MS: IE7 Flaw Really in Outlook Express

Microsoft responded Thursday to reports of the first exploit affecting Internet Explorer 7, which cropped up less than 24 hours after the browser's official launch. Christopher Budd from Microsoft's Security Response Center says the flaw lies not in IE7, but in an Outlook Express component.

This fact could explain why the problem first surfaced back in November 2003 and was found to affect IE6 last April. "While these reports use Internet Explorer as a vector the vulnerability itself is in Outlook Express," Budd said. Microsoft notes it has received no reports of any attacks against customers, but is investigating the situation and may release a patch if necessary.