• On MovieTome: HARRY POTTER gets a new trailer!

February 26, 2007 2:59 PM PST

Microsoft probes IE 7, Vista bug reports

Related Stories

Vista for the masses

April 4, 2007

Flaw found in Office 2007

February 23, 2007

Zero-day attack hits Word

February 15, 2007

Microsoft patches 20 security flaws

February 13, 2007

Microsoft to deliver patches by the dozen

February 8, 2007
Microsoft is investigating two recently disclosed security vulnerabilities that affect Internet Explorer 7 and Windows Vista, the company said Monday.

The vulnerabilities aren't considered high-risk, yet they affect the latest releases of Microsoft's Web browser and operating system software. Microsoft has promoted the security of both IE 7 and Windows Vista. The flaws could let attackers get their hands on sensitive user information, security experts have warned.

The French Security Incident Response Team said in an alert that the IE vulnerability, which also affects IE 6, could be exploited in phishing attacks, scams that try to trick people into giving up sensitive information such as credit card data and Social Security numbers. The problem exists because of an error in the way the browser handles certain "onunload" events, the security monitoring company said. Attackers could exploit the issue to spoof the browser address bar, FrSirt said.

The Windows issue is due to a problem with a component that does not properly validate user permissions. This could be exploited by an attacker with access to the machine to get information on protected files, according to a second FrSirt alert. The problem affects Windows Vista, XP, 2000 and Windows Server 2003, FrSirt said.

Microsoft is looking into both vulnerabilities, which were made public last week. Neither of the flaws has been used in any attacks and exploiting the issues is hard, a company representative said.

The IE flaw could only be exploited if an attacker were to lure a victim to a malicious Web site and then persuade the user to enter the address of a trusted site into the address bar. "Customers can avoid this attack by opening and using a new instance of IE before visiting an untrusted site," Microsoft said.

The Windows problem, aside from requiring the attacker to be logged on to the vulnerable computer, appears to only expose file information, not the actual contents of the file, Microsoft said.

Upon completion of its investigations, Microsoft may issue a security advisory or provide security updates through its monthly patch process, the representative said.

See more CNET content tagged:
Microsoft Internet Explorer 7, attacker, Microsoft Internet Explorer, vulnerability, Microsoft Windows Vista

Add a Comment (Log in or register) 70 comments (Showing first 20 comments)
"It's our most secure operating system yet."
by extinctone February 26, 2007 3:39 PM PST
Can I get my money back?
Reply to this comment View all 5 replies
"It's our most secure operating system yet."
by extinctone February 26, 2007 3:39 PM PST
Can I get my money back?
Reply to this comment View all 5 replies
Why Do People Still Use IE?
by Stating February 26, 2007 5:19 PM PST
With the exception of a few laggard websites, why even bother using IE? It will always be the least secure of the bunch-o-browsers. It's not like you have to PAY for an alternative browser.
Reply to this comment View all 2 replies
Why Do People Still Use IE?
by Stating February 26, 2007 5:19 PM PST
With the exception of a few laggard websites, why even bother using IE? It will always be the least secure of the bunch-o-browsers. It's not like you have to PAY for an alternative browser.
Reply to this comment View all 2 replies
I have a quick solution
by ozidigga February 26, 2007 8:52 PM PST
It's a novel idea, pretty sure others have thought of it....delete IE from your desktop to help prevent clicking it by accident. Install Firefox and make it your default. IE bug is fixed. (Yes I know firefox is not perfect but it's a big improvement). Then you don't have to wait for M$ to fix problems like this. Personally I think M$ make a fine OS, but they should leave products like web browsers and security to those who don't have other distractions. M$ just have too many fingers in too many pies, many of their products are half baked.
Reply to this comment View all 3 replies
I have a quick solution
by ozidigga February 26, 2007 8:52 PM PST
It's a novel idea, pretty sure others have thought of it....delete IE from your desktop to help prevent clicking it by accident. Install Firefox and make it your default. IE bug is fixed. (Yes I know firefox is not perfect but it's a big improvement). Then you don't have to wait for M$ to fix problems like this. Personally I think M$ make a fine OS, but they should leave products like web browsers and security to those who don't have other distractions. M$ just have too many fingers in too many pies, many of their products are half baked.
Reply to this comment View all 3 replies
CallingID Toolbar automatically protects against these phishing holes
by ba_oren February 27, 2007 6:16 AM PST
The new phishing methods that can bypass the security shield of Internet explorer 7 are automatically detected by CallingID Toolbar because of its basic design of five security layers and the unique approach of positive identification and verification of sites which took into consideration possible loopholes in web browsers.
Reply to this comment
CallingID Toolbar automatically protects against these phishing holes
by ba_oren February 27, 2007 6:16 AM PST
The new phishing methods that can bypass the security shield of Internet explorer 7 are automatically detected by CallingID Toolbar because of its basic design of five security layers and the unique approach of positive identification and verification of sites which took into consideration possible loopholes in web browsers.
Reply to this comment
Use alternative browser
by pentium4forever February 27, 2007 8:26 AM PST
One solution is to use IE a lot less. Use an alternate browser like FF or Opera. There's some people that claim FF can't load hardly any pages right like IE. I know there's tons of pages that are built around IE's standards and such. I beg to differ. FF displays a lot more pages correctly than it used to, I'd almost say 90-95% are fine in FF. I use IE mostly for running Windows Update although there's a add-on somewhere that lets you run Windows Update in FF believe it or not.
Reply to this comment
Use alternative browser
by pentium4forever February 27, 2007 8:26 AM PST
One solution is to use IE a lot less. Use an alternate browser like FF or Opera. There's some people that claim FF can't load hardly any pages right like IE. I know there's tons of pages that are built around IE's standards and such. I beg to differ. FF displays a lot more pages correctly than it used to, I'd almost say 90-95% are fine in FF. I use IE mostly for running Windows Update although there's a add-on somewhere that lets you run Windows Update in FF believe it or not.
Reply to this comment
Internet Explorer.....to be discontinued?
by pentium4forever February 27, 2007 8:27 AM PST
Perhaps Microsoft should discontinue Internet Explorer. They seem to have to continue to work on it with fixes and such so often they probably don't get a chance to work on new projects as often as they wish.
Reply to this comment View reply
Internet Explorer.....to be discontinued?
by pentium4forever February 27, 2007 8:27 AM PST
Perhaps Microsoft should discontinue Internet Explorer. They seem to have to continue to work on it with fixes and such so often they probably don't get a chance to work on new projects as often as they wish.
Reply to this comment View reply
How can IE7 be any more secure..
by qwerty75 February 27, 2007 8:32 PM PST
...when it obviously has IE6 code?

Don't expect your house to stay up long when it is build on top of garbage.

If MS had even a slightest clue, they would have started over for IE7 and Vista.
Reply to this comment
How can IE7 be any more secure..
by qwerty75 February 27, 2007 8:32 PM PST
...when it obviously has IE6 code?

Don't expect your house to stay up long when it is build on top of garbage.

If MS had even a slightest clue, they would have started over for IE7 and Vista.
Reply to this comment
YOU CAN GET WINDOWS UPDATES WITH IE
by ozidigga February 27, 2007 10:32 PM PST
www.windizupdate.com
Reply to this comment
YOU CAN GET WINDOWS UPDATES WITH IE
by ozidigga February 27, 2007 10:32 PM PST
www.windizupdate.com
Reply to this comment
YOU CAN GET WINDOWS UPDATES WITHOUT IE
by ozidigga February 27, 2007 10:33 PM PST
www.windizupdate.com
Reply to this comment
YOU CAN GET WINDOWS UPDATES WITHOUT IE
by ozidigga February 27, 2007 10:33 PM PST
www.windizupdate.com
Reply to this comment
 See all 70 Comments >>
Powered by Jive Software
advertisement

Latest tech news headlines

Resource center from News.com sponsors
You Need The Speed of Norton 2009
Introducing Norton Internet Security™2009

Click Here!
With one-click, one-minute install, under 8MB of memory usage and fewer, shorter scans, it's the fastest security suite anywhere. Norton. Smart Security, Engineered for Speed. Get a FREE trial today!

Click Here!
The Fastest Security Suite Anywhere

Experience the revolutionary Norton Internet Security™ 2009. With Norton™ Insight, a new feature, you get precision security that targets only at risk files for fewer, faster, shorter scans

Win a Trip to Space!*

Enter the Blast Off with Norton Sweepstakes for your shot at a trip to space. You could experience being fast and weightless, just like the new Norton 2009. *No purchase necessary; click for full details.

FREE Trial!

Act now to get your FREE trial of Norton Internet Security 2009. Try it for the protection. Love it for the speed

Norton Safe Web NEW!

A community-based system that rates web site safety

Norton Labs NEW!

Users can download new security technologies and share input directly with developers. Help us shape our future products!

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

advertisement

Inside CNET News

Scroll Left Scroll Right