In Microsoft does not believe the recent harvested hole in Internet Explorer 7 dangerous

Microsoft Corporation has for the second time refused to acknowledge vulnerabilities in the recently released seventh version of Internet Explorer.

This is the issue two years ago, identified as early as IE6 browser. A few days ago, a Danish company, Secunia issued a security bulletin, which reported that in Internet Explorer 7 hole is, in theory, allow attackers to gain unauthorized access to confidential data victim. In order to carry out the attack must compel the user to visit a specially created web page. If the browser is open to another site, an attacker can get access to the data contained in it.

Microsoft, however, does not believes that the problem is related to any vulnerability. Thus, Christopher Budd, Microsoft expert, in his blog notes that the attack could be carried out only if the user deliberately ignored safety, in particular, did not verify the authenticity udosuzhitsya vsplyvshego window.

However, in 2004, to protect against possible attacks Microsoft advised users still IE6 deactivate the option "Navigate sub-frames across different domains" (transition between frames across different domains). The seventh version of Internet Explorer, this feature is disabled by default. According to technical director Secunia Thomas Christensen, it is said that Microsoft has tried to solve the problem in the seventh version of the browser. Nevertheless, turn off Navigate sub-frames across different domains did not help that it is possible to take bug. In the same corporation, stressed Christensen, continue to argue that there is no any vulnerability. Christensen also notes that the issue had long been resolved in other browsers, in particular, Firefox and Opera.

This is the second time that Microsoft has denied information about the hole in Internet Explorer 7. Formerly called the corporation is technically inaccurate information about the vulnerability found in the browser later, a few hours after announcing it. According to Microsoft, a gap which could also be used by hackers to obtain unauthorized access to confidential data, is not contained in the browser, and in one of the components of Outlook Express mail client.