Bink.nu Services

Subscribe to our feed 
Alerts 
 


Order Now!

Windows 7 for XP Professionals
Updating Support Skills from XP to Windows 7
by Bink.nu's Raymond Comvalius

Who is online

There are 56 guest(s) online.

There are 0 member(s) online.

Sponsors



Popular Tags

UPDATED: Microsoft's Response to IE7 vulnerability
Posted by Steven Bink October 19, 2006 6:21 PM with 4 comment(s)
Filed under:

I have been contacted by a Microsoft's spokesperson about the "IE7 bug" which technically is an Outlook Express bug. In Vista this bug is fixed, for Windows XP this fix is underway.

Official Statement: Microsoft is aware of public reports of a vulnerability in Outlook Express which is currently under investigation. Microsoft is not aware of any attacks attempting to use the reported vulnerability or of customer impact at this time. 

Upon completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include issuing a security advisory or providing a security update through our monthly release process, depending on customer needs.

Customers who believe they are affected can contact Product Support Services.  Contact Product Support Services in North America for help with security update issues or viruses at no charge using the PC Safety line (1866-PCSAFETY) and international customers by using any method found at this location: http://support.microsoft.com/security.
 
As always, Microsoft encourages customers to follow its “Protect Your PC” guidance of enabling a firewall, applying all security updates and installing anti-virus software. Customers can learn more about these steps at www.microsoft.com/protect.



UPDATE: MSRC Blog now has a report too: http://blogs.technet.com/msrc/archive/2006/10/19/information-on-reports-of-ie-7-vulnerability.aspx
Send via e-mail | Submit to Digg | Add to Live Favorites
1546 Views
Source: In House

Comments

 

lsproc said:

Once a month is too long. If MS were to keep on top of these flaws, they should investigate and fix them as soon as they are found, then release them as soon as testing is complete.

It is just unacceptable.

October 19, 2006 8:50 PM
 

GP007 said:

It's not rated as highlly Critical though,  And as long as no active attack is underway they don't have to rush a patch out.  By contrast, the last critical bug had a patch out in a few days,  I beleave it was the XML flaw for IE6?  Though that also didn't effect IE7 since it was already fixed in the new version.   But the point is,  if it's a problem that needs fixing fast, they'll break the one month patch cycle and release it, as they have done before.

October 20, 2006 1:51 AM
 

bones said:

I think this vulnerability is critical! A malicious website could retreive information from a website where you are logged in (your hotmail mailbox for example).

With tabs, i sometime have several websites opened at the same time.

Saying that there are no known attacks is bullshit. Do you think that pirates contact Microsoft to tell them : "Hey, my website is malicious !"

How can MS communicate on the new security features with that kind of hole ?

What a shame!

October 20, 2006 8:51 AM
 

Andrewft65 said:

Nothing changes!

Good to see they are working on an XP fix!
October 20, 2006 12:03 PM

About Steven Bink

Founder of Bink.nu
Powered By IIS 7 Powered by ASP.NET
Bink.nu 3.0. Copyright © 1999-2010 Steven Bink. All Rights Reserved.
Microsoft and Microsoft logo's are trademarks of Microsoft Corporation.