The good news: it's not an IE7 vulnerability. The bad news?

SANS Internet Storm Center, InfoCON: green is reporting New Internet Explorer and an old vulnerability, (Fri, Oct 20th). “As you probably know by now, Microsoft yesterday released the final version of Internet Explorer 7 …”

There was a great flap as Secunia grabbed the headlines by claiming that they had found a vulnerability in IE7. Not so, claims Microsoft! The vulnerability is in Outlook Express, installed by default on all Windows installations. And the flaw is a known one, seven months old. And it's unpatched.

So, how does a newer “secure” browser supporting an older, unpatched vulnerability, unfixed for over 200 days, mean we're more secure now?


No comments yet.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Powered by WordPress. Designed by Woo Themes

This work by Ted Roche is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 United States.