Microsoft just released Internet Explorer 7 after a long, long five year wait since the last release. I was going to make a snarky joke about the first bug being discovered right away. But I never got the chance.
Despite the deepening of Microsoft's security measures, less than 24 hours after the company's announcement that IE7 had been released, the browser's first vulnerability was reported by security firm Secunia.
According to the company's advisory, the flaw is rated as "less critical," because it does not allow attackers to gain control of a system. However, it does put users at risk for exposure of system and personal information, according to Secunia chief technology officer Thomas Kristensen.
"This is a vulnerability that was in IE6 which Microsoft apparently decided not to patch," he said. "It was a surprise to us to see it wasn't fixed."
The vulnerability allows malicious hackers to sneak code onto users' computers, such as keylogging programs, or to monitor their activity. Because of that, it could be used in phishing scams, Kristensen noted.
"Microsoft has to reconsider this one," he said. "It's not critical because it can't compromise a system, but it is still a potent way to get information off the system of an unsuspecting user."
I 'spect I'll wait a spell afore I jump to install it.