The Ghost of Internet Explorer in Windows

Name: The Ghost of Internet Explorer in Windows
Description: George Hughey and Rohit Mothe from Microsoft's Security Response Center (MSRC) delivered a deep technical examination of how Internet Explorer's security zone model — code written in the 1990s — conti

George Hughey, Rohit Mothe

DEF CON 33 · Day 1 · Main Stage

George Hughey and Rohit Mothe from Microsoft's Security Response Center (MSRC) delivered a deep technical examination of how Internet Explorer's security zone model — code written in the 1990s — conti

AI review

MSRC researchers expose how Internet Explorer's 1990s-era security zone model — implemented in urlmon.dll — still drives security decisions for Edge, Office, Windows Explorer, and AV products, with URL parsing inconsistencies in MapUrlToZone yielding Mark of the Web bypasses and NTLM coercion vectors on fully-patched Windows 11.

Watch on YouTube