IT Management Begins With Security
SecurityProNews > News > Security News > Secunia Refutes Microsoft IE7 Argument
Search:
[ news_security_news ]

Secunia Refutes Microsoft IE7 Argument



David Utter
Staff Writer
2006-10-20

SecurityProNews: News RSS Feed Security News RSS Feed


Microsoft's contention that the vulnerability reported by advisory firm Secunia exists because of an issue in Outlook Express drew a strong response from Secunia's CTO Thomas Kristensen.

As we noted earlier today, Microsoft claimed the IE7 flaw involving mhtml redirection only looked like a problem with Internet Explorer. Christopher Budd claimed it was really an issue with Outlook Express.

Kristensen took issue with what he described as a long time Microsoft policy of "tagging various vulnerabilities where IE was the primary or only attack vector as operating system vulnerabilities":

This may be true - from an organizational point of view within Microsoft. However, the vulnerability is fully exploitable via IE, which is the primary attack vector, if not the only attack vector.

Just because a vulnerability stems from an underlying component does not relieve IE or any other piece of software from responsibility when it provides a clear direct vector to the vulnerable component.
Kristensen stood behind Secunia's advisory and categorization of the issue as a problem with IE7, and criticized Microsoft for passing the blame off to other components:

Hiding behind an explanation that certain vulnerabilities, which only are exploitable through Internet Explorer, are to blame on Outlook Express, Microsoft Windows, or other core Microsoft Windows components seems more like a way to promote security of IE rather than standing up and explaining the users where the true risk is and taking responsibility for the vulnerabilities and risks in IE, which are caused by IE being so heavily integrated with the underlying operating system and other Microsoft components.


---
Tags: , ,

Add to Del.icio.us | Digg | Yahoo! My Web | Furl

Bookmark SecurityProNews




About the Author:
David Utter is a business and technology writer for SecurityProNews, WebProNews, and InternetFinancialNews.

More news_security_news Articles

SecurityProNews: News RSS Feed Security News RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Contact Us | Advertise | Newsletter Archive | Sitemap | Submit an Article | News Feeds
SecurityProNews is an iEntry, Inc.® publication - 1998-2008 All Rights Reserved | Privacy Policy and Legal		 Join the WebProWorld Forums: Click Here
Virus Warnings

Subscribe to
SecurityProNews FREE!


[ more newsletters ]

Featured On:
article resources
Search Articles:
[advanced search]

WebProWorld.com
Get in-touch with industry experts and leaders
Post your site for review by expert and peers
Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com
SecurityProNews.com | Breaking eBusiness News Get Your IT Questions Answered - Click Here SecurityProNews News Feeds