Patch Tuesday — IE7 Clean

jginspace writes "As per the advance notification, Microsoft's monthly security bulletin, released yesterday, addressed five general Windows issues and one in Visual Studio. It also included a fix for a problem in Outlook Express for a total of seven updates. As patch Tuesdays go it was fairly unremarkable. The only general Windows update labeled 'critical' is for a flaw in Media Player. As usual, there's a cumulative update for Internet Explorer, but significantly, the only versions of IE affected are 5 and 6. Version 7 is clean — which is welcome news in this first update since the upgrade was pushed to the world last month. Microsoft was silent on the two zero-day Word holes, one reported here and a new one. Sans is calling this 'Black Tuesday' and recommends patches be applied urgently for the Visual Studio and Media Player vulnerabilities. Sans is recommending the Heise Offline Update utility covered in a previous story."

Re:clean != free of "critical" updates

[Osty]

I fully assume that IE7's phishing filter, like Outlook 2003's Junk Mail Filter, will receive monthly updates from Microsoft to keep it up to date with the latest phising "heuristics".

Actually, IE7's anti-phishing technology is server-based. The judgement of a URL as "phish" or "non-phish" is done completely outside of your browser, outside of your own PC even, so there's no need for heuristic, signature, or filter updates to be pushed to users.

clean

[l3v1]

It's good to know, that if they don't release patches, that means IE7 is clean from bugs. I got all comfy and calm now.
 

IE7 not clean: Secunia shows 3 unpatched holes

[free2]

IE7 is not clean: Secunia shows there are 3 unpatched holes:
http://secunia.com/product/12366/?task=advisories_ 2006