From Update enables SSL 3.0 fallback warnings in Internet Explorer 11: ---------- December 2014 Internet Explorer security updates & disabling SSL 3.0 fallback (hat tip: member siljaline)
https://support.microsoft.com/kb/3009008 contains links to: Microsoft Fix it 51024 - Disable SSL 3.0 in Internet Explorer Microsoft Fix it 51025 - Restore the original settings of SSL 3.0 in Internet Explorer
As the title is "Internet Explorer security discussion thread", can I ask IE security settings? How do other guys here set security on IE? My security zone settings is here (writing down them are quite the task considering I had to translate all of them to English, so I just attach part of HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\) Also, always launch with -private flag ActiveX Filter: on internet temp file: 8MB do not save history do not allow page cache do not allow physical location request do not disable toolbar and extension when InPrivate block 3rd parth cookie auto complete: only for history, favorite and suggesting URL disabled GPU rendering (to mitigate fingerprinting) disabled DOM storage disabled SSL 2.0, 3.0 empty Temporary Internet Files when browser is closed do not save encrypted page disabled integrated Windows authentication disabled FTP folder view disabled inline autocomplete disabled automatic crash recovery Use some TPL including Easylist, EasyPrivacy and Malware domain disabled all unneeded plugin/addons including Office's ones, some others (flash, silverlight, WMP, DRM related etc.) are set to click-to-play.
From (0Day) Microsoft Internet Explorer display:run-in Use-After-Free Remote Code Execution Vulnerability: CVE-2014-8967 is not listed as being fixed at https://technet.microsoft.com/library/security/ms14-080.
Just in reference to the settings that you have shared here (your full list)... have you encountered any problems with those settings? I think it would be a lot easier to comment on certain settings if you only listed the ones that are not default settings. If you have changed something for a specific situation/purpose to enhance security it would make for a discussion. I'd like to see some more discussion on this topic especially with the rumors that are mulling around W10/Spartan being a MS departure from what IE is today. I assume that W7 will not get Spartan (more rumor), so IE11 may get parked in its current state. I will not jump to W10 mostly due to hardware constraints which leaves me with E11 on this laptop. I've tried messing with scripting to temporarily get rid of javascript:void on a specific website that had some bizarre javascript requirements. I've had no luck in getting these changes to scripting to work. Under scripting, I enabled 'active scripting' and 'allow programmatic clipboard access menu options'. It is now back to the default setting.
There're a lot which I changed from default, some have clear reason others are just for potential attack surface reduction. But a point is make your internet zone as restrictive as you can still use it for daily browsing, while make trusted zone near to the default of internet zone (in my case, trusted zone is bit safer than default internet zone) and when you encounter problem and be sure that this domain is safe, add them to trusted zone.
This is going back a long ways to IE9, but it's a "lockdown" MS baseline policy I came up with at the time... https://www.wilderssecurity.com/thre...msc-to-harden-ie-9.309709/page-3#post-1965412