You are here: silicon.com > Software > Security Strategy

Security Strategy

Microsoft probing holes in Vista, IE 7

Risky business...

Tags: vista, ie 7, flaws, bugs

Printer Friendly Email Story RSS

By Joris Evers

Published: 27 February 2007 08:35 GMT

Microsoft is investigating two recently disclosed security vulnerabilities that affect Internet Explorer 7 and Windows Vista.

The vulnerabilities aren't considered high-risk, yet they affect the latest releases of Microsoft's web browser and operating system software, said Redmond. Microsoft has promoted the security of both IE 7 and Windows Vista. The flaws could let attackers get their hands on sensitive user information, security experts have warned.

The French Security Incident Response Team (FrSirt) said in an alert that the IE vulnerability, which also affects IE 6, could be exploited in phishing attacks. The problem exists because of an error in the way the browser handles certain "onunload" events, the security monitoring company said. Attackers could exploit the issue to spoof the browser address bar, FrSirt said.

The Windows issue is due to a problem with a component that does not properly validate user permissions. This could be exploited by an attacker with access to the machine to get information on protected files, according to a second FrSirt alert. The problem affects Windows Vista, XP, 2000 and Windows Server 2003, FrSirt said.

Microsoft is looking into both vulnerabilities, which were made public last week. Neither of the flaws has been used in any attacks and exploiting the issues is difficult, a company representative said.

The IE flaw could only be exploited if an attacker were to lure a victim to a malicious website and then persuade the user to enter the address of a trusted site into the address bar. Microsoft said: "Customers can avoid this attack by opening and using a new instance of IE before visiting an untrusted site."

The Windows problem, aside from requiring the attacker to be logged on to the vulnerable computer, appears to only expose file information, not the actual contents of the file, Microsoft said.

Upon completion of its investigations, Microsoft may issue a security advisory or provide security updates through its monthly patch process, the representative said.

Joris Evers writes for CNET News.com

Add Comment Add comment  Printer Friendly Print story   Email Story Email story   RSS
In
Applications

Operating Systems

SOA/Web Services

Malware

Security Strategy


Related Links

Three dire Windows holes patched

Redmond patches Windows, Office flaws

Microsoft has security dozen in the oven

Microsoft patches 20 holes - none affecting Vista

Zero-day attack strikes Office

More flaws: Bugs hit Firefox, IE

  1. Zones
  2. Management
  3. Networks
  4. Software
  5. IT Services
  6. Hardware
  1. Verticals
  2. Public Sector
  3. Financial Services
  4. Retail & Leisure

Naked CIO Naked CIO: Should you monitor staff? Somebody's watching you

Elinor Mills Why 1970s hackers had 'whiz kid' status Q&A: Kevin Mitnick - blackhat hacker turned good guy

SMS flaw leaves iPhone vulnerable to attack

ID cards: 'A project nobody wants and the nation can't afford'

IT security training now the 'substantial' task of GCHQ

PayPal techies hit fraudsters where it hurts

SMEs on target list for UK cyber attack group


  • Jobs
Field Desktop IT Engineer Active Directory, PC/Laptop, XP/Vista

To be considered for this role strong you MUST have strong PC/Laptop hardware and Windows XP/Vista/MS Office troubleshooting skills coupled with a ...

Deployment Scheduler

My client is upgrading 150,000 computers to Vista & Office 2007 from Windows 2000. This upgrade is being delivered by the Vista & Office 2007 ...

DX10 Senior Driver Design Engineer (GP78)

The RoleOverview DescriptionTo work as part of a team responsible for developing driver software for next generation graphics hardware and other ...

Agenda Setters 2008
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.

The Financial Close: Optimizing Performance and Driving Financial Excellence

Enterprise Performance Management - Financial Excellence and Beyond

A complete view of the enterprise

Making the Business Case for HR Investments

Martin Brokers cashes in on back-up swap

VocaLink makes virtualisation pay

Sony Pictures sets sights on best IT Oscar

Co-op Group kicks "server sprawl" into touch

Arts Council gets tech troubleshooting boost

Torex tech treats Thorntons to quicker sales

Stories from the web...


Large Hadron Collider's grid gets stressed

Heatwave? No sweat for CIOs

Has in-flight entertainment got wings in the iPod era?

MoD inks £231m deal to boost comms

Take a trip to the future of air travel

Orange launches managed videoconferencing




Quick Sitemap Links: