Add as a preferred source on Google


News

Microsoft Acknowledges One IE7 Flaw, Denies Another

Microsoft today acknowledged that one of two IE7 security flaws alleged by Denmark-based security firm Secunia could leave systems vulnerable.

In a post made today on Microsoft's Security Response Center Blog, Christopher Budd wrote that the company is investigating a URL display issue that might be exploitable to phishing attacks via spoofing.

"We're not aware of any attacks that are attempting to use this," he wrote, "but as always we will continue to monitor the situation throughout our investigation."

Recommendations for protecting systems while the issue is being investigated can be found in the blog post here.

Microsoft refutes another report from Secunia that alleges IE7 also suffers from URL redirect issues that could leave users vulnerable.

"These reports are technically inaccurate," Budd wrote on Friday, one day after Secunia published its report and two days after IE7's release. "The issue concerned in these reports is not in Internet Explorer 7 (or any other version) at all. Rather, it is in a different Windows component, specifically a component in Outlook Express. While these reports use Internet Explorer as a vector, the vulnerability itself is in Outlook."

He continued, "We do have this under investigation and are monitoring the situation closely, and we'll take appropriate action to protect our customers once we've completed the investigation."

Secunia rates both flaws as "less critical."

About the Author

Becky Nagel serves as vice president of AI for 1105 Media specializing in developing media, events and training for companies around AI and generative AI technology. She also regularly writes and reports on AI news, and is the founding editor of PureAI.com. She's the author of "ChatGPT Prompt 101 Guide for Business Users" and other popular AI resources with a real-world business perspective. She regularly speaks, writes and develops content around AI, generative AI and other business tech. She has a background in Web technology and B2B enterprise technology journalism.

Featured

  • Microsoft Dismantles RedVDS Cybercrime Marketplace Linked to $40M in Phishing Fraud

    In a coordinated action spanning the United States and the United Kingdom, Microsoft’s Digital Crimes Unit (DCU) and international law enforcement collaborators have taken down RedVDS, a subscription based cybercrime platform tied to an estimated $40 million in fraud losses in the U.S. since March 2025.

  • Sound Wave Illustration

    CrowdStrike's Acquisition of SGNL Aims to Strengthen Identity Security

    CrowdStrike signs definitive agreement to purchase SGNL, an identity security specialist, in a deal valued at about $740 million.

  • Microsoft Acquires Osmos, Automating Data Engineering inside Fabric

    In a strategic move to reduce time-consuming manual data preparation, Microsoft has acquired Seattle-based startup Osmos, specializing in agentic AI for data engineering.

  • Linux Foundation Unites Major Tech Firms to Launch Agentic AI Foundation

    The Linux Foundation today announced the creation of a new collaborative initiative — the Agentic AI Foundation (AAIF) — bringing together major AI and cloud players such as Microsoft, OpenAI, Anthropic and other major tech companies.

Most   Popular