iTnews
  • Home
  • News
  • Technology
  • Security

Attackers take aim at IE7 flaw

By Shaun Nichols
Oct 30 2007 2:15PM
Follow google news

Microsoft is warning users to avoid suspicious websites and emails after attacks were reported on an unpatched flaw in Internet Explorer 7.

Attackers take aim at IE7 flaw
The company would not provide exact figures, but said that a "limited number " of attacks had been reported.

The attacks target a vulnerability in IE7's handling of the uniform resource indicator (URI) commands used by browsers to launch third-party applications.

Microsoft disclosed the vulnerability on 10 October, explaining that it arises when the browser fails to check malformed URI instructions in Windows XP and Server 2003. Windows Vista is not believed to be vulnerable.

Security firm Secunia rated the vulnerability as 'highly critical', the fourth of its five severity levels.

Microsoft Security Response Center team member Bill Sisk told users in an article posted to a company blog that a fix is in development, but could take some time owing to the nature of the vulnerability.

Executing an attack on the vulnerability involves using the 'ShellExecute' command that Windows calls up to load applications.

Because the component is such a vital part of Windows, Sisk said that Microsoft is taking extra care to ensure that a security fix will not damage the operating system.

In the meantime, Microsoft and Secunia recommend that users avoid untrusted or suspicious links and websites and avoid opening attachments in unsolicited emails.

Add iTnews as your trusted source

Add iTnews As Your Trusted Source Add iTnews As Your Trusted Source
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:
aimatattackersflawie7securitytake

Related Articles

  • Marathon OAIC investigation finds Optus breached 51,000 customers' privacy Marathon OAIC investigation finds Optus breached 51,000 customers' privacy
  • US gov shortens cyber fix window to three days US gov shortens cyber fix window to three days
  • Anthropic releases Mythos-class model for public use Anthropic releases Mythos-class model for public use
  • Apple bumps up security in fresh operating system releases Apple bumps up security in fresh operating system releases
Join our WhatsApp Channel

Partner Content

AI is delivering business value today
Partner Content AI is delivering business value today
You meet the security standard. Shame no one can see it
Promoted Content You meet the security standard. Shame no one can see it
Agile isn’t the problem: why projects still fail, and what’s missing
Partner Content Agile isn’t the problem: why projects still fail, and what’s missing
Why resilient communications are becoming critical infrastructure for modern enterprise IT
Promoted Content Why resilient communications are becoming critical infrastructure for modern enterprise IT

Sponsored Whitepapers

When cyber risk has no clear owner: A practical guide for senior Australian business leaders
When cyber risk has no clear owner: A practical guide for senior Australian business leaders
Agile in the AI Era: why projects still fail
Agile in the AI Era: why projects still fail
When Technology Becomes the Blocker: Unlocking Real Outcomes from AI and Cloud
When Technology Becomes the Blocker: Unlocking Real Outcomes from AI and Cloud
High-volume data sources for AI-driven security analytics
High-volume data sources for AI-driven security analytics
How healthcare organisations can get more value from cloud
How healthcare organisations can get more value from cloud

Events

  • iTnews State of Security Breakfast iTnews State of Security Breakfast
  • iTnews State of Data & AI Breakfast iTnews State of Data & AI Breakfast
  • Forrester's AI Forum Sydney Forrester's AI Forum Sydney
  • The 2026 iAwards The 2026 iAwards
  • Integrate 2026 Integrate 2026
Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Anthropic opens Claude Mythos Preview AI program to Australia

Anthropic opens Claude Mythos Preview AI program to Australia
Defence says Palantir is "sandboxed" in its environment

Defence says Palantir is "sandboxed" in its environment
Services Australia describes fraud, debt-related machine learning use cases

Services Australia describes fraud, debt-related machine learning use cases
Researchers build self-replicating AI worm with BYO LLM

Researchers build self-replicating AI worm with BYO LLM
techpartner.news logo
Sydney-based AI-cloud waste startup raises $3m
Sydney-based AI-cloud waste startup raises $3m
Brennan uses NiCE to modernise its contact centre
Brennan uses NiCE to modernise its contact centre
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Interactive introduces private cloud platform
Interactive introduces private cloud platform
Digital61 expands cybersecurity portfolio
Digital61 expands cybersecurity portfolio
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.