Microsoft Acknowledges One IE7 Flaw, Denies Another -- Redmondmag.com

Microsoft Acknowledges One IE7 Flaw, Denies Another

By Becky Nagel
10/26/2006

Microsoft today acknowledged that one of two IE7 security flaws alleged by Denmark-based security firm Secunia could leave systems vulnerable.

In a post made today on Microsoft's Security Response Center Blog, Christopher Budd wrote that the company is investigating a URL display issue that might be exploitable to phishing attacks via spoofing.

"We're not aware of any attacks that are attempting to use this," he wrote, "but as always we will continue to monitor the situation throughout our investigation."

Recommendations for protecting systems while the issue is being investigated can be found in the blog post here.

Microsoft refutes another report from Secunia that alleges IE7 also suffers from URL redirect issues that could leave users vulnerable.

"These reports are technically inaccurate," Budd wrote on Friday, one day after Secunia published its report and two days after IE7's release. "The issue concerned in these reports is not in Internet Explorer 7 (or any other version) at all. Rather, it is in a different Windows component, specifically a component in Outlook Express. While these reports use Internet Explorer as a vector, the vulnerability itself is in Outlook."

He continued, "We do have this under investigation and are monitoring the situation closely, and we'll take appropriate action to protect our customers once we've completed the investigation."

Secunia rates both flaws as "less critical."

About the Author

Becky Nagel is the vice president of Web & Digital Strategy for 1105's Converge360 Group, where she oversees the front-end Web team and deals with all aspects of digital projects at the company, including launching and running the group's popular virtual summit and Coffee talk series . She an experienced tech journalist (20 years), and before her current position, was the editorial director of the group's sites. A few years ago she gave a talk at a leading technical publishers conference about how changes in Web browser technology would impact online advertising for publishers. Follow her on twitter @beckynagel.

Featured

Planning for Three-Tier Data Protection

Implement this multi-layered data protection strategy for enhanced security and resilience.
IBM, Meta and Others Launch AI Safety Alliance

On Tuesday, IBM and Meta announced a new alliance of over 50 members from the worlds of industry, government and education to focus on promoting and developing alternatives to closed AI systems.
Microsoft Copilot Commercially Released

Microsoft Copilot is now offered at the "general availability" commercial-release stage, per a Friday Microsoft announcement.
Windows Server vNext To Bring Hotpatching for All and Other Perks

Microsoft will be bringing a bunch of improvements to Windows Server in its "vNext" release, per a November Microsoft Ignite presentation.
Microsoft Aims To Deliver 'Confidential AI' in Partnership with Nvidia

Microsoft extolled ongoing efforts to deliver "confidential AI" to Azure customers in a Wednesday announcement.