RCPmag

Open Menu Open Menu


News

Microsoft Acknowledges One IE7 Flaw, Denies Another

Microsoft today acknowledged that one of two IE7 security flaws alleged by Denmark-based security firm Secunia could leave systems vulnerable.

In a post made today on Microsoft's Security Response Center Blog, Christopher Budd wrote that the company is investigating a URL display issue that might be exploitable to phishing attacks via spoofing.

"We're not aware of any attacks that are attempting to use this," he wrote, "but as always we will continue to monitor the situation throughout our investigation."

Recommendations for protecting systems while the issue is being investigated can be found in the blog post here.

Microsoft refutes another report from Secunia that alleges IE7 also suffers from URL redirect issues that could leave users vulnerable.

"These reports are technically inaccurate," Budd wrote on Friday, one day after Secunia published its report and two days after IE7's release. "The issue concerned in these reports is not in Internet Explorer 7 (or any other version) at all. Rather, it is in a different Windows component, specifically a component in Outlook Express. While these reports use Internet Explorer as a vector, the vulnerability itself is in Outlook."

He continued, "We do have this under investigation and are monitoring the situation closely, and we'll take appropriate action to protect our customers once we've completed the investigation."

Secunia rates both flaws as "less critical."

About the Author

Becky Nagel is the vice president of Web & Digital Strategy for 1105's Converge360 Group, where she oversees the front-end Web team and deals with all aspects of digital strategy. She also serves as executive editor of the group's media Web sites, and you'll even find her byline on PureAI.com, the group's newest site for enterprise developers working with AI. She recently gave a talk at a leading technical publishers conference about how changes in Web technology may impact publishers' bottom lines. Follow her on twitter @beckynagel.

Featured

  • The 2020 Microsoft Product Roadmap

    From the next major update to Windows 10 to the next generations of .NET and PowerShell, here's what's on tap from Microsoft this year.

  • Microsoft's Power Platform, Dynamics 365 Get AI Boost with Orions Systems Buy

    Microsoft this week acquired Orions Systems with plans to bring the firm's AI-powered video analysis solutions to the Dynamics 365 and Power Platform products.

  • 2020 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss. (Now updated with COVID-19-related event changes.)

  • Microsoft Partners with Movial To Bring Android to Surface

    Microsoft is adding more Android expertise to its in-house engineering teams via a deal with Movial, a software engineering and design services company based in Finland.

Most   Popular

RCP Update

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.