Consider the following scenario:

• On a computer that has Internet Explorer 7 installed, you apply the Internet Explorer Maintenance Group Policy settings to add a pop-up blocker exception site.
• In the Internet Options dialog box, you manually add a new pop-up blocker exception site.
• You reapply the Group Policy settings on the computer.

In this scenario, you the new pop-up blocker exception site that you manually added in the Internet Options dialog box is missing from this dialog box.

Note: This problem does not occur on computers that have Internet Explorer 6 installed.

Description: This critical security update resolves three privately reported and one publicly reported vulnerabilities. The most serious of the vulnerabilities could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The security update addresses these vulnerabilities by modifying the way that Internet Explorer handles HTML and validates data, as well as by setting the kill bit for an ActiveX control . Keep reading →

You develop a Web page that throws an exception from a function. The function is called through the expando property of a DHTML object. When you use Windows Internet Explorer 7 to view the Web page, the exception handler may not catch this exception.

Note: This problem also occurs in Windows Internet Explorer 6 when at least one parameter is passed to the function from which the exception is thrown. To work around this problem in Internet Explorer 6, see the “Workaround” section.

On Tuesday Windows Vista will receive five updates as part of the monthly Security Bulletin. Vista itself is to receive 3 critical and two important, while the other two are for features installed by default with Vista. In addition to these updates, Office users will get a number more for a total of twelve security bulletins. Here’s how they break down: Keep reading →

Consider the following scenario:

• You have an untrusted root certification authority (CA).
• In a certificate enrollment Web page, you issue an end entity certificate that is chained to the untrusted root CA.
• The certificate enrollment Web page uses the InstallResponse method of the IX509Enrollment interface of the CertEnroll COM object to install the end entity certificate to a client computer.

In this scenario, when a user uses Windows Internet Explorer 7 to open the certificate enrollment Web page and install the end entity certificate on a Windows Vista-based client computer, the installation may fail. Additionally, the user may receive one of the following error messages from the InstallResponse method of the IX509Enrollment interface:

Error Code: E_ACCESSDENIED 0×80070005L
Error Message: “General access denied error”
This error occurs if the certificate response is installed using a InstallResponseRestrictionFlags such as AllowUntrustedRoot other than AllowNone.
Error Code: CERT_E_CHAINING 0×800B010AL
Error Message: “A certificate chain could not be built to a trusted root authority”
This error occurs if the certificate chain response contains an end entity certificate but not the complete certificate chain to a root CA.
Error Code: CERT_E_UNTRUSTEDROOT 0×800B0109L
Error Message: “A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider”
This error occurs if the certificate chain response is containing the leaf end entity certificate chaining to an untrusted root CA.

Consider the following scenario:

• You configure the Internet Explorer Maintenance Group Policy settings in an Active Directory domain or on a client computer.
• You start Group Policy Management Console (GPMC) on a Windows Vista-based client computer.
• You view the Group Policy results on the Settings tab.

In this scenario, the Group Policy settings for a Windows Vista-based client computer are not displayed correctly. However, the settings are successfully applied to the client computer.

Note: When you stat GPMC on a Windows XP-based computer or on a Windows Server 2003-based computer, the settings are displayed correctly.

In Microsoft Visual Basic 6.0, a modal form is no longer modal when the form is displayed from a user control in Windows Internet Explorer 7.

Consider the following scenario on a Windows Vista-based, a Windows XP-based, or a Windows Server 2003-based computer that is running Windows Internet Explorer 7:

• In Internet Explorer 7, you open an HTML page that contains a text box.
• In the text box, you use the Japanese Input Method Editor (IME) to type some characters. Additionally, after you type the characters, you do not press ENTER for confirmation.
• You click anywhere out of the text box.
  Note: When you click anywhere out of the text box, the OnChange event occurs.
• In the text box, you type to append some new characters.
• You click anywhere out of the text box again.

In this scenario, the original characters in the text box are replaced with the characters that you append.

Consider the following scenario:

• You use Windows Internet Explorer 7 to visit a Web site.
• The Web site includes one of the following Microsoft Visual Basic Scripting Edition (VBScript) functions:
  • MsgBox
  • InputBox
• The Phishing Filter feature is enabled in Internet Explorer.

In this scenario, Internet Explorer 7 may crash.

On a computer that has Windows Internet Explorer 7 installed, you run the Internet Explorer Customization Wizard. You use this wizard to create an Internet Explorer 7 customized package. In the wizard, you remove the default elements of the following features:

• Favorites
• Feeds
• Links

Note: The Internet Explorer Customization Wizard is a component of the Internet Explorer Administration Kit (IEAK).
You build the customized package, and you install the package on a destination computer. However, the default elements of the features that you removed still exist.