Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: Guidance on Internet Explorer XSS Filter

20 Apr 2010   #1
SGT Oddball

Guidance on Internet Explorer XSS Filter

The XSS Filter related Blackhat EU presentation discussed a vulnerability that was previously disclosed and addressed in the January security update to Internet Explorer (MS10-002). This attack scenario involved modified HTTP responses, enabling XSS on sites that would not otherwise be vulnerable.

An additional update tothe IE XSS Filteris currently scheduled for release in June. This change will address a SCRIPT tag attack scenario described in the Blackhat EU presentation. This issue manifests when malicious script can “break out” from within a construct that is already within an existing script block. While the issue identified and addressed in MS10-002 was identified to exist on high-profile web sites, thus far real-world examples of the SCRIPT tag neutering attack scenario have been hard to come by.

Like many security issues – take malware as an example – attack vectors are always a moving target. The role of the browser maker is to do everything we can to keep people safe without them having to do a lot of extra work.

In the case of the Internet Explorer XSS Filter, researchers found scenarios that are generally applicable across XSS filtering technologies in all currently shipping browsers with this technology built-in. In January (MS10-002) and again in March (MS10-018), we took steps to mitigate this threat class and we’ll take the next major step in the June timeframe. Overall we maintain that it’s important to use a browser with an XSS Filter, as the benefits of protection from a large class of attacks outweigh the potential risks from vulnerabilities in most cases.

We look forward to continuing to improve the Internet Explorer XSS Filter going forward to address new attack scenarios and the evolving threat landscape.

David Ross

MSRC Engineering

*This posting is provided "AS IS" with no warranties, and confers no rights*


My System SpecsSystem Spec
20 Apr 2010   #2

Windows 7 + Windows Xp Pro + Ubuntu 10.04 + openSUSE 11.2

The IE8 filter works by scanning outbound requests for strings that may be malicious. When such a string is detected, IE8 will dynamically generate a regular expression matching the outbound string. The browser then looks for the same pattern in responses from the server. If a match is made anywhere in the server's response, the browser assumes that a reflected XSS attack is being conducted and the browser will automatically alter the response so that the XSS attack cannot succeed. The researchers figured out a way to use IE8's altered response to conduct simple abuses and universal cross-site scripting attacks, which worked against sites that would not otherwise have been vulnerable to XSS.Microsoft says that they have issued two patches that address the issue, but the researchers insist that holes remain.

SourceSlashdot Technology Story | IE8's XSS Filter Exposes Sites To XSS Attacks
My System SpecsSystem Spec

 Guidance on Internet Explorer XSS Filter

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar help and support threads
Thread Forum
Internet Explorer - Cross-site Scripting (XSS) Filter - Turn On or Off
How to Turn the Cross-site Scripting (XSS) Filter On or Off in IE8 and IE9 Cross-site scripting attacks are a leading online threat. Their aim is to exploit vulnerabilities in the websites you visit. How do they work? By compromising legitimate websites with malicious content that can capture...
Internet Explorer SmartScreen Filter - Report Unsafe Website
How to Report an Unsafe Website with SmartScreen Filter in Internet Explorer This will show you how to either report a website as unsafe or report a website flagged as unsafe as safe with SmartScreen Filter in IE8, IE9, or IE10. To Report Unsafe Website with SmartScreen Filter 1. In...
Internet Explorer SmartScreen Filter - Turn On or Off
How to Turn "SmartScreen Filter" On or Off in Internet Explorer SmartScreen Filter is a feature in IE8, IE9, IE10, or IE11 that helps detect phishing websites, and can also help protect you from installing malicious software or malware. Online phishing (pronounced like the word fishing)...
InPrivate Filter Manager for Internet Explorer 8
InPrivate Browsing enables you to surf the web without leaving a trail in Internet Explorer. This helps prevent anyone else who might be using your computer from seeing where you visited and what you have looked at on the web. You can start InPrivate Browsing from the new tab page or the Safety...
Browsers & Mail
Internet Explorer - SmartScreen Filter - Prevent Bypassing Warnings
How to Prevent Users from Bypassing SmartScreen Filter Warnings in Internet Explorer The SmartScreen Filter prevents users from navigating to or downloading from sites known to host malicious content. SmartScreen Filter also prevents the execution of files determined to be malicious. This...
Internet Explorer 8 SmartScreen Filter Reaches Important Milestone
More - Internet Explorer 8 SmartScreen Filter Reaches Important Milestone

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 14:47.

Twitter Facebook Google+

Windows 7 Forums

Seven Forums Android App Seven Forums IOS App