Since this is my first post, I suppose a quick introduction is in order. I’m Bill Sisk, a member of the Security Response Communications Team. My team works to provide communications around security response issues to our customer through MSRC Blogs and other outreach vehicles.
As part of that I wanted to let people know that we just posted Microsoft Security Advisory 943521, which gives additional information about a vulnerability in the way Microsoft Windows XP SP2 and Windows 2003 SP1 and SP2 handle URI’s when only Internet Explorer 7 installed. Windows Vista is not affected by this vulnerability. At this time, we are not aware of attacks attempting to use the reported vulnerability, but we are tracking this issue through our Software Security Incident Response Process and working on a security update to resolve it.
Additionally in a blog entry that will follow this Jonathan Ness of the SWI Team will provide some additional details around this vulnerability.
As always, we’ll continue to monitor the situation and provide updates to the advisory and MSRC Blog should the situation change or we become aware of new information.
Thanks.
Bill
*This posting is provided “AS IS” with no warranties, and confers no rights.*