December 2008 - posts - Ruud de Jonge

Ruud de Jonge

over Microsoft Platform en Security ontwikkelingen

December 2008 - posts

Questions about Vulnerability Claim in Windows Media Player

Happy holidays to everyone. While it’s been a snowy holiday season for us in the Pacific Northwest (some of us are still snowed in), the MSRC never closes and we are always working to help keep customers safe.

In that vein, we’ve received some questions about a vulnerability report that was initially posted late on Christmas eve. When we saw it we set our teams to work over the holidays to investigate it. They’ve wrapped up their investigation and since we’ve gotten questions on it, I wanted to pass along what we’ve found.

If you haven’t seen it, there was a report about a possible issue affecting all versions of Microsoft Windows Media player. The security researcher making the initial report didn’t contact us or work with us directly but instead posted the report along with proof of concept code to a public mailing list. After that report, other organizations picked the report up and claimed that the issue was a code execution vulnerability in Windows Media Player.

Those claims are false. We’ve found no possibility for code execution in this issue. Yes, the proof of concept code does trigger a crash of Windows Media player, but the application can be restarted right away and doesn’t affect the rest of the system. My colleague, Jonathan Ness has gone through with more of the technical details here.

Unfortunately, the researcher chose not to come to us with this initial report. If he had, we would’ve done the exact same investigation we just completed. When we were done, we would have let them know what we found, asked him if he thinks we might have missed something, continued the investigation if there was more information and ultimately closed the case if we didn’t find a vulnerability. This is how we handle all of the cases we investigate with responsible researchers every year. And even when people choose not to report issues responsibly, we do the same thing: launch an investigation to fully research the claims and take action to appropriately address any and all issues that we find in that investigation. While we don’t normally talk publically about issues that aren’t vulnerabilities, we’ve gotten enough questions about this that it seemed a good chance to both answer those questions and explain some more of how we do things in the MSRC.

For this particular case, we actually found this issue as part of our ongoing code maintenance and actually it’s already addressed in Windows Server 2003 SP2 and will be addressed in other versions in the future. And we hope that the researcher will work with us directly the next time he thinks he found an issue. We always say that every new case with a security researcher starts the relationship off fresh: we’re happy to work with anyone who reports an issue to us responsibly, regardless of past issues.

Thanks,

Christopher

http://blogs.technet.com/msrc/archive/2008/12/29/questions-about-vulnerability-claim-in-windows-media-player.aspx

Posted: Dec 29 2008, 10:51 PM door Ruud de Jonge | met no comments
Opgeslagen onder: ,
Microsoft introduceert gratis ontwikkelsoftware voor studenten

clip_image002

DreamSpark vanaf vandaag ook in Nederland

Schiphol, 18 december 2008 – Miljoenen studenten hebben wereldwijd de mogelijkheid om op basis van het DreamSpark-programma gratis ontwikkel- en ontwerpsoftware van Microsoft te downloaden. Door samenwerking tussen Microsoft Nederland en SURFdiensten kunnen vanaf vandaag ook studenten van Nederlandse universiteiten en hogescholen via surfspot.nl kosteloos van DreamSpark gebruikmaken.

Maarten-Jan Vermeulen van Microsoft Nederland: “We willen studenten aanmoedigen om creatieve en innovatieve toepassingen te ontwikkelen. Met DreamSpark hebben zij alle ontwikkel- en ontwerpsoftware tot hun beschikking om hiermee aan de slag te gaan.” DreamSpark bevat onder andere de development tools Visual Studio en designer tools zoals Expression Studio en SQL Server.

Studenten bestellen via www.surfspot.nl een gratis unieke inlogcode. Deze geeft hen toegang tot DreamSpark waar de software van Microsoft gratis gedownload kan worden. Jan Bakker van SURFdiensten: “Met DreamSpark krijgen studenten vrije toegang tot ontwikkel- en ontwerpsoftware van Microsoft. Dit initiatief past uitstekend binnen onze doelstelling om via surfspot.nl het best mogelijke aanbod van software bij onze doelgroep aan te bieden.” Door de inlogcode via surfspot.nl uit te geven, is Microsoft ervan verzekerd dat het een student betreft die gerechtigd is de software gratis te downloaden.

Kijk voor meer informatie (Engels) over DreamSpark op:

http://www.microsoft.com/Presspass/press/2008/feb08/02-18GSDPR.mspx

http://www.microsoft.com/presspass/features/2008/feb08/02-18DreamSpark.mspx

Posted: Dec 18 2008, 11:36 AM door Ruud de Jonge | met 2 comment(s)
Opgeslagen onder: ,
. . . .Yes, pigs can fly and the “X-Files” programs are true, but When Will the Fat Lady Sing?

image Blog posting van mijn goede collega Ed Gibson. Deze man is een loopbaan in de Entertainment industrie misgelopen :-)

-----------------------------------------

A few days ago we read about the $50 Billion (£38billion) ponzi or advance fee scheme run by the former Chairman of NASDAQ – Bernard Madoff. Investment Securities International Limited, in London, was one of his operations. We didn’t need to read any tea leaves to know that the age old questions will again be asked, “How could this happen?”, “Where were the regulators?”, “How could reputable companies and institutions have been suckered?” We do know he was not a William Shakespeare’s ‘shylock’; in fact, he was “a most beloved human being”. The character references we hear about this guy remind me of the interviews of neighbours living next to Jeffrey Dahmer following his arrest, “He was such a nice person. We would have dinners at his home.”

Let’s get real! We all know how this happened. White Collar Criminals are the best in the league. Having investigated scores of massive complex fraud schemes during my career as an FBI Agent, there was always one common thread. They gave what their victims wanted. Hope. A couple of them even wrote to me from their prison cells because I gave them what they craved. Attention. So, this begs the very question: “Has the fat lady sung?” And that’s why I am once again going to print my list of online things for you to stay away from no matter how good they might look.

1) Banks will NEVER ask you to verify your account details – they already have your details.

2) MySpace, Bebo, Facebook, and ALL other social network sites are OPEN by default. Unless you want everyone (including that bully at school, the nosey neighbour, your boss, your mother, or the paedophile in Thailand) looking at your site, NEVER use it until you make it PRIVATE. Go into settings and follow the instructions. See www.safesocialnetworking.com. Same goes with Instant Messenger – if you don’t know the person, don’t add them as a contact.

3) Microsoft has not and NEVER will hold a Lottery.

4) You know if you have relatives in Nigeria or West Africa. NEVER ‘help’ someone you don’t know move money from a foreign country – that makes you a criminal too!

5) NEVER click a hyperlink in an email from someone you don’t know. And be wise, unless you know who is sending you the online Birthday or Christmas card NEVER click on it – it’s loaded with malware or will redirect you to someplace you don’t want to be. Miscreants and criminals frequently abuse the ‘Hallmark’ name because it is so recognizable. If your name is not in the body of the email, do not click on it.

6) Wireless Internet: Make sure your wireless internet is secure (WEP is okay, WPA is better – and if you don’t know what these terms mean, read the instructions that came with your wireless device. If that fails, do NOT use your wireless internet until you find a trusted advisor to fix it (generally your neighbour’s 8 or 9 year old kid).

7) There is no free lunch. NEVER reply to email requests for charitable contributions. You call the charity yourself and know who you are talking to.

8) If there is a free lunch it’s because you are going to pay for it. NEVER reply to pop up ads telling you to run free anti-spyware or anti-malware to get rid of spyware or viruses. You can be certain they will ‘find’ bad stuff on your computer requiring you to buy what they want to sell. OR they will load stealth software onto your computer to steal what’s important to you.

9) NEVER think you are smarter than the criminal. You may be, but if you reply, you lose, you will always lose.

10) Falling in love at first sight does happen – and it’s fabulous when it does – but falling in love online, whether in Second Life (www.SecondLife.com) or another online virtual world, can be dangerous. Hey, if you are scoring a 4 or 5 in real life, you gotta wonder why a 9 or 10 is chatting you up online.

Happy Holidays everyone! See you in 2009. As always, I look forward to hearing from you at EdGibson@Microsoft.com

Ed

Edward P Gibson

Chief Security Advisor

Microsoft Ltd UK

http://edgibsontilii.spaces.live.com – my blog about life and my own ramblings.

Posted: Dec 18 2008, 09:50 AM door Ruud de Jonge | met no comments
Opgeslagen onder:
Alert - Critical Product Vulnerability - December 17 2008 Microsoft Security Bulletin Release (Out of Band)

What is the purpose of this alert?

 

This alert is to provide you with an overview of the new security bulletin being released (out-of-band) on December 17, 2008. Microsoft has released security bulletin MS08-078, Security Update for Internet Explorer (960714), to address a vulnerability in all currently supported versions of Internet Explorer . This security update was released outside of the usual monthly security bulletin release cycle in an effort to protect customers.

Executive Summary

This security update resolves a publicly disclosed vulnerability in Internet Explorer. The vulnerability could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The security update addresses the vulnerability by modifying the way Internet Explorer validates data binding parameters and handles the error resulting in the exploitable condition.

This security update also addresses the vulnerability first described in Microsoft Security Advisory 961051.

Recommendations

Microsoft recommends customers prepare their systems and networks to apply this security bulletin immediately once released to help ensure that their computers are protected from attempted criminal attacks. For more information about security updates, visit http://www.microsoft.com/protect.

New Security Bulletin Technical Details

Identifier

MS08-078

Severity Rating

This security update is rated Critical for Internet Explorer 5.01, Internet Explorer 6, Internet Explorer 6 SP1, and Internet Explorer 7.

Impact of Vulnerability

Remote Code Execution

Detection

Microsoft Baseline Security Analyzer can detect whether your computer system requires this update.

Affected Software

Internet Explorer 5.01 (Windows 2000), Internet Explorer 6 (Windows 2000), Internet Explorer 6 SP1 (Windows XP and Windows Server 2003), and Internet Explorer 7 (Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008). For information about Internet Explorer 8 (Beta) please see the FAQ section of the bulletin.

Restart Requirement

The update will require a restart only if the required files are being used. If this occurs, a message appears that advises you to restart.

Removal Information

· For Windows 2000, Windows XP, Windows Server 2003: Use Add or Remove Programs tool in Control Panel or the Spuninst.exe utility

· For Windows Vista and Windows Server 2008: WUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates and select from the list of updates.

Bulletins Replaced by This Update

None.

Full Details:

http://www.microsoft.com/technet/security/bulletin/MS08-078.mspx

Public Bulletin Webcast

Microsoft will host two Webcasts to address customer questions on this Out-of-Band bulletin:

Title: Information About Microsoft December Out-of-Band Security Bulletin
Date: Wednesday, December 17, 2008 1:00 P.M. Pacific Time (U.S. & Canada)
URL: http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032399448&Culture=en-US
Title: Information About Microsoft December Out-of-Band Security Bulletin #2
Date: Thursday, December 18, 2008 11:00 A.M. Pacific Time (U.S. & Canada)
URL: http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032399449&Culture=en-US

Regarding Information Consistency

We strive to provide you with accurate information in static (this mail) and dynamic (Web-based) content. Microsoft’s security content posted to the Web is occasionally updated to reflect late-breaking information. If this results in an inconsistency between the information here and the information in Microsoft’s Web-based security content, the information in Microsoft’s Web-based security content is authoritative.

If you have any questions regarding this alert please contact your Technical Account Manager or Application Development Consultant.

Thank you,

Microsoft CSS Security Team

Posted: Dec 17 2008, 07:37 PM door Ruud de Jonge | met no comments
Opgeslagen onder: ,
ADVANCE NOTIFICATION - December 17, 2008 (Out-of-Band) MSRC Security Bulletin Release

What is the purpose of this alert?

Microsoft is scheduled to release a security bulletin (out-of-band) to address a vulnerability in Internet Explorer on all currently supported versions of Windows. The bulletin is scheduled for release at approximately 10 A.M. Pacific Time on Wednesday, December 17, 2008.

This security update will be released outside of the usual monthly security bulletin release cycle in an effort to protect customers. Microsoft recommends customers prepare their systems and networks to apply this security bulletin immediately once released to help ensure that their computers are protected from attempted criminal attacks. For more information about security updates, visit http://www.microsoft.com/protect.

The purpose of this notification is to assist customers with resource planning for this security bulletin release. The information offered in this notification is purposely general in nature to provide enough information for customers to plan for deployment without disclosing vulnerability details or other information that could put them at risk.

Anyone believed to have been affected can visit: http://www.microsoft.com/protect/support/default.mspx and should contact the national law enforcement agency in their country. Those in the United States can contact Customer Service and Support at no charge using the PC Safety hotline at (866) PC SAFETY. Additionally, customers in the United States should contact their local FBI office or report their situation at: www.ic3.gov.

Microsoft continues to encourage customers to follow the “Protect Your Computer” guidance of enabling a firewall, applying all software updates, and installing anti-virus and anti-spyware software. Additional information can be found at: http://ww.microsoft.com/protect.

New Bulletin Summary

Bulletin Identifier

Windows Bulletin, Internet Explorer

Maximum Severity Rating

Critical

Impact of Vulnerability

Remote Code Execution

Detection

Microsoft Baseline Security Analyzer can detect whether your computer system requires this update.

Restart Requirement

May require restart

Affected Software

Microsoft Windows, Internet Explorer

   

The full version of the Microsoft Security Bulletin Advance Notification for this month can be found here: http://www.microsoft.com/technet/security/bulletin/ms08-dec.mspx.

Although we do not anticipate any changes, the information provided in this summary is subject to change until the release. At this time, no additional information on this bulletin such as details regarding severity or details regarding the vulnerability will be made available until the bulletin is published.

Public Bulletin Webcast

Microsoft will host two Webcasts to address customer questions on these bulletins:

Title: Information About Microsoft December Out-of-Band Security Bulletin (Level 200)

Date: Wednesday, December 17, 2008 1:00 P.M. Pacific Time (U.S. & Canada)

URL: http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032399448

Title: Information About Microsoft December Out-of-Band Security Bulletin #2 (Level 200)

Date: Thursday, December 18, 2008 11:00 A.M. Pacific Time (U.S. & Canada)

URL: http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032399449

Regarding Information Consistency

We strive to provide you with accurate information in static (this mail) and dynamic (Web-based) content. Microsoft’s security content posted to the Web is occasionally updated to reflect late-breaking information. If this results in an inconsistency between the information here and the information in Microsoft’s Web-based security content, the information in Microsoft’s Web-based security content is authoritative.

If you have any questions regarding this alert please contact your Technical Account Manager or Application Development Consultant.

Thank you,

Microsoft CSS Security Team

Posted: Dec 16 2008, 08:35 PM door Ruud de Jonge | met 1 comment(s)
Opgeslagen onder: ,
Why You Should Attend MIX09

clip_image002

Training budgets are typically the first to be slashed in a tough economic environment, and you may be wondering whether you should attend MIX this year.  Now more than ever, MIX is essential for helping companies like yours do business on the web. 

Why you should plan to attend MIX09:

· Protect the bottom line.  Consumers are spending less.  At MIX, you’ll learn how to use technology to increase customer satisfaction and loyalty and improve brand visibility.

· Be proactive.  During uncertain financial times it’s even more important to evaluate your current business approach and plan future technology investments to maximize return.  Not only will you be the first to hear about the future of Microsoft’s web platform and technologies, but you’ll walk away with early versions of our latest software.

· Get real answers from the experts.  You’ll have the opportunity to engage in one-on-one conversations and get your pressing questions answered by industry and Microsoft experts at MIX.  Unlike other conferences, MIX sessions are intimate and informal. 

· Network with others from the web community. You’ll network with attendees from recognized companies like frog design, Yahoo!, MySpace, Baidu, ESPN.com, Metaliq, Adobe, Digg, Facebook, schematic, Netflix, Fidelity, NASA, Amazon.com, and many, many more. MIX is a perfect opportunity to share best practices with the people that understand your business challenges first hand.

I’ve included more information about MIX09 below. I hope that you will have the opportunity to join us in March to explore the future of the Web! You’ll save $200 off the price when you register online by January 15.

The Web Belongs to You. <3 Your Web at MIX09.

Explore the future of the Web with fellow developers and designers at MIX09, March 18 - 20, 2009 at The Venetian Hotel in Las Vegas.

Now in its fourth year, MIX is a unique technology conference that connects web professionals with industry thought leaders to explore the future of the Web together. It’s true – your Web needs you, and MIX is where you’ll get access to the tools, knowledge, and vision to create the next generation of UX, applications, and web design.

What’s New for MIX09?

· Learn from and connect with more external speakers than ever before. View latest speaker list. More speakers and sessions to be announced in December.

· Register for pre-event workshops designed to provide in-depth focus on practical skills and topics for both developer and designer professionals.

· MIX09 sessions will focus on key topics for web professionals ranging from user experience design methodologies and standards-based web development techniques to creating rich internet and client applications. More sessions and speakers to be announced in December.

· Compete in the inaugural MIX10K and win a trip to MIX09 on us! For the first time in MIX history, the community will help select winners.

· Learn about the future of Microsoft’s web platform and tools, including Silverlight™, Internet Explorer®, Expression®, ASP.NET, Windows 7, Windows Azure and others.

Space is even more limited this year at MIX, so register early to secure your spot. You’ll receive $200 off the conference price when you register by January 15.

MIX09 Dates and Location

WHEN:
March 18 - 20, 2009
Pre-Event Workshops: March 17

WHERE:
The Venetian Hotel (http://www.venetian.com/), Las Vegas, NV

REGISTER NOW (http://2009.visitmix.com/Registration/)

Posted: Dec 15 2008, 09:14 PM door Ruud de Jonge | met no comments
Opgeslagen onder: ,
Microsoft Hardware site in Silverlight

imageWow ....  Te bewonderen via : http://www.microsoft.com/netherlands/hardware/silverlight.aspx

Posted: Dec 12 2008, 09:53 AM door Ruud de Jonge | met no comments
Opgeslagen onder: ,
Preparing Web Sites for Internet Explorer 8

Summary

The latest version of Internet Explorer (IE8) will be released over the next few months. IE8 Beta 2 was released in August 2008 and is available for public download at  http://www.microsoft.com/windows/internet-explorer/beta/worldwide-sites.aspx. We are extremely excited with this release of the world’s most popular browser, and believe that IE8 is packed with many enhancements that will improve and enrich the web experience[1].

Internet Explorer 8 also improves interoperability and support for open Web standards, including HTML 4.01, CSS 2.1 and improved Document Object Model Interoperability by including a new layout engine which renders Web pages in the most standards complaint manner by default. This enables developers to create Web sites that work as intended across all standards-compliant browsers.

As a consequence of this change, however, some Web sites that have been built for previous browser versions may not display correctly with the new layout engine in Internet Explorer 8.

From an end-user perspective, Internet Explorer 8 has a Compatibility View button which, when pressed, displays the Web content with the Internet Explorer 7 rendering engine. This document also describes approaches available to Web Site Developers and Administrators to ensure proper display of their existing sites in Internet Explorer 8.

Objectives

This document aims to help Web Site Developers and Administrators with prescriptive guidance on preparing their existing Web sites if the sites do not display as intended in Internet Explorer 8. The following sections include specific steps for the following scenarios:

1.    Targeting a specific Web page for older Internet Explorer compatibility (See Page 6)

2.    For Web Sites running Internet Information Service 7 (IIS7) for older Internet Explorer compatibility (See Page 7)

3.    For Web Sites running Internet Information Service 6 (IIS6) for older Internet Explorer compatibility (See Page)

4.    For Web Sites running Apache Web Server 2.2 for older Internet Explorer compatibility (See Page)

More Information

Additional information and resources for Internet Explorer 8:

1.    Internet Explorer 8 web site: http://www.microsoft.com/ie8   

2.    The official Windows Internet Explorer Weblog: http://blogs.msdn.com/ie. This blog site is a great source of insider information on IE8 features, and compatibility considerations

3.    The Internet Explorer 8 Evaluators Guide can be downloaded at http://download.microsoft.com/download/9/7/f/97f5e019-20b9-47b4-bf0c-e7ad38ef2faf/IE8%20Evaluators'%20Guide%20-%20August%2008.pdf

4.    The Internet Explorer 8 Demo Site lets you test some of IE8’s new features: http://www.ie8demos.com/tryit/

5.    Read Aaron Gustafson’s Web article for details on the thinking process behind IE8’s support for web standards, as well as backward compatibility. The article can be found at http://alistapart.com/articles/beyonddoctype. Aaron is one of the members of the WaSP-Microsoft Task Force.

 

Overview

With Internet Explorer 8, Microsoft’s commitment to improve interoperability and support for open Web standards (see http://blogs.msdn.com/ie/archive/2008/03/03/microsoft-s-interoperability-principles-and-ie8.aspx) means that IE8 interprets Web content in the most standards-compliant[2] way possible. Therefore, IE8 will render web pages using standards mode by default unless explicitly specified otherwise. This enables web sites to be created more efficiently and to operate more predictably – If developers code to standards, then they can be ensured that all browsers interpret and display Web page in the same way, alleviating the practise by web developers to include code unique for each browser.

As a consequence to adhering to Web Standards support by default, some existing sites that relied on older browsers’ “legacy” behaviours may not display correctly in Internet Explorer 8. Examples of display problems are out-of-place menus, images and text.

For the End User: IE8 Compatibility View

Some Web sites that are designed for older browsers may not display correctly in Internet Explorer 8 which, by default, renders content in the most standards-compliant way possible. IE8 has a Compatibility View button that displays those pages as they were designed to be viewed. This provides end-users with an easy way to fix display problems that may occur.

clip_image002

When Internet Explorer 8 detects a Web site that is designed for an older version of the browser, the Compatibility View button appears next to the Refresh button on the Address Bar. Pressing the button causes Internet Explorer 8 to switch to the Internet Explorer 7 rendering engine. Additionally, a balloon tip shows that the site is running in Compatibility View.

clip_image004

The state of the button is saved for that Web domain on a client-side list, eliminating the need to press it again when the user returns to the same page at a later time.

Compatibility View and the Enterprise

A large number of line-of-business websites are Internet Explorer 7 capable today. In order to preserve compatibility, Internet Explorer 8 ships with smart defaults based on zone evaluation. In the default state, all sites on the public internet display in Internet Explorer 8 Standards mode (Compatibility View off) and all intranet websites display in Internet Explorer 7 Standards mode (Compatibility View on).

For more information, see the blog post: http://blogs.msdn.com/ie/archive/2008/08/27/introducing-compatibility-view.aspx

 

Web Developers & Administrators: Testing Existing Web Sites

Web Developers and Administrators can download IE8 Beta 2, and check that the sites display correctly. Due to the changes in IE8’s layout engine, Web sites that are coded to support “legacy” behaviours may exhibit the following issues:

·         Potential layout issues: out-of-place graphics, Web page elements (e.g., text box, Flash objects, etc.)

·         Potential JavaScript code issues: These may arise due to changes in the IE8 Document Object Model (DOM) to improve interoperable with those of other browsers. Changes include setting and retrieval of page element attributes.

Application Compatibility Toolkit for IE8

The latest Application Compatibility Toolkit (ACT) release, ACT 5.0.5428.1080, can help Web Developers & Administrators to understand application compatibility situation with IE8 – especially with internal line-of-business web applications.

ACT includes the following IE-specific components:

·         Internet Explorer Compatibility Test Tool (IECTT). The IECTT helps identify Web-based issues, shows results in real time, and allows the uploading and viewing of the data in the Application Compatibility Manager (ACM), a part of the ACT toolkit. As the application or site is tested, the IECTT records events in real time when compatibility issues occur. For instance, if one of the tested sites injects JavaScript to another site and the IE8 Cross-site scripting (XSS) filter detects this as a reflection attack, a Cross-Site Scripting Filter event would be logged in the IECTT UI.

·         Internet Explorer Compatibility Evaluators (IECE). The IECE can be deployed within an enterprise and will help identify Web-based issues in the background. As application or site is tested, the IECE records events in the background as they occur. The logged events can then be viewed in the ACM.

The ACT can be downloaded in http://www.microsoft.com/downloads/details.aspx?FamilyId=24DA89E9-B581-47B0-B45E-492DD6DA2971&displaylang=en.

For more information, see the blog post: http://blogs.msdn.com/ie/archive/2008/09/23/application-compatibility-logging-in-ie8.aspx  

 

 

Targeting Specific Web Pages for Previous Internet Explorer Versions

Web developers who are maintaining existing Web sites may encounter specific pages that are incompatible with IE8. In such cases, the developer can explicitly opt-out of displaying the page standards mode, and “force” IE8 to render it with the built-in IE7 layout engine instead. This is done by adding the IE7 mode meta-tag to the HEAD of the Web page.

<head>

<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" />

</head>

 

This META tag causes IE8 to utilize IE7's rendering behaviour (i.e., emulate IE7) while still maintaining all IE8 features. This tag has no effect on other browsers.

 

Targeting the Web Site for Previous Internet Explorer Versions

While the method described in the previous section applies to specific Web pages, Web Developers and Administrators can also apply this tag for Web pages in an entire Web site (i.e., server-wide), or directories.  

The approach is to configure the Web server to inject the meta-tag along with HTTP responses, telling IE8 browsers to display page content emulating IE7. This alleviates the need to modify Web pages individually.

The following sections describe the configuration steps for different Web servers.

Web Sites Running Internet Information Services 7.0 (IIS 7.0)

Internet Information Services 7.0 (IIS 7.0) is the default Web server that comes with Microsoft Windows Server 2008. It provides a security-enhanced, easy-to-manage platform for developing and reliably hosting Web applications and services. More than just a Web server, IIS 7.0 is a major enhancement to the Windows Web platform and plays a central role in unifying Microsoft Web platform technologies—ASP.NET, Windows Communication Foundation Web services, and Windows SharePoint Services[3].

The steps listed below show how to add the IE=EmulateIE7 HTTP Header on a Web server running IIS 7.0 using the IIS Manager. These settings can be changed at the site, virtual directory or any level in the configuration.

The sections following describe configuring these changes with the User Interface, the command line, and with the Application Configuration File.

Configuring the EmulateIE7 HTTP Response Header via the User Interface

The steps listed below show how to add the IE=EmulateIE7 HTTP header site- or server-wide on a Web server running IIS 7.0 using the IIS Manager User Interface.

1.    Click Start, click Administrative Tools, and then click Internet Information Services (IIS) Manager.

clip_image006

2.    In the Connections pane (on the left side of the application window), expand the node for the server, and then expand Sites.

clip_image008

3.    Select the Web site for which the custom HTTP Response Header is to be added.

clip_image010

 

 

4.    In the Web site pane, double-click in the section HTTP Response Headers.

clip_image012

5.    Under Actions, click Add.

clip_image014

6.    In the Name box, type X-UA-Compatible, and in the Value box, type IE=EmulateIE7.

clip_image016

7.     Click OK to save the change.

 

Configuring the EmulateIE7 HTTP Response Header via the Command Line

The steps listed below show how to add the IE=EmulateIE7 HTTP header server-wide on a Web server running IIS 7.0 using the command line.

  1. Open an elevated command prompt.
  2. Navigate to the “%systemroot%\system32\inetsrv” directory.
  3. Execute the following command:

appcmd.exe set config -section:system.webServer/httpProtocol /+"customHeaders.[name='X-UA-Compatible',value='IE=EmulateIE7']" /commit:apphost

 

Configuring the EmulateIE7 HTTP Response Header via the application configuration file

The steps listed below show how to add the IE=EmulateIE7 HTTP header server-wide on a Web server running IIS 7.0 using the configuration file (applicationhost.config).

  1. Open a command prompt.
  2. Navigate to the “%systemroot%\system32\inetsrv” directory.
  3. Open the “applicationhost.config” file in a text editor (e.g., Notepad)
  4. Modify the httpProtocol section to include the “X-UA-Compatible” header:

<httpProtocol>

     <customHeaders> 
        <clear /> 
        <add name="X-Powered-By" value="ASP.NET" /> 
        <add name="X-UA-Compatible" value="IE=EmulateIE7" /> 
     </customHeaders>

     <redirectHeaders> 
          <clear /> 
     </redirectHeaders>

</httpProtocol>

 

 

Web Sites Running Internet Information Services 6.0 (IIS 6.0)

Internet Information Services (IIS 6.0) is the default Web server that comes with Windows Server 2003. IIS 6.0 provides Web server capabilities over an intranet, the Internet, or an extranet.

The sections following describe configuring these changes with the User Interface, the command line, and with the Application Configuration File.

Configuring the EmulateIE7 HTTP Response Header via the User Interface

The steps listed below show how to add the IE=EmulateIE7 HTTP header site- or server-wide on a Web server running IIS 6.0 using the IIS Manager User Interface.

1.    Run the Internet Information Services (IIS) Manager. Do this by running inetmgr.exe, or starting this from the Start menu (under Administrative Tools, and then click Internet Information Services (IIS) Manager.)

clip_image018 

2.    Select and expand the Server node (on the left hand pane) and then expand Web Sites.

clip_image020

3.    Right-click the Web site you want and then click Properties.

clip_image022

4.    Click the HTTP Headers tab.

clip_image024

5.    Under Custom HTTP headers, click Add.

clip_image026

6.    In the Custom header name box, type X-UA-Compatible, and for Custom header value box, type IE=EmulateIE7.

clip_image028

7.    Confirm the changes.

 

Web Sites Running Apache Server (Apache 2.2)

Apache 2.2 HTTP Server configuration, the response can be set at the server level, directory level or within the individual HTML page. To include a custom HTTP response header, follow these steps:

Set server level response header

1. Open httpd.conf in a text editor

clip_image031

2. Uncomment (or add)  “LoadModule headers_module modules/mod_headers.so

clip_image034

3. Add the following configuration fragment at the end of the httpd.conf file:

<IfModule headers_module>
Header set X-UA-Compatible: IE=EmulateIE7
</IfModule>

clip_image037

4. Save httpd.conf file

5. Restart the Apache server

clip_image039

6. Browse the test web page

clip_image042

The above setting will insert X-UA-Compatible header in all the HTTP response streams.

 

Set directory level response header

Directory level override can be done by following the instructions given below:

1. Open httpd.conf in a text editor

clip_image031

2. For the directory in question (say ie8test) set the override as below:

<Directory "C:/Program Files/Apache Software Foundation/Apache2.2/htdocs/ie8test">
Options Indexes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>

(Note: AllowOverride All will make the server read .htaccess file located in the directory)

3. Create .htaccess file in the directory if not already present

4. Open .htaccess file in a text editor

<IfModule headers_module>
Header set X-UA-Compatible: IE=EmulateIE7
</IfModule>

5. Restart the Apache server

clip_image039

6. Browse the web page

clip_image042

For additional syntax on request and response headers for Apache 2.x visit:

http://httpd.apache.org/docs/2.2/mod/mod_headers.html

 

 



[1] Internet Explorer 8 has features such as Web Slices, Accelerators and Visual Search enables faster web browsing. Learn more about these features at http://www.microsoft.com/ie.

[2] Internet Explorer 8 is fully-compliant to, and passed the Web Standards Project’s ACID2 Test. IE8 fully supports HTML 4.01, CSS 2.1, as well as improved DOM interoperability.

Document Interoperability Initiative Demonstrates Momentum and Results

I wanted to be sure you were aware of the latest progress of the Document Interoperability Initiative (DII) as well as provide you with details regarding the real-world technical solutions announced today as a result of this collaborative industry effort.

Since the launch of the DII in March 2008, industry leaders and representatives from vendors around the world have gathered at a series of technical discussions and labs – held in cities in the U.S., Korea, China, Japan and Germany – in a collaborative effort to identify, test and develop tools and solutions to overcome document interoperability barriers. The seventh in this ongoing series is being held in Brussels, Belgium on Tuesday and Wednesday, December 2-3.

As a result, this and past DII events are yielding practical results, including today’s announcement regarding the availability of several new interoperability solutions.

· Open XML Document Viewer customer technology preview for Firefox, which provides direct interoperability from Open XML to HTML formats;

· Open XML/ODF Translators Version 2.5, which provides practical interoperability between ODF and Open XML by means of an add-in for Microsoft Office 2003, 2007 and XP; and

· Apache POI Java SDK for Open XML for Java developers interested in working with Open XML documents.

I’ve copied a press release below that provides additional details on these solutions as well as progress on the DII overall. Further information can be found at http://documentinteropinitiative.org.

Posted: Dec 03 2008, 04:16 PM door Ruud de Jonge | met no comments
Opgeslagen onder: , ,
Microsoft Shares Vision for Generation 4 Modular Data Centers

imageMany of you have asked for any data you could share  regarding Microsoft’s data centers that support our cloud computing and S+S initiatives. So I wanted to share some exciting news from Microsoft’s Global Foundation Services team. Today we are sharing our vision for “Generation 4” modular data centers, a significant step forward that we anticipate will reshape how the industry approaches the design, build and management of data centers.

The concept behind the modular data center builds on the learnings and innovations garnered from our research and data centers like the Chicago facility, which was designed to house hundreds of shipping containers packed with up to 2500 servers each. From our experience in designing Chicago and exploring the benefits modularity can provide, we have developed our vision for the future. Our “Gen 4” modular data centers will take the flexibility of containerized servers and apply it across the entire facility, which will be composed of modular “building blocks” of prefabricated mechanical, electrical and security components, etc. in addition to containerized servers. These facilities can be built incrementally as capacity grows and deployed in only 3 to 6 months, reducing capital costs and construction wastes, packaging and energy, etc. Modular data centers will enable smart growth and efficiency that is scalable and sustainable, ensuring that our global footprint is only as big as capacity demands that it be.

For full background on our modular data center vision, please visit the blog of Mike Manos, general manager for data center services, as well as this video posted at Soapbox.

Posted: Dec 03 2008, 03:43 PM door Ruud de Jonge | met no comments
Opgeslagen onder: ,
Samenwerking TU Delft, Avanade en Microsoft van start

clip_image001

Samenwerking TU Delft, Avanade en Microsoft van start

Partijen dragen bij aan innovaties binnen ICT-onderwijs

Schiphol, 1 december 2008 – Vanaf vandaag start de structurele samenwerking tussen de Technische Universiteit Delft, ict-dienstverlener Avanade en Microsoft. De drie partijen hebben als gezamenlijk doel bij te dragen aan innovaties binnen ICT-onderwijs.

Maarten-Jan Vermeulen van Microsoft Nederland: “Doordat we kennis bundelen creëren we een uitdagende omgeving voor studenten en zorgen we niet alleen voor innovaties binnen het onderwijs, maar ook in de ICT-sector.” Edwin Jongsma van Avanade vult aan: “We gaan ons de komende vier jaar inzetten om aan de vraag vanuit de sector naar ontwikkeling binnen ICT-onderwijs en onderzoek te voldoen.”

Afgelopen twee jaar werkten TU Delft, Avanade en Microsoft al meerdere malen samen aan projecten zoals de internationale wedstrijd voor studenten, de Imagine Cup (http://www.imaginecup.com/), en gastcolleges.

Het eerste project gaat deze maand van start in de vorm van een onderzoek. Arie van Deursen, hoogleraar software engineering aan de TU Delft: “We beginnen met onderzoek naar model-driven engineering, een modelleertaal op het gebied van softwareontwikkeling. De samenwerking maakt het daarnaast voor studenten mogelijk om toegang te krijgen tot de praktijk en biedt de kans om samen te werken met Avanade en Microsoft binnen de Master opleiding Computer Science op de TU Delft.”

Posted: Dec 03 2008, 08:50 AM door Ruud de Jonge | met no comments
Opgeslagen onder: ,