This entry was posted on Friday, October 20th, 2006 at 14:58 and is filed under Security, Software. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.
Site Search:
Friday, October 20, 2006
You know, we joked about the security thing in our IE 7 release announcement, but truth is, it was only half-joking since Microsoft just really isn’t known for “security”. Well looks like security experts Secunia have called Microsoft to the carpet and called its IE exploit found last November an Internet Explorer exploit and not an Outlook Express one that Redmond is claiming.
“Microsoft claims the recent IE7 vulnerability is an Outlook Express vulnerability,” Secunia CTO Thomas Kristensen’s statement claims. “This may be true, from an organizational point of view within Microsoft. However, the vulnerability is fully exploitable via IE, which is the primary attack vector, if not the only attack vector.”
Secunia won’t let up, either, and still has the exploit listed on its site for Internet Explorer 7.x. “Secunia finds it necessary and reasonable to flag Internet Explorer as being vulnerable if Internet Explorer provides a clear direct vector to a vulnerable component, which is included by default in a fresh clean install of Microsoft Windows,” Kristensen writes.
But to make things even more interesting, BetaNews tested this theory and installed IE 7 on a fresh install of VirtualPC and found, “The browser failed the MHTML content retrieval test. The issue involves redirecting the Web browser to a local resource.”
So the plot thickens and SvenOnTech will only continue to warn you to use IE of any sort with extreme caution. Use Firefox if you must use a PC at all or just get a Mac and forget all this nonsense. 
[Via jCXP.net]
