Less than a day after IE7 was released various and sundry pundits began to loudly proclaim that IE7 had a “major” vulnerability in it. Further it was described as a “new” vulnerability, and to the uneducated reader would seem to indicate that IE7 was less secure than it’s predecessor. FUD in action.

Sigh…

Okay, everyone, take a deep breath. Hold it, okay let it out slowly. It’s all right, the world is still there. And guess what, some people make a living spreading FUD. (Fear Uncertainty and Doubt) especially where Microsoft is concerned.

The “flaw” was reported by Secunia here it is actually on older flaw that is still present in IE6. It’s risk rating is very low. And according to Microsoft the vulnerability is not in IE but rather Outlook Express, although IE is used as a vector to exploit the vulnerability. (Now, I still consider that a vulnerability in IE no matter how you slice it.)

The point is this is a known exploit (shame on MS for not patching it yet) but not a new vulnerability and not one known to have been exploited in the wild. What all this amounts to is that MS bashers are once again attempting to impune all that MS has done to make the OS and it’s systems more secure, because it’s fun to beat up on MS.

In other words, there is no value add from these reports, they just strive to cause confusion, they don’t clearly identify the source of the issue, the risks involved or even deliver factual information. Anyone can take a poke at any major institution or person of interest. It’s our national pastime it seems, but I would respect someone a lot more for being clear, concise and factual than for casting FUD around.

Robert Porter