- BlackBerry Storm vs. the iPhone
- 2008 IT industry graveyard
- Top 10 worst uses for Windows
- Economic crisis means double duty for IT pros
- BlackBerry Storm, RIM's first touchscreen device, rolls in
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:Application Performance Solutions | App Performance | Networking Solution | SafeGuard Enterprise Solution Center | SOA | Test your Web Filter | Value of WDS
A flaw that research firm Secunia claimed to have discovered in Internet Explorer 7 just hours after its unveiling is not a browser bug after all, Microsoft said Thursday.
Instead, the problem lies in a component of Microsoft's Outlook Express e-mail client, which can be triggered by the browser.
The flaw could be used in phishing attacks to read sensitive information from the IE browser, Secunia said. The Danish security firm first reported the problem with the IE 6 browser in April and found that it could be reproduced on IE 7 as well. Secunia's advisory can be found here.
Secunia does not consider the problem to be critical, but it was widely reported because its discovery came so soon after IE 7's launch.
"These reports are technically inaccurate," wrote Christopher Budd, a security program manager with Microsoft, in a Thursday blog posting. "The issue concerned in these reports is not in Internet Explorer 7 (or any other version) at all." Budd's blog posting can be found here.
One security researcher said he was surprised that Microsoft had apparently not informed Secunia of the nature of this bug back in April, when it was first disclosed.
"They reported this in ... April," said Secure Network SRL CTO Stefano Zanero in an instant message interview. "Microsoft should have investigated then and should have already reported the bug to be not in IE."
"How was Secunia supposed to know?" he asked.
A spokesman with Microsoft's public relations agency could not say what response Microsoft had made to Secunia's first report of the problem back in April. "All I can tell you is that the ... blog is the latest and greatest information we have to share," he said.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment