Arguments begin over IE7 flaw

The new browser is secure says Redmond, it's just some of their other software that isn't.

Microsoft has denied that there is a hole in the security of it's newly released browser IE7.

Shortly after the release of the new browser vulnerability experts Secunia issued an advisory warning of a flaw in the handling of redirections for URLs. This can be exploited to access documents served from another web site.

Advertisement - Article continues below

The Secunia researchers, who based their claim on proof of concept code posted in by a third party, say the flaw is 'Less Critical', its second least serious warning level.

But Christopher Budd, who works at the Microsoft Security Response Center, has bebunked the claims, saying that the code is secure. He claims the flaw is not in the browser itself but in the other Microsoft applications it works with.

"These reports are technically inaccurate: the issue concerned in these reports is not in Internet Explorer 7 (or any other version) at all," he wrote in the Security Center's blog.

"Rather, it is in a different Windows component, specifically a component in Outlook Express. While these reports use Internet Explorer as a vector the vulnerability itself is in Outlook Express."

This explanation however cut little ice with the experts at Secunia.

"Just because a vulnerability stems from an underlying component does not relieve IE or any other piece of software from responsibility when it provides a clear direct vector to the vulnerable component."

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

He pointed out that Microsoft had a history of flagging flaws that could only or primarily be attacked via IE as operating system rather than browser flaws.

"Hiding behind an explanation that certain vulnerabilities, which only are exploitable through Internet Explorer, are to blame on Outlook Express, Microsoft Windows, or other core Microsoft Windows components seems more like a way to promote security of IE rather than standing up and explaining the users where the true risk is and taking responsibility for the vulnerabilities and risks in IE, which are caused by IE being so heavily integrated with the underlying operating system and other Microsoft components," he continued.

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now
Advertisement

Recommended

Visit/security/vulnerability/355236/hp-support-assistant-flaws-leave-windows-devices-open-to-attack
vulnerability

HP Support Assistant flaws leave Windows devices open to attack

6 Apr 2020
Visit/security/cyber-security/355234/safari-bug-let-hackers-access-cameras-on-iphones-and-macs
cyber security

Safari bug let hackers access cameras on iPhones and Macs

6 Apr 2020
Visit/software/video-conferencing/355229/zoom-we-moved-too-fast
video conferencing

Zoom CEO admits company "moved too fast" as privacy issues mount

6 Apr 2020
Visit/security/internet-security/355228/mozilla-fixes-two-firefox-zero-days-being-actively-exploited
internet security

Mozilla fixes two Firefox zero-days being actively exploited

6 Apr 2020

Most Popular

Visit/mobile/mobile-phones/355239/microsofts-patent-design-reveals-a-mobile-device-with-a-third-screen
Mobile Phones

Microsoft patents a mobile device with a third screen

6 Apr 2020
Visit/development/application-programming-interface-api/355192/apple-buys-dark-sky-weather-app-and-leaves
application programming interface (API)

Apple buys Dark Sky weather app and leaves Android users in the cold

1 Apr 2020
Visit/server-storage/servers/355254/a-critical-flaw-in-350000-microsoft-exchange-remains-unpatched
servers

A critical flaw in 350,000 Microsoft Exchange remains unpatched

7 Apr 2020