SANS Internet Storm Center, InfoCON: green is reporting New Internet Explorer and an old vulnerability, (Fri, Oct 20th). “As you probably know by now, Microsoft yesterday released the final version of Internet Explorer 7 …”
There was a great flap as Secunia grabbed the headlines by claiming that they had found a vulnerability in IE7. Not so, claims Microsoft! The vulnerability is in Outlook Express, installed by default on all Windows installations. And the flaw is a known one, seven months old. And it's unpatched.
So, how does a newer “secure” browser supporting an older, unpatched vulnerability, unfixed for over 200 days, mean we're more secure now?