Bolstering Protected Mode

Internet Explorer 7 introduced Protected Mode, a defense-in-depth security feature which relied upon the Windows Vista Integrity Levels (IL) system to mitigate drive-by attacks against the browser. Internet Explorer 10 introduced a stronger version of that feature, called Enhanced Protected Mode (EPM), which goes beyond the legacy IL system and provides isolation using the Windows…


Same Origin Policy Part 0: Origins

Recently, someone asked a pretty simple question: “Why doesn’t IE consider the port when evaluating Same Origin Policy?” and I realized that my Same-Origin-Policy series lacks an in-depth look at the concepts surrounding origins. Table of Contents: Same Origin Policy Posts Part 0 – (This post) What’s an Origin Part 1 – Deny Read Part…


Braindump: Feature Control Keys and URLActions

Note: The “brain dump” series is akin to what the team calls “Fast Publish” articles—namely, things that are published quickly, without the usual level of polish, triple-checking, etc. I expect that these posts will contain errors, but I also expect them to be mostly correct. I’m writing these up this way now because they’ve…


Understanding Zone Elevation

The security setting “Websites in less privileged web content zone can navigate into this zone”:   … is one that leads to more questions than almost any other. This setting, also known as Zone Elevation protection, was originally designed to prevent navigation from untrusted Internet content into the highly-trusted Local Machine Zone. Prior to Internet…


Debugging in IE10 on Windows 8

Emulating the “non-Desktop Experience” in the Desktop Experience The new full-screen “fast and fluid” experience of IE10 on Windows 8 offers many improvements over Internet Explorer 10 on the Desktop (ranging from UX to Security), but one thing it lacks is the F12 Developer Tools, used by web developers to debug web pages. While you…


The Intranet Zone

Internet Explorer maps web content into one of five security zones. After the Local Machine Zone, the Local Intranet Zone is probably the most misunderstood of the Zones, and is a common source of confusion and compatibility glitches. Mapping into the Local Intranet Zone For the Trusted and Restricted Sites zones, Zone Mapping is simple….


Understanding Enhanced Protected Mode

Last week, Andy Zeigler announced the introduction of Enhanced Protected Mode (EPM) over on the IEBlog. In today’s post, I’d like to provide further technical details about EPM to help security researchers, IT professionals, enthusiasts, and developers better understand how this feature works and what impact it may have on scenarios they care about. Internet…


Internet Explorer 9.0.2 Update

Tuesday’s Update for Internet Explorer updates the IE9 Help > About dialog’s version number to v9.0.2. The update includes a number of security and functionality fixes; many of these fixes are described in the More Information section of KB2559049. One fix enables the IE9 Download Manager to properly save files on network drives where the…


Default Integrity Level and Automation

Over on StackOverflow, danimajo asked for help in an interesting scenario. Basically, he’s trying to drive Internet Explorer through automation, but finds that when he navigates to an Intranet site, the hidden browser instance appears and he can no longer control it. What’s going on? Background on Protected Mode Internet Explorer’s Protected Mode is a…


Controlling Java in Internet Explorer

Recently, there’s been some interest in how to control the use of Java within Internet Explorer. Java is a unique form of extensibility because it can be invoked in two ways: Using an APPLET element Using an OBJECT element with a CLSID of a JVM These two invocation methods are subject to different security controls,…