Microsoft probes IE 7, Vista bug reports

Microsoft is investigating two recently disclosed security vulnerabilities that affect Internet Explorer 7 and Windows Vista, the company said Monday.

The vulnerabilities aren't considered high-risk, yet they affect the latest releases of Microsoft's Web browser and operating system software. Microsoft has promoted the security of both IE 7 and Windows Vista. The flaws could let attackers get their hands on sensitive user information, security experts have warned.

The French Security Incident Response Team said in an alert that the IE vulnerability, which also affects IE 6, could be exploited in phishing attacks, scams that try to trick people into giving up sensitive information such as credit card data and Social Security numbers. The problem exists because of an error in the way the browser handles certain "onunload" events, the security monitoring company said. Attackers could exploit the issue to spoof the browser address bar, FrSirt said.

The Windows issue is due to a problem with a component that does not properly validate user permissions. This could be exploited by an attacker with access to the machine to get information on protected files, according to a second FrSirt alert. The problem affects Windows Vista, XP, 2000 and Windows Server 2003, FrSirt said.

Microsoft is looking into both vulnerabilities, which were made public last week. Neither of the flaws has been used in any attacks and exploiting the issues is hard, a company representative said.

The IE flaw could only be exploited if an attacker were to lure a victim to a malicious Web site and then persuade the user to enter the address of a trusted site into the address bar. "Customers can avoid this attack by opening and using a new instance of IE before visiting an untrusted site," Microsoft said.

The Windows problem, aside from requiring the attacker to be logged on to the vulnerable computer, appears to only expose file information, not the actual contents of the file, Microsoft said.

Upon completion of its investigations, Microsoft may issue a security advisory or provide security updates through its monthly patch process, the representative said.

[extinctone]

"It's our most secure operating system yet."

Can I get my money back?

[extinctone]

"It's our most secure operating system yet."

Can I get my money back?

[Stating]

Why Do People Still Use IE?

With the exception of a few laggard websites, why even bother using IE? It will always be the least secure of the bunch-o-browsers. It's not like you have to PAY for an alternative browser.

[Stating]

Why Do People Still Use IE?

With the exception of a few laggard websites, why even bother using IE? It will always be the least secure of the bunch-o-browsers. It's not like you have to PAY for an alternative browser.

[ozidigga]

I have a quick solution

It's a novel idea, pretty sure others have thought of it....delete IE from your desktop to help prevent clicking it by accident. Install Firefox and make it your default. IE bug is fixed. (Yes I know firefox is not perfect but it's a big improvement). Then you don't have to wait for M$ to fix problems like this. Personally I think M$ make a fine OS, but they should leave products like web browsers and security to those who don't have other distractions. M$ just have too many fingers in too many pies, many of their products are half baked.

[ozidigga]

I have a quick solution

It's a novel idea, pretty sure others have thought of it....delete IE from your desktop to help prevent clicking it by accident. Install Firefox and make it your default. IE bug is fixed. (Yes I know firefox is not perfect but it's a big improvement). Then you don't have to wait for M$ to fix problems like this. Personally I think M$ make a fine OS, but they should leave products like web browsers and security to those who don't have other distractions. M$ just have too many fingers in too many pies, many of their products are half baked.

[ba_oren]

CallingID Toolbar automatically protects against these phishing holes

The new phishing methods that can bypass the security shield of Internet explorer 7 are automatically detected by CallingID Toolbar because of its basic design of five security layers and the unique approach of positive identification and verification of sites which took into consideration possible loopholes in web browsers.

[ba_oren]

CallingID Toolbar automatically protects against these phishing holes

The new phishing methods that can bypass the security shield of Internet explorer 7 are automatically detected by CallingID Toolbar because of its basic design of five security layers and the unique approach of positive identification and verification of sites which took into consideration possible loopholes in web browsers.

[pentium4forever]

Use alternative browser

One solution is to use IE a lot less. Use an alternate browser like FF or Opera. There's some people that claim FF can't load hardly any pages right like IE. I know there's tons of pages that are built around IE's standards and such. I beg to differ. FF displays a lot more pages correctly than it used to, I'd almost say 90-95% are fine in FF. I use IE mostly for running Windows Update although there's a add-on somewhere that lets you run Windows Update in FF believe it or not.

[pentium4forever]

Use alternative browser

One solution is to use IE a lot less. Use an alternate browser like FF or Opera. There's some people that claim FF can't load hardly any pages right like IE. I know there's tons of pages that are built around IE's standards and such. I beg to differ. FF displays a lot more pages correctly than it used to, I'd almost say 90-95% are fine in FF. I use IE mostly for running Windows Update although there's a add-on somewhere that lets you run Windows Update in FF believe it or not.

[pentium4forever]

Internet Explorer.....to be discontinued?

Perhaps Microsoft should discontinue Internet Explorer. They seem to have to continue to work on it with fixes and such so often they probably don't get a chance to work on new projects as often as they wish.

[pentium4forever]

Internet Explorer.....to be discontinued?

Perhaps Microsoft should discontinue Internet Explorer. They seem to have to continue to work on it with fixes and such so often they probably don't get a chance to work on new projects as often as they wish.

[qwerty75]

How can IE7 be any more secure..

...when it obviously has IE6 code?

Don't expect your house to stay up long when it is build on top of garbage.

If MS had even a slightest clue, they would have started over for IE7 and Vista.

[qwerty75]

How can IE7 be any more secure..

...when it obviously has IE6 code?

Don't expect your house to stay up long when it is build on top of garbage.

If MS had even a slightest clue, they would have started over for IE7 and Vista.

[ozidigga]

YOU CAN GET WINDOWS UPDATES WITH IE

www.windizupdate.com

[ozidigga]

YOU CAN GET WINDOWS UPDATES WITH IE

www.windizupdate.com

[ozidigga]

YOU CAN GET WINDOWS UPDATES WITHOUT IE

www.windizupdate.com

[ozidigga]

YOU CAN GET WINDOWS UPDATES WITHOUT IE

www.windizupdate.com