April 12, 2017 PC

Disabling VBScript execution in Internet Explorer 11

By Microsoft Edge Team

VBScript is deprecated in Internet Explorer 11, and is not executed for webpages displayed in IE11 However, for backwards compatibility, VBScript execution is currently still permitted for websites rendered in legacy document This was introduced as a temporary Document modes… Read more

April 11, 2017 Mobile, PC, Tablet

What’s new in Microsoft Edge in the Windows 10 Creators Update

By Kyle Pflug

Today, the Windows 10 Creators Update began rolling out to over 400 million Windows 10 With the Creators Update, we’re upgrading Microsoft Edge with dozens of new features and under-the-hood improvements to make the best browser on Windows 10 faster,… Read more

March 23, 2017 Mobile, PC, Tablet

Strengthening the Microsoft Edge Sandbox

By Crispin Cowan

In a recent post, we outlined the layered strategy that the Microsoft Edge security team employs to protect you from vulnerabilities that could be used to compromise your device or personal In particular, we showed how Microsoft Edge is leveraging… Read more

Table illustrating the Edge vulnerability mitigation strategy. The Strategy row reads: "Make it difficult & costly to find, exploit, and leverage software vulnerabilities." The "Tactics" read: "Eliminate entire classes of vulnerabilities," "Break exploitation techniques," "Contain damage & prevent persistence," and "Limit hte window of opportunity to exploit."

February 23, 2017 Mobile, PC, Tablet

Mitigating arbitrary native code execution in Microsoft Edge

By Matt Miller

Some of the most important security features in modern web browsers are those that you never actually see as you browse the These security features work behind the scenes to protect you from browser-based vulnerabilities that could be abused by… Read more

Screen capture of the Content Security Policy Browser Test loaded in Edge, with CSP and CSP Level 2 both passing.

January 10, 2017 Mobile, PC, Tablet

Introducing support for Content Security Policy Level 2

By Ted Dinklocker

We are happy to introduce support for Content Security Policy Level 2 (CSP2) in Microsoft Edge, another step in our ongoing commitment to make Microsoft Edge the safest and most secure browser for our CSP2, when used correctly, is an… Read more

Screen capture showing an Edge browser window with a dialog from the address bar which reads "Adobe Flash content was blocked. Do you want to allow Adobe Flash to run on this site?" The options are Close, Allow Once, and Allow Always.

December 14, 2016 PC, Tablet

Extending User Control of Flash with Click-to-Run

By Crispin Cowan and Microsoft Edge Team

Adobe Flash has been an integral part of the web for decades, enabling rich content and animations in browsers since before HTML5 was In modern browsers, web standards pioneered by Microsoft, Adobe, Google, Apple, Mozilla, and many others are now… Read more

Screen capture showing Microsoft Edge when browsing to a site protected with a SHA-1 certificate

November 18, 2016 Mobile, PC, Tablet

SHA-1 deprecation countdown

By Microsoft Edge Team

The SHA-1 hash algorithm is no longer Weaknesses in SHA-1 could allow an attacker to spoof content, execute phishing attacks, or perform man-in-the-middle attacks when browsing the Microsoft, in collaboration with other members of the industry, is working to phase… Read more

Diagram showing two Windows instances running on the same device, managed by Hyper-V. The "host" operating system runs Edge trusted sites. The Application Guard instance runs a new instance of Windows, including minimum Windows Platform Services and an entirely separate kernel, which has no access to the normal operating environment.

September 27, 2016 Mobile, PC, Tablet

Introducing Windows Defender Application Guard for Microsoft Edge

By Microsoft Edge Team

We’re determined to make Microsoft Edge the safest and most secure Over the past two years, we have been continuously innovating, and we’re proud of the progress we’ve This quality of engineering is reflected by the reduction of CVEs when… Read more

August 9, 2016 Mobile, PC, Tablet

RC4 is now disabled in Microsoft Edge and Internet Explorer 11

By Microsoft Edge Team

In September 2015, Microsoft announced the end-of-support for the RC4 cipher in Microsoft Edge and Internet Explorer 11 in 2016, as there is consensus across the industry that RC4 is no longer cryptographically Today, we are releasing KB3151631 with the… Read more

June 15, 2016 Mobile, PC, Tablet

Building a faster and more secure web with TCP Fast Open, TLS False Start, and TLS 1.3

By Christian Huitema

Performance and security matter to Better page load performance improves the user’s experience and influences their choice over which web pages to At the same time, users just expect their browsing experience to be secure and With TCP Fast Open,… Read more

Posts in Security

What’s new in Microsoft Edge in the Windows 10 Creators Update

Strengthening the Microsoft Edge Sandbox

Mitigating arbitrary native code execution in Microsoft Edge

Introducing support for Content Security Policy Level 2

Extending User Control of Flash with Click-to-Run

SHA-1 deprecation countdown

Introducing Windows Defender Application Guard for Microsoft Edge

RC4 is now disabled in Microsoft Edge and Internet Explorer 11

Building a faster and more secure web with TCP Fast Open, TLS False Start, and TLS 1.3

Popular Articles

Popular Articles

How Microsoft Edge and Internet Explorer 11 on Windows 10 work better together in the Enterprise

RC4 will no longer be supported in Microsoft Edge and IE11 [Updated]

Making the web smoother with independent rendering

The End of an Era – Next Steps for Adobe Flash

Introducing Windows Defender Application Guard for Microsoft Edge