Bickering Over Vulnerability in Internet Explorer 7
Via heise Security.
The first vulnerability in Internet Explorer 7, reported yesterday (Thursday), which has been known in IE6 for 6 months has given rise to bickering. Microsoft has now issued its first public response. It claims that the problem lies in neither Internet Explorer 6 nor Internet Explorer 7, despite the fact that the demonstration of the vulnerability uses these browsers as its attack vector. The fault lies with an Outlook Express component in Windows - Microsoft is looking into the matter.
Thomas Christensen, CTO of Secunia, gave his response to heise Security, "Just because a vulnerability stems from an underlying component does not relieve IE or any other piece of software from responsibility when it provides a clear direct vector to the vulnerable component."
For some time Microsoft has pursued a policy of categorising every imaginable security vulnerability as a vulnerability in the operating system, for which Internet Explorer is the primary or only attack vector. This causes confusion and can lead users and administrators to underestimate the seriousness of a problem.
More
here.
0 Comments:
Post a Comment
<< Home