Microsoft developed a prototype defense tool, BrowserShield, that can defend unpatched browsers by filtering and rewriting incoming Web content at network borders.
In this way malicious code can be rendered safe before it reaches the browser even if the browser has known but unpatched vulnerabilities, and when new zero-day exploits emerge updates can be made to BrowserShield while a patch is being developed. Because of its design BrowserShield could be implemented on client networks to filtering incoming traffic or on content hosting providers' networks to filter content before it leaves a Web server.
Several Microsoft product groups are reportedly interested in BrowserShield, including the IE and ISA Server teams as well as Live teams and MSN Search. Development of BrowserShield, which began in 2005, was done by Helen Wang and John Dunagan of the Systems and Networking group at Microsoft Research's Redmond lab. Wang and Dunagan were assisted by interns Charlie Reis and Saher Esmeir, as well as ISA Server program manager Opher Dubrovsky.
A more complete description of the technology and its inner workings can be found in Microsoft Research's publication BrowserShield: Vulnerability-Driven Filtering of Dynamic HTML.