 |
 |
 |
|
| SecurityProNews > Insider Reports > Insider > Microsoft Battles IE7 Reports, McAfee Complaints |
[ insider_reports_insider ]Microsoft Battles IE7 Reports, McAfee Complaints
David Utter Staff Writer 2006-10-20  Insider Reports RSS Feed
The launch of Internet Explorer 7 soon saw a followup advisory that a vulnerability had been found in the browser, which Microsoft disputed. That was promptly followed by some heated rhetoric from security firm McAfee over Vista security.
Plenty of techies were cackling when an advisory of a problem with IE7 appeared within a day of the new browser's official release. That report from the Secunia advisory firm rated the vulnerability "less critical" and described how it works: The vulnerability is caused due to an error in the handling of redirections for URLs with the "mhtml:" URI handler. This can be exploited to access documents served from another web site.
Secunia also published a link to a proof-of-concept test that IE7 users can click to see the flaw in action. Microsoft has come back and claimed that the issue is not a problem with IE7. A post from Christopher Budd at Microsoft's Security Response Center blog said they are investigating the issue, which Budd claimed is not a problem with IE7: These reports are technically inaccurate: the issue concerned in these reports is not in Internet Explorer 7 (or any other version) at all. Rather, it is in a different Windows component, specifically a component in Outlook Express. While these reports use Internet Explorer as a vector the vulnerability itself is in Outlook Express.
While we are aware that the issue has been publicly disclosed, we're not aware of it being used in any attacks against customers. There are attacks against Microsoft taking place, just not of the vulnerability exploit variety. The company has been criticized for its approach to cooperating with third-party security vendors like McAfee and Symantec, two of the biggest names in the field. McAfee has not been pleased with the pace of Microsoft's cooperation on Vista, which CEO Steve Ballmer had suggested would begin to take place. Christopher Thomas, a partner at Lovells that is serving as McAfee's outside litigation counsel in Brussels, delivered the latest barrage: "Despite pledges, press conference and speeches by Microsoft, the community of independent security companies that consumers rely on for computer protection has seen little indication that Microsoft intends to live up to the promises it made last week," said Thomas.
"We have been greatly disappointed by the lack of action by the company so far and Microsoft has not lived up, either in detail or in spirit, to the hollow assurances offered by their top management last week." Security companies have been concerned that Microsoft would try to promote its OneCare computer protection package with Vista, and shut out companies that have flourished by protecting PC users against threats to Microsoft's operating systems. Marc Maiffret of eEye said in a phone call that one version of Vista presented a user with the option to purchase a OneCare subscription right after logging in to Vista for the first time. If Microsoft ships Vista with that behavior in place, they are likely to encounter antitrust complaints since other companies would not have such premium placement alongside Microsoft's security option. UPDATE!: The Secunia advisory firm's CTO, Thomas Kristensen, has hit back at Microsoft's claims about this issue. Read about his comments here. --- Tag: Microsoft Add to  Del.icio.us |  Digg |  Yahoo! My Web |  Furl
Bookmark SecurityProNews - 
View All Articles by David Utter About the Author: David Utter is a business and technology writer for SecurityProNews and WebProNews. More insider_reports_insider Articles Insider Reports RSS Feed
|
|
 |
iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us |
 |
| Contact
Us | Advertise
| Newsletter
Archive | Sitemap
| Submit an
Article | News
Feeds SecurityProNews is an iEntry, Inc.® publication - 1998-2008 All Rights Reserved | Privacy Policy and Legal |
Join the WebProWorld Forums: Click Here |
|
|||||||||||||||||||||||||
