A flaw that research firm Secunia ApS claimed to have discovered in Internet Explorer 7 just hours after its unveiling is not a browser bug after all, Microsoft said on Thursday.
Instead, the problem lies in a component of Microsoft's Outlook Express e-mail client, which can be triggered by the browser.
The flaw could be used in phishing attacks to read sensitive information from the IE browser, Secunia said. The Danish security firm first reported the problem with the IE 6 browser in April and found that it could be reproduced on IE 7 as well. Secunia's advisory can be found here.
Secunia does not consider the problem to be critical, but it was widely reported because its discovery came so soon after IE 7's launch.
"These reports are technically inaccurate," wrote Christopher Budd, a security program manager with Microsoft, in a Thursday blog posting. "The issue concerned in these reports is not in Internet Explorer 7 (or any other version) at all."
One security researcher said he was surprised that Microsoft had apparently not informed Secunia of the nature of this bug back in April, when it was first disclosed.
"They reported this in ... April," said Secure Network SRL Chief Technology Officer Stefano Zanero in an instant message interview. "Microsoft should have investigated then and should have already reported the bug to be not in IE."
"How was Secunia supposed to know?" he asked.
A spokesman with Microsoft's public relations agency could not say what response Microsoft had made to Secunia's first report of the problem back in April. "All I can tell you is that the ... blog is the latest and greatest information we have to share," he said.
This whitepaper explains the terminology and concepts behind Data Replication technologies and establishes some sizing rules through worked examples. Learn the new paradigm in disaster tolerance—protect data anywhere.
Download now »
Server virtualization is a popular option for dealing with mounting datacenter costs. Another equally promising approach is the use of an Application Delivery Controller. Citrix NetScaler provides a low-cost way for organizations to reduce their server count and accrue cost savings from a reduction in space, cooling, power and personnel.
Download now »
The emergence of WLANs has created a new breed of security threats to enterprise networks.
Included in HP ProCurve WLAN solutions is security technology that alleviates threats from WLANs through:
* Monitoring wireless activity inside and out of the enterprise
* Classifying WLAN transmissions into harmful and harmless
* Preventing transmissions that pose a security threat to the enterprise network
* Locating participating devices for physical remediation
Effectively address data protection challenges, implementing solutions that help store and protect business–critical data while cutting costs and improving efficiency and reliability.
Download now »
Sign up to receive Applications Resource Alerts
Like any valuable resource, IT is a terrible thing to waste. But by applying the same lean techniques that have been used to streamline manufacturing processes, IT departments can reduce costs, improve performance and better manage resources.
Download now! »
Stephen Elliot, vice president of strategy for CA's Infrastructure Management and Data Center Automation business unit, explains why difficult economic times drive the need for simplified management capabilities and advanced automation tools.
Listen now! »
According to a recent study CA conducted with 300 CIOs and top IT executives, 64 percent of respondents say they've already invested in virtualization, and the other 36 percent reported that they plan to invest in virtualization.
Download now! »
In this video learn about process automation in a virtualized world. How CA and VMware are enabling enterprise datacenter automation.
View now! »
Recommend This
