Microsoft has hit back at claims that the brand new version of Internet Explorer, released yesterday, already has a security hole.
It is not a hole in Explorer 7, the software giant has complained, it's a hole in the Outlook Express email client, wrongly recognised.
The flaw could be used in phishing attacks to read sensitive information from the Explorer browser, security company Secunia warned yesterday. The company first reported the problem with version 6 of the browser in April and found that it could be reproduced on version 7 as well. Secunia does not consider the problem to be critical, but it was widely reported because its discovery came so soon after version 7's launch.
Stealing Microsoft's thunder was also likely to spark a response, and it did so. "These reports are technically inaccurate," said Microsoft's security program manager Christopher Budd in a blog posting. "The issue concerned in these reports is not in Internet Explorer 7 (or any other version) at all."
One security researcher said he was surprised that Microsoft had apparently not informed Secunia of the nature of this bug back in April, when it was first disclosed. "They reported this in April," said Secure Network SRL CTO Stefano Zanero. "Microsoft should have investigated then and should have already reported the bug to be not in IE. How was Secunia supposed to know?"
A spokesman with Microsoft's public relations agency could not say what response Microsoft had made to Secunia's first report of the problem back in April. "All I can tell you is that the blog is the latest and greatest information we have to share," he said.
Original reporting by IDG News Service