The good news: it's not an IE7 vulnerability. The bad news?

SANS Internet Storm Center, InfoCON: green is reporting New Internet Explorer and an old vulnerability, (Fri, Oct 20th). “As you probably know by now, Microsoft yesterday released the final version of Internet Explorer 7 …”

There was a great flap as Secunia grabbed the headlines by claiming that they had found a vulnerability in IE7. Not so, claims Microsoft! The vulnerability is in Outlook Express, installed by default on all Windows installations. And the flaw is a known one, seven months old. And it's unpatched.

So, how does a newer “secure” browser supporting an older, unpatched vulnerability, unfixed for over 200 days, mean we're more secure now?


Powered by WordPress. Designed by Woo Themes

This work by Ted Roche is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 United States.