You are here: silicon.com > Software > Security Strategy

Security Strategy

Microsoft probing holes in Vista, IE 7

Risky business...

Tags: vista, ie 7, flaws, bugs

Printer Friendly Email Story RSS

By Joris Evers

Published: 27 February 2007 08:35 GMT

Microsoft is investigating two recently disclosed security vulnerabilities that affect Internet Explorer 7 and Windows Vista.

The vulnerabilities aren't considered high-risk, yet they affect the latest releases of Microsoft's web browser and operating system software, said Redmond. Microsoft has promoted the security of both IE 7 and Windows Vista. The flaws could let attackers get their hands on sensitive user information, security experts have warned.

The French Security Incident Response Team (FrSirt) said in an alert that the IE vulnerability, which also affects IE 6, could be exploited in phishing attacks. The problem exists because of an error in the way the browser handles certain "onunload" events, the security monitoring company said. Attackers could exploit the issue to spoof the browser address bar, FrSirt said.

The Windows issue is due to a problem with a component that does not properly validate user permissions. This could be exploited by an attacker with access to the machine to get information on protected files, according to a second FrSirt alert. The problem affects Windows Vista, XP, 2000 and Windows Server 2003, FrSirt said.

Microsoft is looking into both vulnerabilities, which were made public last week. Neither of the flaws has been used in any attacks and exploiting the issues is difficult, a company representative said.

The IE flaw could only be exploited if an attacker were to lure a victim to a malicious website and then persuade the user to enter the address of a trusted site into the address bar. Microsoft said: "Customers can avoid this attack by opening and using a new instance of IE before visiting an untrusted site."

The Windows problem, aside from requiring the attacker to be logged on to the vulnerable computer, appears to only expose file information, not the actual contents of the file, Microsoft said.

Upon completion of its investigations, Microsoft may issue a security advisory or provide security updates through its monthly patch process, the representative said.

Joris Evers writes for CNET News.com

Add Comment Add comment  Printer Friendly Print story with   Email Story Email story  
In
Applications

Operating Systems

SOA/Web Services

Malware

Security Strategy


Related Links

Three dire Windows holes patched

Redmond patches Windows, Office flaws

Microsoft has security dozen in the oven

Microsoft patches 20 holes - none affecting Vista

Zero-day attack strikes Office

More flaws: Bugs hit Firefox, IE

  1. Zones
  2. Management
  3. Networks
  4. Software
  5. IT Services
  6. Hardware
  1. Verticals
  2. Public Sector
  3. Financial Services
  4. Retail & Leisure

Peter Cochrane Peter Cochrane's Blog: Is convergence a fiction? Or could it finally be happening…

Clive Longbottom Quocirca's Straight Talking: A game of two halves Microsoft Virtualisation scores while its SOA bores...

Viacom vs Google: YouTube privacy fears

Google Talk finds a home on iPhone

ePassport upgrade scaled back

Barclays gives online users free security software

Probe into loss of 21,000 hospital patient details

Zittrain: Android holds the key to free future


  • Jobs
WINDOWS VISTA SUPPORT - CENTRAL LONDON - 25K

An IT Support Engineer who will be responsible for supporting Windows Vista is required for an SME in Central London. Windows Vista and Office 2007 ...

Senior Windows Engineer server 2003-2008 Investment banking city based

Experience of Windows 2000, Windows Server 2003 and Windows Server 2008 is essential, knowledge of Windows XP and Windows Vista would be beneficial. ...

UK Sales Manager - AIDC/Bar-coding - Home based - to 40K / 65K OTE

Bar-coding? The person we are urgently seeking will possess: - UK based, but Belgium or France-based would be considered - Excellent technical skills ...

CIO50 2008
The silicon.com CIO50 2008 profiles the most influential and innovative tech chiefs in the UK across all industries and organisation size, from the biggest FTSE100 companies to high growth dot-com start ups and the public sector. The list was voted on by the UK CIO community and a panel of experts. Find out more in our latest special report.

College classrooms go high-tech

Travis Perkins builds its tech future

Thin clients switch on digitally excluded

MSDN Webcast: Demystifying Office Business Applications for the Developer (Level...

Understanding SOA and Business Mashups: Automate. Coordinate. Collaborate. No coding...

Tips and Tricks for Office 2007

MSDN Webcast: Demystifying Office Business Applications for the Business Analyst...

Stories from the web...


Peter Cochrane's Video Blog: Power outrage

Business agility through flexible IT

What are you really saying?


London data centres hit by credit crunch

Ofcom: Mobile broadband driving interest in fibre

3G iPhone to storm enterprise world, says O2

MoD IT - late and over budget

Terrorists turning to tech, warns gov't




Quick Sitemap Links: