Microsoft released six security patches yesterday (it was Tuesday, for god’s sake – what did you suspect?).
Along with those patches, IE7 will be automatically rolled out. I hear IE7 is a bit tighter (although it still comes in behind Firefox on the anti-phishing front). Still, I wonder how the auto-update will effect everyone.
Secunia has found a bug in Internet Explorer 7, one that allows address bar spoofing that could lead to phishing exploits.
This must be a big mistake, as there is no way Microsoft can blame some other software for the issue.
Internet Explorer 7 came out, and security experts were quick to jump on it. Flaws were immediately found, and now Microsoft is backpedalling like a bunch of politicians.
“These reports are technically inaccurate: the issue concerned in these reports is not in Internet Explorer 7 (or any other version) at all. Rather, it is in a different Windows component, specifically a component in Outlook Express. While these reports use Internet Explorer as a vector the vulnerability itself is in Outlook Express.”
The company must obviously be doing their IE development on Linux, where Outlook Express is nowhere to be found.