IE8 RTW HTTP/HTTPS port-blocking expanded

Microsoft extended the list of port blocking from 8 to 10 with Internet Explorer 8. “Internet Explorer (actually, WinINET, the network stack beneath IE) prohibits use of certain ports for HTTP(S) connections. The intent of this blocking is to prevent Cross Service/Protocol Request Forgery attacks. IE8's current port-block list contains: 19 (chargen), 21 (ftp), 25 (smtp), 110 (pop3), 119 […]

Microsoft extended the list of port blocking from 8 to 10 with Internet Explorer 8. “Internet Explorer (actually, WinINET, the network stack beneath IE) prohibits use of certain ports for HTTP(S) connections. The intent of this blocking is to prevent Cross Service/Protocol Request Forgery attacks. IE8's current port-block list contains: 19 (chargen), 21 (ftp), 25 (smtp), 110 (pop3), 119 (nntp), 143 (imap2), 220 (imap3), 993 (secure imap). To this list, IE8 also added 220 and 993. Attempts to use these ports in HTTP/HTTPS URLs will result in a connection failure. At this time, WinINET does not offer users or administrators a mechanism to block additional ports or unblock ports.