Risky business...
By Joris Evers
Published: 27 February 2007 08:35 GMT
Microsoft is investigating two recently disclosed security vulnerabilities that affect Internet Explorer 7 and Windows Vista.
The vulnerabilities aren't considered high-risk, yet they affect the latest releases of Microsoft's web browser and operating system software, said Redmond. Microsoft has promoted the security of both IE 7 and Windows Vista. The flaws could let attackers get their hands on sensitive user information, security experts have warned.
The French Security Incident Response Team (FrSirt) said in an alert that the IE vulnerability, which also affects IE 6, could be exploited in phishing attacks. The problem exists because of an error in the way the browser handles certain "onunload" events, the security monitoring company said. Attackers could exploit the issue to spoof the browser address bar, FrSirt said.
The Windows issue is due to a problem with a component that does not properly validate user permissions. This could be exploited by an attacker with access to the machine to get information on protected files, according to a second FrSirt alert. The problem affects Windows Vista, XP, 2000 and Windows Server 2003, FrSirt said.
Microsoft is looking into both vulnerabilities, which were made public last week. Neither of the flaws has been used in any attacks and exploiting the issues is difficult, a company representative said.
The IE flaw could only be exploited if an attacker were to lure a victim to a malicious website and then persuade the user to enter the address of a trusted site into the address bar. Microsoft said: "Customers can avoid this attack by opening and using a new instance of IE before visiting an untrusted site."
The Windows problem, aside from requiring the attacker to be logged on to the vulnerable computer, appears to only expose file information, not the actual contents of the file, Microsoft said.
Upon completion of its investigations, Microsoft may issue a security advisory or provide security updates through its monthly patch process, the representative said.
Joris Evers writes for CNET News.com
Skills Required High level of written and spoken communication In depth understanding of Microsoft Active Directory In depth understanding of ...
You will need to have very strong Windows 2000 Professional, Windows XP Professional and Windows Vista skills and be confident in completing all user ...
Day-to-day responsibilities would include: Desktop support troubleshooting (Windows Vista, Mac OSX, windows AD architecture) Manage and oversee ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Digg
Slashdot
Del.icio.us
Stumble
Reddit
RSS Feeds
Clive Longbottom Windows 7: Not perfect - but ready for prime time Microsoft's latest OS fixes most of Vista's ills - but still has challenges ahead
Stephen Kleynhans Mind the details with Windows 7 Just because it might work better than Vista, it doesn't mean you can be sloppy