News
Microsoft Acknowledges One IE7 Flaw, Denies Another
Microsoft today acknowledged that one of two IE7 security flaws alleged by Denmark-based security firm Secunia could leave systems vulnerable.
In a post made today on Microsoft's Security Response Center Blog, Christopher Budd wrote that the company is investigating a URL display issue that might be exploitable to phishing attacks via spoofing.
"We're not aware of any attacks that are attempting to use this," he wrote, "but as always we will continue to monitor the situation throughout our investigation."
Recommendations for protecting systems while the issue is being investigated can be found in the blog post here.
Microsoft refutes another report from Secunia that alleges IE7 also suffers from URL redirect issues that could leave users vulnerable.
"These reports are technically inaccurate," Budd wrote on Friday, one day after Secunia published its report and two days after IE7's release. "The issue concerned in these reports is not in Internet Explorer 7 (or any other version) at all. Rather, it is in a different Windows component, specifically a component in Outlook Express. While these reports use Internet Explorer as a vector, the vulnerability itself is in Outlook."
He continued, "We do have this under investigation and are monitoring the situation closely, and we'll take appropriate action to protect our customers once we've completed the investigation."
Secunia rates both flaws as "less critical."
About the Author
Becky Nagel is vice president of AI for 1105 Media, where she specializes in training internal and external customers on maximizing their business potential via a wide variety of generative AI technologies as well as developing cutting-edge AI content and events. She's the author of "ChatGPT Prompt 101 Guide for Business Uses," regularly leads research studies on generative AI business usage, and serves as the director of AI Boardroom, a new resource for C-level executives looking to excel in the AI era. Prior to her current position she was a technical leader for 1105 Media's Web, advertising and production teams as well as editorial director for a suite of enterprise technology publications, including serving as founding editor of PureAI.com. She has 20 years of enterprise technology journalism experience, and regularly speaks and writes about generative AI, AI, edge computing and other cutting-edge technologies. She can be reached at [email protected].