Internet Explorer 7 Makes It without a Scratch into 2007

And when I say that Internet Explorer 7 made it without a scratch into 2007, I am of course referring to the fact that Microsoft has yet to release a security patch for its latest browser version. In fact, according to Microsoft, none of the first releases of Security Bulletins for 2007 made available yesterday, January 9, are designed to resolve vulnerabilities in Internet Explorer.

However, the vulnerability in Vector Markup Language Could Allow Remote Code Execution, addressed by the MS07-004; KB929969 security update is connected to Internet Explorer. Geoff Silva, an IE Program Manager explained why: "A Windows Security Update was released today for a vulnerability in the Windows VML (vector markup language) component that can result in remote code execution. Although this is not an IE code vulnerability, we feel it is important to mention that IE can be used as an attack vector for the exploit. We strongly recommend that you visit Microsoft Update or Windows Update to check for this and any other critical security updates required to protect your systems(s) from potential attacks."

"The Microsoft Windows Vector Markup Language Buffer Overrun Vulnerability on IE 5.01, IE 5.5, and IE 6.0 can be exploited via HTML content in either Web pages or emails. Microsoft has provided detailed workaround steps that can significantly decrease the chances of exploitation," commented Ben Greenbaum the manager of the DeepSight threat analysis team at Symantec.

However, unlike Mozilla which has already delivered Firefox 2.0.0.1 providing patches for eight security vulnerabilities affecting Firefox 2.0, if you are a Firefox user - as I am - you have already witnessed the update, Microsoft did not as yet release the first security patch for Internet Explorer 7.