Search the Community

Most browsers have had an active developer channel for quite some time, but Internet Explorer was not a member of that select group until this week. Microsoft’s browser has now joined the developer channel elite with builds available for Windows 7 SP1 and 8.1 systems! F12 Interface screenshot courtesy of MSDN Blogs. The builds are available in 32 and 64 bit flavors, and will not over-ride your current Internet Explorer installation as shown in the following quote: From the MSDN blog post: IE Developer Channel can run alongside and independently of IE11, and has all of the browser features that you love in IE11, as well as the latest platform features we’re working on. This is a wonderful opportunity for those who love testing cutting edge features in all browsers or want to keep abreast of possible new features in upcoming stable releases of Internet Explorer. Keep in mind that you will need (at a minimum) .NET 4.0 or higher and PowerShell 3.0 installed. You can learn more about the new developer channel and download the appropriate version for your systems via the links below. Announcing Internet Explorer Developer Channel [MSDN Blogs] Download the Internet Explorer Developer Channel for Windows 7 SP1 [Microsoft Download Center] Download the Internet Explorer Developer Channel for Windows 8.1 [Microsoft Download Center] For those who may need to install PowerShell 3.0, you can download the appropriate version as part of ‘Windows Management Framework 3.0′ for your system here: Download Windows Management Framework 3.0 [Microsoft Download Center] Source: How-To Geek

July 2014 Patch Tuesday is here and Microsoft has issued six security bulletins affecting all versions of Internet Explorer, as well as versions of Windows. Two of the bulletins are rated Critical and deal with Remote Code Execution, while three are rated Important and deal with elevation of privileges within Windows. The sixth bulletin is rated Moderate and deals with denial of service attacks. The first bulletin is the most important and is rated Critical. It affects all versions of Internet Explorer from Internet Explorer 6 to 11 and deals with Remote Code Execution. As Qualys states, this patch should be top of your list, since most attacks involve your web browser in some way. The three Important updates deal with elevation of privilege vulnerabilities in all versions of Windows. Windows 8.1 and Windows RT will receive the two Critical updates as well as three Important updates. The Moderate update deals with Microsoft Service Bus for Windows Server. "The Service Bus is a newer component of Windows in use in the Windows Azure environment for the development of loosely coupled applications. In our estimate, few companies will have installed that component, and on Azure, Microsoft will take care of the patching for you," Wolfgang Kandek from Qualys stated. Patch Tuesday rolls out July 8th, so keep an eye on Windows Update for these security fixes. If you have automatic update enabled, you will be prompted for a reboot. Source

Bromium Labs today issued its "Endpoint Exploitation Trends" report that shows Internet Explorer set a record high for reported vulnerabilities in the first half of 2014, and also leads in publicly reported exploits. According to Bromium, "Internet Explorer took the cap for historic high number of security patches in over a decade, and that feat was accomplished in the first six months of 2014!" It's not all bad news for users of Internet Explorer though. While the browser was easily the most exploited tool, Microsoft has been reacting much quicker to plug vulnerabilities. The company took more than 90 days to release its first patch for IE9, yet IE11’s first critical patch emerged just five days after the new browser was generally available. Bromium says "In the first half of 2014, the growth in zero day exploitation continued unabated from 2013. Unsurprisingly, all of the zero day attacks targeted end-user applications such as browsers and productivity applications like Microsoft Office. Typically these attacks are launched leveraging users as bait using classic spear-phishing tactics. The notable aspect for this year thus far in 2014 is that Internet Explorer was the most patched and also one of the most exploited products, surpassing Oracle Java, Adobe Flash and others in the fray. Bromium Labs believes that the browser will likely continue to be the sweet spot for attackers". Adobe Flash joins Internet Explorer as one of the most targeted products, with Action Script Sprays among the new techniques used to exploit it. Java, despite its notorious reputation, had no reported zero day exploitations in the first half of 2014, although that might be partially down to users taking action and disabling it, forcing attackers to switch their attentions elsewhere. "End users remain a primary concern for information security professionals because they are the most targeted and most susceptible to attacks" said Rahul Kashyap, chief security architect, Bromium. "Web browsers have always been a favorite avenue of attack, but we are now seeing that hackers are not only getting better at attacking Internet Explorer, they are doing it more frequently". Full Report Here Source

Microsoft today announced the launch of a developer channel for Internet Explorer. While most popular browsers offer numerous release channels, Microsoft has always held back from this idea and instead launched preview versions of its upcoming releases a few weeks or months before the actual launch. That’s changing. Now, developers and early adopters can install a developer version of IE that can run alongside their existing IE11 installs on Windows 7 SP1 and Windows 8.1. Microsoft says the idea here is to give developers a better understanding of the features the team is working on. The company first lifted some of the secrecy that has historically surrounded its browser development a few weeks ago by posting a list of features the team was working on, or at least considering, for inclusion into IE. Now, it’s following this up by actually shipping the bytes, too. Microsoft tells me the developer channel will get updates “when there are meaningful changes” the company wants to push out to developers for testing. To keep the developer channel separate from the existing IE11 installs on Windows 7 and 8.1, the browser will use Microsoft’s Application Virtualization technology to virtualize the install. This, however, means the app incurs a small performance penalty because it doesn’t have direct access to your hardware, so Microsoft recommends that this version shouldn’t be used to measure site performance. It also shouldn’t be installed in an enterprise environment. In this first release, Microsoft is shipping a couple of new tools for developers, including new tools for debugging, as well as better memory and user-interface responsiveness analytics. IE now also supports access to the Xbox controller for web-based gaming, and the team has improved WebGL performance and added support for a number of WebGL features like 16-bit textures and triangle fans. Clearly, Microsoft has understood that if it wants to keep IE relevant, it needs to open up the development process a bit more. This change will also allow Microsoft to get a bit more feedback from developers before it launches a new version (and maybe get some early feedback on security issues, too). What’s unclear, though, is whether Microsoft will also use this channel to test any user-interface changes. Source

Every month, the good folks from the Net Market Share reveal the current status of browsers and operating systems. Now, let's see how various Web browsers fared in the last month. The Internet Explorer has continued its massive dominance in the market. Internet Explorer 8 remains the most used Web browser. The stats suggest that more people have started using IE8, as its share went up from 21.25 percent to 21.56 percent. At the second sport surfs Internet Explorer 11, the current version of the giant Web browser. Its share has gone down from 17.01 percent to 16.78 percent. The biggest fall has been marked by Chrome 35, whose share went down from 12.5 percent to 9.08 percent. Whereas, the recently launched Chrome 36 has already snagged 5.72 percent share. It’s absurd that people are still using Chrome, despite the fact that it is after their laptop's battery. In some other changes, the share of Internet Explorer 9 surged a bit from 9.03 percent to 9.06 percent, whereas, Firefox 30 also climbed up from 5.62 percent it had a month earlier to 9.27 percent. Source

At 10 AM Pacific time on Thursday, Microsoft will release an update to address the zero day vulnerability recently disclosed in all versions of Internet Explorer. The advance notification of the update lists Windows XP as among the affected platforms, indicating that it will be among the platforms patched, in spite of its support period ending weeks ago. Adrienne Hall, General Manager, Microsoft Trustworthy Computing stated "[T]he security of our products is something we take incredibly seriously. When we saw the first reports about this vulnerability we decided to fix it, fix it fast, and fix it for all our customers." Users with Automatic Updates enabled do not have to do anything, although running Windows Update will apply the fix immediately. In a blog entry, Hall explains Microsoft's approach, which mostly is to urge users to move on from Windows XP. The company decided to move quickly when they were made aware of this vulnerability and to patch Windows XP because of the proximity to its end of support period. Further information on the update may be found at KB2964358. Among the advice there, IE will crash if you install the update on a Windows 7 system whch does not have KB2929437 installed. If you use Windows Update these determinations and appropriate installations will be made automatically. Otherwise, follow the instructions in KB2964358. Source

According to New Relic’s data, which analyzed more than 16.8 million page loads from early October through early November last year, BlackBerry 10 devices loaded web pages in 1.55 seconds on average. The second-fastest web browser, Opera Mini 4.2, wasn’t even close, with page load times that averaged 4.78 seconds. In other words, the BlackBerry 10 browser is more than three times faster than its next-closest competitor. Apple’s Safari browser on the iPad came in at No. 3 with an average page load time of 4.91 seconds, and no other native web browser was even included in New Relic’s top-9 rankings. An infographic showcasing the company’s test results follows below. Source

Microsoft announced this afternoon that the zero-day vulnerability being exploited in a watering hole attack against an unnamed U.S.-based NGO website was already scheduled to be patched in a cumulative Internet Explorer update tomorrow. The zero-day was reported publicly on Friday by FireEye researchers and today a few more dots were connected on the attack, which is dropping a variant of the McRAT Trojan that has been used in a number of targeted espionage attacks targeting industrial secrets. Microsoft promised a relatively light Patch Tuesday tomorrow that included another IE rollup, a staple of the company’s monthly security updates in 2013. Dustin Childs, a group manager in the Microsoft Trustworthy Computing group, said today that the vulnerability in an IE ActiveX Control will be patched in MS13-90 tomorrow. In its advanced notification released last Thursday, Microsoft said the IE bulletin is rated critical because it involves flaws that can lead to remote code execution. The critical rating applies to IE 6-8 on Windows XP, IE7-9 on Vista, IE 8-10 on Windows 7, and IE 10 on Windows 8 and 8.1; all other versions are rated important. FireEye, today told Threatpost, that the attack is limited to a single U.S.-based website hosting domestic and international policy guidance. No details were available on how the site was compromised, only that the victims were hit by malware in drive-by download attacks targeting an information leakage vulnerability and a memory corruption issue leading to remote code execution. What differentiates this attack from other watering hole attacks is that victims are not subject to malicious iframes or traffic-redirects to attacker-controlled sites and further malware downloads. Instead, McRAT is injected directly into memory, a new twist on advanced targeted attacks. By using memory-only methods, the attack is exceptionally difficult for network defenders to detect, when trying to examine and confirm which endpoints are infected, using traditional disk-based forensics methods,” said Darien Kindlund, FireEye director of threat intelligence. Microsoft said a number of mitigations are available to IE users as a mitigation until a patch is applied, namely setting security zone settings to “High” to block ActiveX Controls and Active Scripting, though users could experience some usability issues. IE can also be configured to prompt a user before running Active Scripting. The Enhanced Mitigation Experience Toolkit (EMET) is also a viable mitigation, Microsoft said. The IE patch is one of eight bulletins scheduled for tomorrow, three of those rated critical. The scheduled security updates, however, will not include a patch for the Windows TIFF zero day being actively exploited in attacks primarily in Pakistan. The vulnerability in several Windows and Office versions is being exploited in targeted attacks against Windows XP systems running Office 2007. Microsoft released a Fix-Ittool as a stopgap measure until a patch is released out of band or with the December security updates. Source

Microsoft revealed some new details today about the Internet Explorer app on Xbox One, including the extent to which your voice and hands can be used to control the experience on your television. While the Kinect is turned on, you’ll be able to use the phrase “Xbox, select” to review which verbal commands are available within Internet Explorer. A screenshot posted by Microsoft reveals eight core phrases that can be used. These are: Scroll up, scroll down, add favorite, refresh, show address bar, click on , and browse to . If you use the phrase “click on”, you can then activate any link currently shown on the page. Microsoft says that you’ll only need to utter a few words to make it work – even if the link you’re asking for is incredibly long. Meanwhile, the command “browse to” will let you request any of your favorite sites or those most-visited in your current location. It seems that the core phrases shown along the top of the screen will change depending on the content that is being shown on the webpage. Microsoft says you’ll also be able to use your voice to play back embedded media and watch videos in full-screen mode; neither of these are listed in the company’s screenshot, however. If you don’t fancy stretching your vocal cords, Kinect will also enable a number of hand gestures in the Internet Explorer app. Once you reach out and grab the current webpage, you’ll be able to move your hand up and down to scroll vertically, or forwards and backwards to zoom in and out. When you move your hand over a link (emulating a cursor), you can also imitate pressing the screen to activate it. Unlike the original Kinect for the Xbox 360, where you would hold your hand out and have to wait for the peripheral to evaluate your choice, this should be a much faster control scheme. Microsoft says that if a number of links are bunched close together, the Internet Explorer app will also zoom-in automatically. Source

Today in this tutorial we'll tell you a few methods to remove password reveal button from Internet Explorer 10, 11 and Windows 8/8.1 operating systems. Using Group Policy Editor (gpedit.msc) 1. Press "WIN+R" key combination to launch RUN dialog box, then type gpedit.msc and press Enter. It'll open Group Policy Editor. 2. Go to Computer Configuration -> Administrative Templates -> Windows Components -> Credential User Interface 3. In right-side pane, double-click on "Do not display the password reveal button" option and set its value to "Enabled". 4. You're Done Using Registry Editor (regedit) 1. Type "regedit" in RUN dialog box and press Enter. It'll open Registry Editor. 2. Now go to following key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CredUI Note: If you can't find "CredUI" key, you'll need to create it manually. 3. In right-side pane, create a new DWORD DisablePasswordReveal and set its value to 1 4. You're Done Source

Interactive Table and Source

Microsoft has released and IE11 Developer preview for Windows 7 and Windows Server 2008 R2. This is still considered a preview build which users may find a bit buggy or there could be other issues with the pre-release software, so install it with caution. IE11 is the latest browser from the Microsoft camp and will ship with Windows 8.1 that will arrive later this year. Microsoft has added quite a few features to IE11 including WebGL support, improved touch performance on non-touch based sites, improved keyboard navigation support, improved favorites support, and a bunch of other features that you can read about here from our IE11 preview post. Download: IE11 for Windows 7 and Windows Server 2008 R2 News Source: http://www.neowin.net/news/ie11-developers-preview-for-windows-7-released