Friday, October 20, 2006

Bickering Over Vulnerability in Internet Explorer 7

Via heise Security.

The first vulnerability in Internet Explorer 7, reported yesterday (Thursday), which has been known in IE6 for 6 months has given rise to bickering. Microsoft has now issued its first public response. It claims that the problem lies in neither Internet Explorer 6 nor Internet Explorer 7, despite the fact that the demonstration of the vulnerability uses these browsers as its attack vector. The fault lies with an Outlook Express component in Windows - Microsoft is looking into the matter.

Thomas Christensen, CTO of Secunia, gave his response to heise Security, "Just because a vulnerability stems from an underlying component does not relieve IE or any other piece of software from responsibility when it provides a clear direct vector to the vulnerable component."

For some time Microsoft has pursued a policy of categorising every imaginable security vulnerability as a vulnerability in the operating system, for which Internet Explorer is the primary or only attack vector. This causes confusion and can lead users and administrators to underestimate the seriousness of a problem.

More here.

posted by Fergie @ 10/20/2006 11:29:00 AM

0 Comments:

Post a Comment

<< Home