vulnerability

May 9th, 2013 No comments

For years, hackers have targeted computer users by infecting websites. And based on recent reports, we have confirmed that cyber criminals are up to the same, no good behavior—this time targeting Internet Explorer 8. If you use Internet Explorer 6, 7, 9 or 10, this issue will not affect you.

If you are running Internet Explorer 8, we recommend upgrading immediately or installing the newly released Fix it (an easy, one-click download to help keep your computer protected). Not sure if you are running Internet Explorer 8? Learn how to check your web browser version

We’ll continue to monitor the situation and provide further updates here as needed. Tomorrow, we’ll publish information about the monthly Security Updates planned for May. 

To find tips on how to stay safer online, visit the Microsoft Safety and Security Center.

Categories: Fix it, Internet Explorer 8, malware Tags:

Download security update for Internet Explorer

September 21st, 2012 No comments

Today Microsoft released a security update for Internet Explorer. To help protect your computer, visit Windows Update to download and install the update and ensure that you have automatic updating turned on.

Note: This update replaces the Fix it that we posted earlier this week. If you install this update, you do not need the Fix it. If you already installed the Fix it, you still need to install this update.

For technical details, see:

“Fix it” available for Internet Explorer

September 19th, 2012 No comments

Today we released a downloadable tool called a “Fix it” for Internet Explorer that we mentioned in this blog yesterday.

On September 21, we will release a cumulative update for Internet Explorer through Windows Update.  We recommend that you install this update immediately. If you have automatic updating enabled on your computer, you won’t need to take any action – it will automatically update your machine. This update will reinforce the issue that the Fix it addressed and it will also cover other issues.

For more information, see Security Advisory 2757760.

For tips on how to stay safe online, visit the Microsoft Safety and Security Center.

Recent Internet Explorer advisory

September 18th, 2012 No comments

Microsoft released Security Advisory 2757760 yesterday about an issue in Internet Explorer.

The Microsoft Security Response Center (MSRC) is actively monitoring the situation and so far the issue has impacted only an extremely limited number of people.

For more information, see Microsoft Releases Security Advisory 2757760.

Full-strength solution available soon

Within the next few days Microsoft will release an easy-to-use tool (called a “Fix it”) that you can download for free. When the Fix it is available, we will post the link to download it here on this blog. You will also find it on the MSRC blog.

For more information, see Additional information about Internet Explorer and Security Advisory 2757760.

Download free security updates for August

August 14th, 2012 No comments

Microsoft releases security updates on the second Tuesday of every month. 

The bulletin announces the release of 9 security updates:

  • 6 updates for Microsoft Windows
  • 2 update for Microsoft Office
  • 1 update for Internet Explorer

Get the updates.

Watch a video about the updates.

To get more information about security updates and other privacy and security issues delivered to your email inbox, sign up for our newsletter.

Download free security updates for July

July 10th, 2012 No comments

Microsoft releases security updates on the second Tuesday of every month. 

The bulletin announces the release of 9 security updates:

  • 5 updates for Microsoft Windows
  • 3 updates for Microsoft Office
  • 1 update for Internet Explorer

Get the updates.

Watch a video about the updates.

To get more information about security updates and other privacy and security issues delivered to your email inbox, sign up for our newsletter.

Is your browser keeping you safer online?

October 11th, 2011 No comments

Research in the newly released Microsoft Security Intelligence Report Volume 11 reveals how social engineering techniques contribute to the spread of computer infections. Attacks that require user-interaction (social engineering) to spread accounted for 45% of the attacks analyzed in the report.    In addition, old or out-of-date browsers are easier targets for attacks than browsers that are current.

According to data from Net Applications, 25% of all browsers are not up to date. This means approximately 340 million computers worldwide might be at increased risk of infection as a result of malware spread via social engineering techniques.    

Today Microsoft launched the website, YourBrowserMatters.org, to show how updated browsers can help to keep you safer online and why a browser is the first line of defense against infection.

How to change your home page

Your Internet Explorer home page (that is, the first page you seen when you open Internet Explorer) can be set to any webpage you want. Follow the instructions below to set your home page to one you like. Note, though, that if your Internet Explorer home page has suddenly and inexplicably changed to a webpage you didn’t choose, it could be the result of malware (viruses or spyware). If you follow the directions below and your home page keeps changing back to another page, download and install Microsoft Security Essentials to help remove the malware.

To change your home page in Internet Explorer 9

  1. In Internet Explorer, navigate to the page that you want to make your home page.
  2. Right-click the Home icon  on the Internet Explorer 9 toolbar.
  3. Select Add or Change Home Page.
  4. Select either Use this webpage as your only home page, or Add this webpage to your home page tabs.
  5. Click Yes to save your changes.

To change your home page in Internet Explorer 7 and 8

  1. In Internet Explorer, navigate to the page that you want to make your home page.
  2. Click the down arrow next to the Home icon  on the Internet Explorer  toolbar.
  3. Select Add or Change Home Page.
  4. Select either Use this webpage as your only home page, or Add this webpage to your home page tabs.
  5. Click Yes to save your changes.

For more information, see Fix your hijacked web browser.

Download fix for Internet Explorer

March 15th, 2011 Comments off

Microsoft has updated guidance regarding a vulnerability in
Windows (the issue resides in the MHTML protocol handler) through Security
Advisory 2501696
to help protect against
limited targeted attacks. 

Download and install the Fixit

To help protect your computer, download and install the
free Fixit. If
you’ve already applied the Fixit, you are
not at risk.

Need help installing the Fixit? Visit Microsoft Fixit Center
Online
.

For information about ways Internet Explorer can keep you
safe, please see the Windows Security blog post: Security
and Internet Explorer

 

 

 


 

Whoops, sorry about the baseline troubles!

November 23rd, 2010 No comments

If you haven’t heard, Seattle was hit hard by snow and ice yesterday. It took some people up to 10 hours to get home last night . Holy cow! I was lucky – my boss advised I go home yesterday at about 12 noon and I was sitting in my apartment…(read more)

Whoops, sorry about the baseline troubles!

November 23rd, 2010 No comments

If you haven’t heard, Seattle was hit hard by snow and ice yesterday. It took some people up to 10 hours to get home last night . Holy cow! I was lucky – my boss advised I go home yesterday at about 12 noon and I was sitting in my apartment…(read more)

Whoops, sorry about the baseline troubles!

November 23rd, 2010 Comments off

If you haven’t heard, Seattle was hit hard by snow and ice yesterday. It took some people up to 10 hours to get home last night . Holy cow! I was lucky – my boss advised I go home yesterday at about 12 noon and I was sitting in my apartment…(read more)

New beta setting packs for Windows 7 and Internet Explorer 8

September 27th, 2010 No comments

The Solution Accelerators team is happy to announce the most recent additions to the Security Compliance Manager Baseline Beta Review Program: new setting packs for Windows 7 and Internet Explorer 8.
Join the Security Compliance Manager Baseline Beta…(read more)

New beta setting packs for Windows 7 and Internet Explorer 8

September 27th, 2010 No comments

The Solution Accelerators team is happy to announce the most recent additions to the Security Compliance Manager Baseline Beta Review Program: new setting packs for Windows 7 and Internet Explorer 8.
Join the Security Compliance Manager Baseline Beta…(read more)

New beta setting packs for Windows 7 and Internet Explorer 8

September 27th, 2010 Comments off

The Solution Accelerators team is happy to announce the most recent additions to the Security Compliance Manager Baseline Beta Review Program: new setting packs for Windows 7 and Internet Explorer 8.
Join the Security Compliance Manager Baseline Beta…(read more)

Protecting Browsers with Defense In Depth Techniques

March 26th, 2010 Comments off

Posted on half of Pete LePage on the Internet Explorer team.

Protecting Windows customers is an absolute priority for the Internet Explorer engineering team.  That’s why we work hard to make sure our browser has some of the best safety and privacy features available today.  We’ve spent a lot of time talking about some of the more visible safety and privacy features like our SmartScreen Filter, that protects users from socially engineered malware and phishing attacks; or the InPrivate features that put you in control of how you share your information.

But there are a number of other features that aren’t as visible and help prevent vulnerabilities from being exploited, though some are only available on newer platforms like Windows Vista or Windows 7.  For example, Protected Mode helps ensure exploited code cannot access system or other resources.  Address Space Layout Randomization (ASLR)helps prevent attackers from getting memory addresses to use in buffer overflow situations.  Data Execution Prevention (DEP) helps to foil attacks by preventing code from running in memory that is marked non-executable.  These defense in depth protections are designed to make it significantly harder for attackers to exploit vulnerabilities. 

One way to think about what defense in depth techniques do is similar to the features offered by fire-proof safes that make them last longer in a fire.  Without defense in depth techniques, a fire-proof safe may only protect its contents for an hour or two.  A stronger fire-proof safe with several defense in depth features still won’t guarantee the valuables forever, but adds significant time and protection to how long the contents will last.

Recently, there has been some news from some security researchers about how they’ve managed to bypass DEP or ASLR in Internet Explorer (and Firefox as well).  But like the fire-proof safe example above, defense in depth techniques aren’t designed to prevent every attack forever, but to instead make it significantly harder to exploit a vulnerability.  Defense in depth features, including DEP and ASLR continue to be highly effective protection mechanisms.

Internet Explorer 8 on Windows 7 helps protect users with all of these defense in depth features, and there is nothing that you have to do to enable them – they’re on by default.  That’s one of the reasons why we encourage users to make sure they’re running the latest and most up-to-date software.

Protecting Browsers with Defense In Depth Techniques

March 26th, 2010 No comments

Posted on half of Pete LePage on the Internet Explorer team.

Protecting Windows customers is an absolute priority for the Internet Explorer engineering team.  That’s why we work hard to make sure our browser has some of the best safety and privacy features available today.  We’ve spent a lot of time talking about some of the more visible safety and privacy features like our SmartScreen Filter, that protects users from socially engineered malware and phishing attacks; or the InPrivate features that put you in control of how you share your information.

But there are a number of other features that aren’t as visible and help prevent vulnerabilities from being exploited, though some are only available on newer platforms like Windows Vista or Windows 7.  For example, Protected Mode helps ensure exploited code cannot access system or other resources.  Address Space Layout Randomization (ASLR)helps prevent attackers from getting memory addresses to use in buffer overflow situations.  Data Execution Prevention (DEP) helps to foil attacks by preventing code from running in memory that is marked non-executable.  These defense in depth protections are designed to make it significantly harder for attackers to exploit vulnerabilities. 

One way to think about what defense in depth techniques do is similar to the features offered by fire-proof safes that make them last longer in a fire.  Without defense in depth techniques, a fire-proof safe may only protect its contents for an hour or two.  A stronger fire-proof safe with several defense in depth features still won’t guarantee the valuables forever, but adds significant time and protection to how long the contents will last.

Recently, there has been some news from some security researchers about how they’ve managed to bypass DEP or ASLR in Internet Explorer (and Firefox as well).  But like the fire-proof safe example above, defense in depth techniques aren’t designed to prevent every attack forever, but to instead make it significantly harder to exploit a vulnerability.  Defense in depth features, including DEP and ASLR continue to be highly effective protection mechanisms.

Internet Explorer 8 on Windows 7 helps protect users with all of these defense in depth features, and there is nothing that you have to do to enable them – they’re on by default.  That’s one of the reasons why we encourage users to make sure they’re running the latest and most up-to-date software.

Protecting Browsers with Defense In Depth Techniques

March 26th, 2010 No comments

Posted on half of Pete LePage on the Internet Explorer team.

Protecting Windows customers is an absolute priority for the Internet Explorer engineering team.  That’s why we work hard to make sure our browser has some of the best safety and privacy features available today.  We’ve spent a lot of time talking about some of the more visible safety and privacy features like our SmartScreen Filter, that protects users from socially engineered malware and phishing attacks; or the InPrivate features that put you in control of how you share your information.

But there are a number of other features that aren’t as visible and help prevent vulnerabilities from being exploited, though some are only available on newer platforms like Windows Vista or Windows 7.  For example, Protected Mode helps ensure exploited code cannot access system or other resources.  Address Space Layout Randomization (ASLR)helps prevent attackers from getting memory addresses to use in buffer overflow situations.  Data Execution Prevention (DEP) helps to foil attacks by preventing code from running in memory that is marked non-executable.  These defense in depth protections are designed to make it significantly harder for attackers to exploit vulnerabilities. 

One way to think about what defense in depth techniques do is similar to the features offered by fire-proof safes that make them last longer in a fire.  Without defense in depth techniques, a fire-proof safe may only protect its contents for an hour or two.  A stronger fire-proof safe with several defense in depth features still won’t guarantee the valuables forever, but adds significant time and protection to how long the contents will last.

Recently, there has been some news from some security researchers about how they’ve managed to bypass DEP or ASLR in Internet Explorer (and Firefox as well).  But like the fire-proof safe example above, defense in depth techniques aren’t designed to prevent every attack forever, but to instead make it significantly harder to exploit a vulnerability.  Defense in depth features, including DEP and ASLR continue to be highly effective protection mechanisms.

Internet Explorer 8 on Windows 7 helps protect users with all of these defense in depth features, and there is nothing that you have to do to enable them – they’re on by default.  That’s one of the reasons why we encourage users to make sure they’re running the latest and most up-to-date software.

Windows 7 Vulnerability Claims

November 7th, 2009 Comments off

Now that Windows 7 is available, a recent blog by Chester Wisnieski (who works at security vendor Sophos), entitled Windows 7 vulnerable to 8 out of 10 viruses, which has stirred some interest.

Here’s a quick summary for those who missed Chester’s blog. During a test SophosLabs conducted, they subjected Windows 7 to “10 unique [malware] samples that arrived in the SophosLabs feed.” They utilized a clean install of Windows 7, using default settings (including the UAC defaults), but did not install any anti-virus software. The end result was 8 of the 10 malware samples successfully ran and the blog proclaims that “Windows 7 disappointed just like earlier versions of Windows.” Chester’s final conclusion? “You still need to run anti-virus on Windows 7.” Well, we agree: users of any computer, on any platform, should run anti-virus software, including those running Windows 7.

Clearly, the findings of this unofficial test are by no means conclusive, and several members of the press have picked apart the findings, so I don’t need to do that. I’m a firm believer that if you run unknown code on your machine, bad things can happen. This test shows just that; however, most people don’t knowingly have and run known malware on their system. Malware typically makes it onto a system through other avenues like the browser or email program. So while I absolutely agree that anti-virus software is essential to protecting your PC, there are other defenses as well.

Let me recap some of the Windows 7 security basics. Windows 7 is built upon the security platform of Windows Vista, which included a defense-in-depth approach to help protect customers from malware. This includes features like User Account Control (UAC), Kernel Patch Protection, Windows Service Hardening, Address Space Layout Randomization (ASLR), and Data Execution Prevention (DEP) to name just a few. The result, Windows 7 retains and refines the development processes, including going through the Security Development Lifecycle, and technologies that made Windows Vista the most secure Windows operating system ever released.

Beyond the core security of Windows 7, we have also done a lot of work with Windows 7 to make it harder for malware to reach a user’s PCs in the first place. One of my favorite new features is the SmartScreen Filter in Internet Explorer 8. The SmartScreen Filter was built upon the phishing protection in Internet Explorer 7 and (among other new benefits) adds protection from malware. The SmartScreen Filter will notify you when you attempt to download software that is unsafe – which the SophosLabs methodology totally bypassed in doing their test.

So while I’m not a fan of companies sensationalizing findings about Windows 7 in order to sell more of their own software, I nevertheless agree with them that you still need to run anti-virus software on Windows 7.  This is why we’ve made our Microsoft Security Essentials offering available for free to customers. But it’s also equally important to keep all of your software up to date through automatic updates, such as through the Windows Update service. By configuring your computers to download and install updates automatically you will help ensure that you have the highest level of protection against malware and other vulnerabilities.

Windows 7 Vulnerability Claims

November 7th, 2009 No comments

Now that Windows 7 is available, a recent blog by Chester Wisnieski (who works at security vendor Sophos), entitled Windows 7 vulnerable to 8 out of 10 viruses, which has stirred some interest.

Here’s a quick summary for those who missed Chester’s blog. During a test SophosLabs conducted, they subjected Windows 7 to “10 unique [malware] samples that arrived in the SophosLabs feed.” They utilized a clean install of Windows 7, using default settings (including the UAC defaults), but did not install any anti-virus software. The end result was 8 of the 10 malware samples successfully ran and the blog proclaims that “Windows 7 disappointed just like earlier versions of Windows.” Chester’s final conclusion? “You still need to run anti-virus on Windows 7.” Well, we agree: users of any computer, on any platform, should run anti-virus software, including those running Windows 7.

Clearly, the findings of this unofficial test are by no means conclusive, and several members of the press have picked apart the findings, so I don’t need to do that. I’m a firm believer that if you run unknown code on your machine, bad things can happen. This test shows just that; however, most people don’t knowingly have and run known malware on their system. Malware typically makes it onto a system through other avenues like the browser or email program. So while I absolutely agree that anti-virus software is essential to protecting your PC, there are other defenses as well.

Let me recap some of the Windows 7 security basics. Windows 7 is built upon the security platform of Windows Vista, which included a defense-in-depth approach to help protect customers from malware. This includes features like User Account Control (UAC), Kernel Patch Protection, Windows Service Hardening, Address Space Layout Randomization (ASLR), and Data Execution Prevention (DEP) to name just a few. The result, Windows 7 retains and refines the development processes, including going through the Security Development Lifecycle, and technologies that made Windows Vista the most secure Windows operating system ever released.

Beyond the core security of Windows 7, we have also done a lot of work with Windows 7 to make it harder for malware to reach a user’s PCs in the first place. One of my favorite new features is the SmartScreen Filter in Internet Explorer 8. The SmartScreen Filter was built upon the phishing protection in Internet Explorer 7 and (among other new benefits) adds protection from malware. The SmartScreen Filter will notify you when you attempt to download software that is unsafe – which the SophosLabs methodology totally bypassed in doing their test.

So while I’m not a fan of companies sensationalizing findings about Windows 7 in order to sell more of their own software, I nevertheless agree with them that you still need to run anti-virus software on Windows 7.  This is why we’ve made our Microsoft Security Essentials offering available for free to customers. But it’s also equally important to keep all of your software up to date through automatic updates, such as through the Windows Update service. By configuring your computers to download and install updates automatically you will help ensure that you have the highest level of protection against malware and other vulnerabilities.