And when I say that Internet Explorer 7 made it without a scratch into 2007, I am of course referring to the fact that Microsoft has yet to release a security patch for its latest browser version. In fact, according
to Microsoft, none of the first releases of Security Bulletins for 2007 made available yesterday, January 9, are designed to resolve vulnerabilities in Internet Explorer.
However, the vulnerability in Vector Markup Language Could Allow Remote Code Execution, addressed by the
MS07-004;
KB929969 security update is connected to Internet Explorer. Geoff Silva, an IE Program Manager explained why: "A Windows Security Update was released today for a vulnerability in the Windows VML (vector markup language) component that can result in remote code execution. Although this is not an IE code vulnerability, we feel it is important to mention that IE can be used as an attack vector for the exploit. We strongly recommend that you visit Microsoft Update or Windows Update to check for this and any other critical security updates required to protect your systems(s) from potential attacks."
"The Microsoft Windows Vector Markup Language Buffer Overrun Vulnerability on IE 5.01, IE 5.5, and IE 6.0 can be exploited via HTML content in either Web pages or emails. Microsoft has provided detailed workaround steps that can significantly decrease the chances of exploitation," commented Ben Greenbaum the manager of the DeepSight threat analysis team at Symantec.
However, unlike Mozilla which has already delivered Firefox 2.0.0.1 providing patches for eight security vulnerabilities affecting Firefox 2.0, if you are a Firefox user - as I am - you have already witnessed the update, Microsoft did not as yet release the first security patch for Internet Explorer 7.
MORE RELATED ARTICLES:
Free IE6 VPC Windows XP SP2 = a Microsoft Success
PoC Published for Internet Explorer 7 Vulnerability
Firefox 2.0 Continues to Grow in the Detriment of IE7
Remove the Search Box from Internet Explorer 7
Upgrade to IE7 Optimized for Google
284 Days – The Attack Window of IE in 2006
Internet Explorer Sinks Under 80%
God Save Internet Explorer
The First Internet Explorer 7 Vulnerability
Adobe Software and DEP Enabled in IE7