As of Thursday, Microsoft says it's not aware of any attacks trying to take advantage of the bug.
Microsoft on Thursday downplayed an address spoofingbug in its new Internet Explorer 7 browser -- the second flaw disclosed since the application launched last week -- but said it would investigate.
Wednesday, Danish vulnerability tracker Secunia alerted users that a spoofing attack -- where a bogus site seems to have a legitimate address -- can be conducted against IE 7. "This is the kind of spoofing vulnerability which IE7 was supposed to be better at protecting," said Thomas Kristensen, Secunia's chief technology officer, on Wednesday. Secunia rated the flaw as "Less critical," the second-lowest ranking in its five-step scale.
"We're not aware of any attacks that are attempting to use this," said Christopher Budd, security program manager at Microsoft's Security Response Center (MSRC), on the group's blog. "But as always we will continue to monitor the situation throughout our investigation."
Budd recommended that suspicious users review the complete URL in IE 7's address bar. "Now, while the full URL is actually present in the address bar, the left part of the URL is not initially displayed," he said. "But, you can see the full URL if you either click in the browser window or in the address bar and then scroll within the address bar."
He also reminded users that IE 7's new anti-phishing feature should help protect against sites that might use the exploit.
The Business of Going DigitalDigital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
What The Business Really Thinks Of IT: 3 Hard TruthsThey say perception is reality. If so, many in-house IT departments have reason to worry. InformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business views IT's performance in delivering services - and, more important, powering innovation. The news isn't great.