Microsoft has acknowledged a security issue in both Vista and the new Internet Explorer 7, but does not consider the problem “high risk”.

The problem lies in a component that is not correctly validating identities, which means that users may have their private information, like credit card numbers, passwords, and social security numbers, “phished” or fraudulently taken.

To take advantage of the vulnerability hackers would need phyiscal access to the Vista PC to gain access to information in protected files. According to Microsoft, they may not actually be able to open the file itself, though they would be able to view the file information.

To make matters worse, the French Security Incident Response Team, who alerted Microsoft to the problem, said not only Vista users are susceptible to such attacks; the loophole could be exploited in Windows XP, 2000, and Server 2003 as well.

Microsoft says the best way to avoid such phishing is to simply open up a new Internet Explorer page every time you visit an untrusted web page.

Microsoft is expected to release a fix in one of its monthly patch updates soon.

---

Related:

Microsoft launches Internet Explorer 8 Beta

Microsoft’s new interoperability principles drive Internet Exporer 8 development

Internet Explorer 8 beta does not like Vista SP1

IE7 and Windows Mail in Vista to receive ‘critical’ fixes on Patch Tuesday

Vista users safe from PDF exploit present in Windows XP

Entry was posted on Tuesday, February 27th, 2007 at 9:11 am under Security, Vista.  Print This Post

Read more entries by The Blorge Team.