Microsoft's Week: IE Vulnerabilities, Bing Upgrades and Rumored Apple Talks

Microsoft's week involved patching a number of security flaws in Internet Explorer, which were apparently exploited in a wide-ranging attack against Google and dozens of other U.S. companies, and taking its Bing Maps Silverlight site out of beta. In addition, Microsoft was rumored to be in talks with Apple to possibly use Bing as the default search engine for the iPhone, perhaps a sign of increased tensions between Google and Apple as both companies attempt to gain and hold market share in the smartphone operating system space.

Microsoft's week revolved around patching a number of security flaws in Internet Explorer, and around the future of Bing.

Arguably the biggest news on the Bing front came courtesy of Apple, which is allegedly engaged in discussions with Redmond over possibly using the search engine as the default for the iPhone.

That news, which came from a Jan. 20 story published in BusinessWeek, drew its information from "two people familiar with the matter," although a Microsoft spokesperson refused to comment on the issue to eWEEK beyond a standard-issue statement about not commenting "on rumors or speculation."

Google's search engine is currently the iPhone default, but increased competition between Apple and Google in the smartphone operating system arena may have rendered the relationship between the two companies somewhat more acrimonious, if BusinessWeek's sources are to be taken at face value.

In any case, making Bing the default search engine on the iPhone would perhaps translate into added market share for Microsoft in the U.S. mobile search space. According to statistics site StatCounter, Google occupied around 95.26 percent of the market as of Jan. 10, while Bing occupied a comparatively tiny 0.59 percent. Research by Nielsen pegged the respective companies' numbers a little differently, with Google claiming 86 percent of the mobile search market and Bing 11 percent.

This news emerged just as Microsoft announced several changes to Bing. Perhaps the most significant, at least from the end-user perspective, came in relation to privacy: On Jan. 18, Microsoft announced that it would delete the stored IP addresses of Bing users after six months, apparently in response to privacy concerns from advocates and regulators.

"We will delete the entire Internet Protocol address associated with search queries at six months rather than 18 months," Peter Cullen, Microsoft's chief privacy strategist, wrote in a Jan. 18 posting on the Microsoft On The Issues blog. "This change is the result of a number of factors including a continuing evaluation of our business needs, the current competitive landscape and our ongoing dialogue with privacy advocates, consumer groups and regulators."

Specifically, Cullen cited the Article 29 Working Party, a group of 27 European national data protection regulators who advise the European Commission "and other EU institutions on data protection." That group has offered guidelines for protecting user data online, in particular the amount of time that companies retail IP addresses and other search data. Given the Article 29 Working Party's advisory capacity to the European Commission, with whom Microsoft has wrestled on antitrust issues in the past, the decision to limit Bing's data retention may signal an attempt to avoid another regulatory battle.

Cullen claimed in his posting that the company deletes IP addresses, the "de-identified" cookie ID and any cross-section IDs associated with a particular searcher's query. He put the timeline for reducing that deletion to six months within the next year to year-and-a-half.

Microsoft's other adjustments to Bing this week included taking its Bing Maps Silverlight site, which offers flashy animations for features such as Streetside and Enhanced Bird's Eye, out of beta mode.

"We're ripping the beta tag off the Bing Maps Silverlight site and going [full-bore] with continuing innovating on Bing," Chris Pendleton, Bing Maps technical evangelist, wrote in a Jan. 19 posting on the Bing Community blog. "The removal of the beta tag was done in parallel with [adding] a couple of new features and Bing Maps Application Gallery mash-ins."

Users attempting to visit the Bing Maps AJAX site-now referred to as "Bing Maps Classic"-with Silverlight installed will likely be directed to the Bing Maps Silverlight site, while those without Silverlight installed on their machines will be asked if they want to download and install the program.

As part of rolling Bing Maps Silverlight out of beta, Microsoft added two new applications: Local Events, which studs a map with pins showing the day's happenings around that location, and Destination Maps, which lets users specify locations and then render the map around those areas in one of four stylistic fashions, including "Sketchy," "European," "American" and "Treasure Map."

Click here to see details of Bing Maps Silverlight's new features.

Microsoft also issued an emergency fix on Jan. 21 for an Internet Explorer vulnerability, exploited by Chinese hackers in a recent wave of attacks against Google and a number of other companies. That update addressed a total of eight vulnerabilities in IE, including six memory corruption flaws, a cross-site scripting filter-handling vulnerability and a URL validation vulnerability.

"According to the Microsoft Security Research & Defense team, this update also addresses the DEP bypass vulnerability made public yesterday, which exists in all current versions of Internet Explorer," said Don Leatham, senior director of business development at Lumension. "If not bypassed, DEP can help in stopping the exploit code. Newer versions of Internet Explorer running on Windows Vista and Windows 7 are less vulnerable."

France and Germany had been advising users to not use Internet Explorer until Microsoft fixed those zero-day vulnerabilities.