Microsoft IE7 Released, First Vulnerability Reported

Elizabeth Millard, newsfactor.com
Thu Oct 19, 4:57 PM ET

Microsoft has released the latest revamp of its browser, Internet Explorer 7 for
Windows XP, more than five years after the previous version was made available. New features include an anti-fraud system to stop phishing attacks, tabbed browsing, improved printing capability, and RSS feed functions.

A number of beta versions have been available over the past year, and it has been reported that Microsoft made changes to the final version of IE7 based on user feedback. For example, a search feature that defaulted to Microsoft's own search engine has been tweaked so that users can choose their own default engine. Microsoft is promoting the user-driven changes on its Web page for the browser with the tagline, "We heard you: you wanted it easier and more secure."

The browser is available as a free download as of October 19, but it is expected that most people will begin using it when it comes as part of a Windows XP automatic update in November.

Browser Wars

The release of IE7 comes at a time when Microsoft still has the dominant browser on the market, although once-fledgling efforts like Firefox have considerably diminished its lead.

Indeed, security has been an issue for Microsoft, with IE6 suffering from a number of vulnerabilities over the past few years. In response, Microsoft is touting improved security features in IE7 as well as architecture changes that the company claims will protect users against malicious software, fraudulent sites, and online phishing scams.

Feeling Insecure

Despite the deepening of Microsoft's security measures, less than 24 hours after the company's announcement that IE7 had been released, the browser's first vulnerability was reported by security firm Secunia.

According to the company's advisory, the flaw is rated as "less critical," because it does not allow attackers to gain control of a system. However, it does put users at risk for exposure of system and personal information, according to Secunia chief technology officer Thomas Kristensen.

"This is a vulnerability that was in IE6 which Microsoft apparently decided not to patch," he said. "It was a surprise to us to see it wasn't fixed."

The vulnerability allows malicious hackers to sneak code onto users' computers, such as keylogging programs, or to monitor their activity. Because of that, it could be used in phishing scams, Kristensen noted.

"Microsoft has to reconsider this one," he said. "It's not critical because it can't compromise a system, but it is still a potent way to get information off the system of an unsuspecting user."

I know BA, I heard it on the news, its so awesome cool. I really want to get it!!!!! ;D :)

>.> uhhhh BA i have had IE7 for some time....and it was just released? wow

depending on where you are, that may have been a beta.. because MS had released long before its final release.. just like SP2 which had about 5..

and I don't care if this new release is so good, that it gave you a cookie for each site you went to..

Opera is still better, and is therefore my weapon of choice.

i use IE7 along with SP2 (you need SP2 for IE7 to operate)

and i say its pretty well good

never used pera before

i still use ie6 for somethings, but firefox for most stuff now, and i really don't feel like upgrading to a faulty browser anyway.

IE7 isn't faulty,it's actually quite useful.

ah yes it is i epecially like the features