News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon

Blog Archives

  • Microsoft deleting – not moving – old Internet Explorer documentation

    Posted on November 9th, 2019 at 05:43 woody Comment on the AskWoody Lounge

    A disturbing report from @VulturEMaN:

    My RSS feeds for MS documentation updates is showing a lot of IE8/9 documentation updates, but when I click those links all result in a 404. Likely these pages are being deleted. This just started over the last 2 days.

    Feed that doesn’t show the deletions: https://support.microsoft.com/app/content/api/content/feeds/sap/en-us/6a88efa5-712b-9e99-f1b9-368dc2d81f2e/rss

    And then they’re deleting the update from the RSS feed itself. The proof is in the RSS posts that my feeder.io account is showing for that feed, since RSS readers typically keep a copy of anything ever in the feed, even if it was added by mistake or removed.

    I have no kind words for people that delete documentation.Why aren’t they moving it to a site like archive.microsoft.com and then put a big banner at the top that it’s legacy? How many of these articles are relevant to later versions of IE, so we don’t repeat history?

    You can read a more detailed account – including a list of 74 links that have disappeared – on Reddit.

  • Here’s why we’re not patching Internet Explorer

    Posted on September 30th, 2019 at 01:05 Tracey Capen Comment on the AskWoody Lounge

    PATCH WATCH

    By Susan Bradley

    There’s no way to sugar-coat this: The current Windows updating situation is a disaster.

    No, I’m not talking about the usual round of side effects in the second–Patch Tuesday updates, the lack of overall patch quality, or the known issues that impact only a small set of Windows users but that we’re still forced to track.

    Read the full story in AskWoody Plus Newsletter 16.35.0 (2019-09-30).

  • To block the latest zero day, instead of removing Internet Explorer, just short-circuit access to MHT files

    Posted on April 18th, 2019 at 11:26 woody Comment on the AskWoody Lounge

    It’s pretty easy, if you know the tricks.

    Step-by-step details in Computerworld.

  • That Internet Explorer XXE zero day poking through to Edge

    Posted on April 18th, 2019 at 07:51 woody Comment on the AskWoody Lounge

    I’ve been slammed for the past few days, and haven’t kept you folks apprised of the latest Internet Explorer 0day.

    It depends on you opening an infect MHT file. MHT is an old file format that’s almost always opened by IE — no matter which browser you’re using, no matter which version of Windows. Catalin Cimpanu has a good overview of this XXE vulnerability on ZDNet.

    It’s a doozy of security hole as it affects every recent version of IE, and it infects whether you’re actively browsing with IE or not.

    When you download files from the internet, they’re marked — the “Mark-Of-The-Web” — to tell programs that special care is required when opening the files. Thus, if you download an infected MHT file, IE will know that it needs to open the MHT file with caution (at “low integrity,” in a sandbox). That severely limits this exploit’s reach.

    There’s a lot of controversy about how bad this XXE hole really is. There have been lots of XXE holes discovered in the past. They’re used to pull files off your machine and send them to the bad guys. Microsoft figured this one isn’t all that bad, in part because of the MOTW mechanism. The folks who discovered this particular hole aren’t so sanguine. They responded to Microsoft’s snub last week by releasing details, proof of concept code, and even a video.

    Yesterday, Mitja Kolsek at 0patch revealed something disconcerting. If you use Edge to download an infected MHT file, Internet Explorer will open it like any other file. Says Kolsek:

    Does Edge not put the mark-of-the-web on downloaded files, or does it do it differently and somehow confuses Internet Explorer? That would be a serious flaw.

    He goes on to explain how Edge changes the permissions on downloaded files and, thus, why IE will open the infected MHT file as if it had no Mark-Of-The-Web.

    All fascinating stuff if you’re into this kind of thing. Ionut Ilascu has a synopsis on BleepingComputer.

    The 0patch company has a quick patch that you can apply, free, if you’re concerned about getting burned. I’m not going to link to it — I don’t want to take responsibility for 3rd-party patches to Windows — but you can find it quite easily if you’re really interested. That said, 0patch is highly regarded, and has made many useful hotfixes for Windows.

    What to do? That’s easy. Don’t open MHT files. And don’t use IE.

    Thx to @Alex5723 and others who have been posting about this problem while I’m off doing other things…..

    Let’s see if I get a definitive answer from this:

    UPDATE: @mkolsek, who published the report yesterday, confirms that reassigning the default handler for MHT files breaks the attack. He tested it. I’ll write this up.

  • Woody’s Windows Watch: Dispatches from the browser-war’s front lines

    Posted on February 18th, 2019 at 05:38 woody Comment on the AskWoody Lounge

    Internet Explorer isn’t a web browser. According to Microsoft, it’s been demoted to a “compatibility solution.”

    Edge has some big fans, very few users — and it’s about to get a heart transplant.

    Chrome’s the crowd pleaser, but one hare-brained idea (recently rescinded) has to give you pause.

    Firefox keeps on foxing, but in terms of usage numbers, it can’t get a break.

    What should you do?

    Out this morning in AskWoody Plus Newsletter 16.6.0. Now available – yes, for free — on AskWoody.

  • Reported crash with the new out-of-band IE fix on Win7, KB 4483187

    Posted on December 20th, 2018 at 09:35 woody Comment on the AskWoody Lounge

    Remember yesterday, when I warned you that these extreme out-of-band patches have a nasty habit of causing havoc?

    Reports of problems with the patches are starting to come in.

    @David Beroff reports:

    Why did my Windows 7 Home Premium (ver 6.1, build 7601, SP1) system start crashing as soon as KB4483187 was installed? I had about 5 crashes in as many hours, while I was trying to work with overseas clients, before I was able to go in and uninstall it. I don’t ever use MSIE, and would uninstall it if I could. No other software was installed recently, and my system is usually as stable as a rock. (The last time I had crashing issues, I narrowed it down to Google’s Backup and Sync, which is now only run manually at night, rather than on startup, but today it was not running at all during any of these events.) Thank you.

    @PKCano has a good first guess:

    My guess is that there is some conflict between the javascript files that were changed in the KB4483187 update and some program you are using on your computer.

    What browser are you using?
    What program(s) are you using when the crash occurs?
    What AV program do you run?

    I know that all of the experts are scurrying around like Chicken Little, telling you that you need to install this patch, like, right now.

    I don’t buy it. There have been no details released that I can find. Clement Lecigne of Google’s Threat Analysis Group, who reported the problem, hasn’t said anything publicly. Google’s TAG is quiet on the topic. No reports of infections.

    When the patching world goes silent like that, it usually means that we’re looking at a very limited vulnerability. It may turn into a monster at some point – but we aren’t yet at that point. The likelihood of having your machine clobbered, in my opinion, is much higher than the likelihood of you hitting this particular security hole.

    Hang on. Although you’ll have to patch sooner or later, you don’t need to do it right now. My best advice is to stop using IE. Yes, I know that security holes in IE can be exploited other ways because IE is still woven into Windows. But the worst offender — Outlook rendering of formatted emails with the IE engine — was plugged many years ago. I haven’t heard of any direct infections through IE. And it’s a big step from an IE exploit to an infection via other means.

    We’re still at MS-DEFCON 2 for a reason.

  • Netmarketshare says Chrome’s getting even more market share, while IE and Edge continue to circle the drain

    Posted on November 1st, 2018 at 10:29 woody Comment on the AskWoody Lounge

    Although Edge itself has gone up by a minuscule amount, IE 11 went down by more than Edge.

    All hail Chrome.

    See Gregg Keizer’s analysis in Computerworld.

    According to California-based analytics company Net Applications, IE’s and Edge’s share dropped by a quarter of a percentage point in October, ending at 13.8%, a record for the century and a number not seen by Microsoft since IE first took on Netscape Navigator in the 1990s.

  • NetMarketshare: Internet Explorer usage up a touch, Edge down

    Posted on July 1st, 2018 at 14:57 woody Comment on the AskWoody Lounge