internet explorer

Internet Explorer error “connection timed out” when server does not respond promptly

If you use Internet Explorer, in certain circumstances you may find your Internet Explorer browser shows a “connection timed out” or similar error. This will show up more often on sites that use a lot of back end processing where there may be a delay in information being sent to the browser.

The timeout limit can be set by an entry in the registry of the PC and by default for IE 7/8/9 is 60 minutes. However, there are some program installers (in particular InstallAware) that can set this as low as 10 seconds. This basically means that if a website tales longer than 10 seconds to respond, you will see a timeout error.

Fortunately, it’s easy to fix by editing the registry or by running a Microsoft Fixit

To change the default time-out setting for Internet Explorer in Internet Explorer 4 or a later version manually, follow these steps:

  1. Start Registry Editor.
  2. Locate the following subkey:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
  3. In this subkey you may see a DWORD entry called ReceiveTimeout. this may have a setting of 10000 (10 seconds) – if so, this is the cause of the problem.
  4. You can either delete the ReceiveTimeout DWORD entry to change back to default or set it to a custom value. To calculate the correct value, use the “SECONDSx1000 formula”. e.g if you want the time-out 5 minutes, set the value of the ReceiveTimeout entry to 300000 (300 seconds x 1000).
  5. Now restart the computer.

If you don’t see a ReceiveTimeout DWORD entry, this is not the cause of the problem. Also take care editing the registry – if you don’t know what you are doing you can cause severe damage to the PC’s operating system and we suggest you use the Microsoft Fixit here or use our remote IT support service

Microsoft releases Security Advisory for Windows and Internet Explorer

Microsoft has announced a flaw in Windows which can be exploited via Internet explorer. In the bulletin, they say:

Hello. Today we’re releasing SecurityAdvisory 2501696, which describesa publicly disclosed scripting vulnerability affecting all versions ofMicrosoft Windows. The main impact of the vulnerability is unintendedinformation disclosure. We’re aware of publishedinformation and proof-of-concept code that attempts to exploit thisvulnerability, but we haven’t seen any indications of activeexploitation.

The vulnerability lies in theMHTML (MIME Encapsulation of Aggregate HTML) protocol handler, which is used byapplications to render certain kinds of documents. The impact of an attack onthe vulnerability would be similar to that of server-side cross-site-scripting(XSS) vulnerabilities.  For instance, anattacker could construct an HTML link designed to trigger a malicious scriptand somehow convince the targeted user to click it. When the user clicked thatlink, the malicious script would run on the user’s computer for the rest of thecurrent Internet Explorer session.  Sucha script might collect user information (eg., email), spoof content displayedin the browser, or otherwise interfere with the user’s experience.

The workaround we arerecommending customers apply locks down the MHTML protocol and effectivelyaddresses the issue on the client system where it exists. We are providing aMicrosoft Fix-it package to further automate installation.

In our collaboration with otherservice providers, we are looking for possible ways that they can take steps toprovide protection on the server side. Our Security Research & Defense teamhas written a blog post that discusses some possible options.However, due to the nature of the issue, the only workaround Microsoft can officiallyrecommend is what we have identified in the advisory. We will continue to workclosely with others in the industry and appreciate the collaboration we have hadto date.

We have initiated our SoftwareSecurity Incident Response Process (SSIRP) to manage this issue. We’re also incommunication with other service providers to explain how the issue mightaffect third-party Web sites and to collaborate on developing a variety offurther solutions that address the varied needs of all parts of the Internet ecosystem- large sites, small sites, and all those who visit them.

Meanwhile, we are working on a securityupdate to address this vulnerability and we are monitoring the threat landscapevery closely. If the situation changes, we’ll post updates here on the MSRCblog.

Thanks –

Angela Gunn
Trustworthy Computing

If you are one of our current contract support customers, you need not take any action as we will push the relevant security updates through to your PC’s as soon as they are available.