Microsoft confirms first (URL spoofing) security flaw in IE7

Microsoft confirms first (URL spoofing) security flaw in IE7


Microsoft on Thursday issued a warning against a vulnerability in its Internet Explorer 7 browser that could allow attackers to spoof the address of a website.

The flaw is related to how URLs are displayed in the address bar. An attacker could exploit the flaw by making a user click a specially formed link on an untrusted website or in an untrusted e-mail that would launch a pop-up window. The attacker could then forge the URL for the pop-up, for instance to make it look like a log-in window for an online bank. The URL of the phishing site will still be available, but is pushed outside the visible area of the window and can be seen either by clicking in the browser window or in the address bar and then scrolling within the address bar.

Danish security vendor Secunia published details of the vulnerability on its website on Wednesday. The company rated the vulnerability as "less critical", the second step on its five step security severity rating.

The flaw is the first published vulnerability in the Internet Explorer 7 browser that was launched last week. An IE7 vulnerability that Secunia published last week turned out to affect an Outlook component rather than Internet Explorer.

Microsoft recommends users to follow security best practices and refrain from entering confidential information on a website that doesn't offer an SSL certificate. You can learn how to recognize spoofed Web sites here.

The company also pointed that IE7's new anti phishing technology "Microsoft Phishing Filter" can help prevent any phishing sites attempting to exploit this issue in a couple of ways. The Phishing Filter’s browser-based heuristics analyze web pages in real time and then warn you about suspicious characteristics if it finds any on the page.

Another way the Phishing Filter can help protect you is through the online service. If a site that attempts to exploit this issue is reported to Microsoft and confirmed to be a phishing site, it will be added to the Microsoft Phishing Filter’s online service and it will be flagged as a phishing site when viewed in IE7. The Microsoft Phishing Filter online service helps to update the database of phishing websites fairly quickly as and when they are reported and confirmed. As sites are added to the online service, this information is made available to all users running IE7 which provides protection quickly.

You can report a site you suspect as a phishing site in the IE7 Tools menu under Phishing Filter by clicking on Report this website. You can also report a site that is flagged as suspicious you believe is a phishing site by clicking the Report this website link in the IE7 warning badge.

Note that you’ll need to make sure to “opt-in” to use the Phishing Filter.

Microsoft is still investigating and shall take appropriate steps to correct the flaw in the meanwhile.