As of Thursday, Microsoft says it's not aware of any attacks trying to take advantage of the bug.
Microsoft on Thursday downplayed an address spoofingbug in its new Internet Explorer 7 browser -- the second flaw disclosed since the application launched last week -- but said it would investigate.
Wednesday, Danish vulnerability tracker Secunia alerted users that a spoofing attack -- where a bogus site seems to have a legitimate address -- can be conducted against IE 7. "This is the kind of spoofing vulnerability which IE7 was supposed to be better at protecting," said Thomas Kristensen, Secunia's chief technology officer, on Wednesday. Secunia rated the flaw as "Less critical," the second-lowest ranking in its five-step scale.
"We're not aware of any attacks that are attempting to use this," said Christopher Budd, security program manager at Microsoft's Security Response Center (MSRC), on the group's blog. "But as always we will continue to monitor the situation throughout our investigation."
Budd recommended that suspicious users review the complete URL in IE 7's address bar. "Now, while the full URL is actually present in the address bar, the left part of the URL is not initially displayed," he said. "But, you can see the full URL if you either click in the browser window or in the address bar and then scroll within the address bar."
He also reminded users that IE 7's new anti-phishing feature should help protect against sites that might use the exploit.
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.