Important: The Internet Explorer 11 desktop application is retired and out of support as of June 15, 2022 for certain versions of Windows 10.

You can still access older, legacy sites that require Internet Explorer with Internet Explorer mode in Microsoft Edge. Learn how.

The Internet Explorer 11 desktop application will progressively redirect to the faster, more secure Microsoft Edge browser, and will ultimately be disabled via Windows Update. Disable IE today.

Symptoms

Assume that you try to upload a file by using an XMLHttpRequest object in Level 2 specification in Internet Explorer 10. The file upload cannot be finished if the POST receives a 401 authentication challenge. The upload either freezes indefinitely or times out if a 401 challenge is received on the HTTP POST.

Additionally, this affects POSTs that contain files that are attached by using a formData().append method. The failures can occur in one of two ways during the network traces, depending on whether the Kerberos protocol or the NT LAN Manager (NTLM) protocol is used:
 

  • If Internet Explorer sends the POST, and the server responds with a 401 including the Authentication Header (AH), and then the Kerberos protocol is negotiated:

    • Internet Explorer sends the initial POST that contains the full body.

    • Server responds with Authenticate: Negotiate.

    • Internet Explorer sends Kerberos hash to the server together with content-length that states a full POST body is present but does not include the content.

    • Server waits for the remaining payload. However, the payload is never sent.

  • If Internet Explorer sends the POST, and the server responds with a 401 including the AH, and then the NTLM protocol is negotiated:

    • Internet Explorer sends the initial POST that contains the full body.

    • Server responds with Authenticate: Negotiate or Authenticate: NTLM.

    • Internet Explorer sends NTLM hash to the server together with content-length = 0.

    • Server responds with server hash.

    • No follow-up POST that contains the completed hash or a full POST body is sent by the client.

Resolution

Update information

To resolve this issue, install the most recent cumulative security update for Internet Explorer. To do this, go to Microsoft Update.

For technical information about the most recent cumulative security update for Internet Explorer, go to the following Microsoft website:

http://www.microsoft.com/technet/security/current.aspxNote This update was first included in security update 2975687.

For more information about security update 2977629, click the following article number to view the article in the Microsoft Knowledge Base:
 

2977629 MS14-052: Cumulative security update for Internet Explorer: September 9, 2014

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

References

See the terminology that Microsoft uses to describe software updates.

Need more help?

Expand your skills
Explore Training
Get new features first
Join Microsoft Insiders

Was this information helpful?

What affected your experience?

Thank you for your feedback!

×