iTWire - Secunia refutes Microsoft IE7 flaw claims

IT&T JOBS|Discussion forum|Technology Events|IT Education|

Today on iTWire IT News Telecommunications People Our Blogs Tech Lifestyle Releases Science Sustainability MyProfile Whitepapers

Daily ICT Newsletter FREE TRIAL

Follow the Australian Telecommunications scene NEWSLETTER- FREE TRIAL

Technology news and Jobs

Information Technology News

Secunia refutes Microsoft IE7 flaw claims

Secunia refutes Microsoft IE7 flaw claims

E-mail

by Stan Beer
Friday, 20 October 2006
Page 2 of 2 Kristensen chided Microsoft for not admitting the IE7 role in the exploitation, saying it will lead to confusion among users and systems administrators. Featured Whitepaper 5 Best Practices for Smartphone Support "For a long time Microsoft has had a policy of tagging various vulnerabilities where IE was the primary or only attack vector as operating system vulnerabilities. This does lead to some confusion and may cause users and system administrators to view the issues as less significant," said Kristensen. "Again, while it may be correct from an organisational (and PR?) point of view within Microsoft, this does not fit into how it is perceived by users and administrators and how they are going to defend against exploitation. "In short, Secunia finds it necessary and reasonable to flag Internet Explorer as being vulnerable if Internet Explorer provides a clear direct vector to a vulnerable component, which is included by default in a fresh clean install of Microsoft Windows. "Hiding behind an explanation that certain vulnerabilities, which only are exploitable through Internet Explorer, are to blame on Outlook Express, Microsoft Windows, or other core Microsoft Windows components seems more like a way to promote security of IE rather than standing up and explaining the users where the true risk is and taking responsibility for the vulnerabilities and risks in IE, which are caused by IE being so heavily integrated with the underlying operating system and other Microsoft components." According to Kristensen, the vulnerability highlighted by the security company in IE7 was underlined by the fact that it does not affect browsers from vendors other than Microsoft. "Firefox and Opera can't be exploited in a default configuration," said Kristensen. "We have not seen any documentation or indications about other vectors to this than IE. It is of course possible that other third party applications (or Microsoft applications) use this functionality but even if they did it isn't certain that it is possible to exploit it for the same purpose as in IE."{moscomment} Tags See All Tags Internet Microsoft Security Powered By Joomla Tags Please enable JavaScript in your browser to post your comment! << First page < 1 2 Next page > Last page - Post your comment >>

< Next story in category		Previous story in the category >

Sponsored Releases

Open Text Deepens Integration with SAP® Solutions

As Christmas Nears, AVG (AU/NZ) Advises Shoppers How to Stay Safe Online

Progress Software Successfully Enables SaaS Deployment in the Cloud for Fifth Year

British Airways selects Progress Software SOA Solutions to upgrade the travel experience

...Promote your press-releases here

Latest jobs

	Visitors last 30 days	694,279
	Subscribers	15,210

#1 independent technology news advertise here

- Advertisement -

Featured Whitepapers

	5 Best Practices for Smartphone Support Worldwide shipments of smartphones reached a high of nearly 40 million units in the third quarter of 2008, helping to grow the category by 28% from the same quarter last year.
	Legacy Tools: Not For Today’s Helpdesk Why applications like RDP, VPNs and VNC may be costing you time, money and end-user satisfaction.

Today on iTWire

Follow iTWire on Twitter

About iTWire

iTWire is all about technology news, information, jobs and community for the IT and telecommunications industry professional. Subscribe to our free ICT daily newsletter

website free tracking