With Microsoft’s release of Internet Explorer 7 yesterday some problems were inevitable and Barron’s Eric Savitz reports that Reuters has grabbed first dibs on the application incompatibility category:
Reuters yesterday e-mailed a rather alarming sounding message to users of its desktop software products, advising them not to install Microsoft’s (MSFT) Internet Explorer 7.0 browser software. The notice said that there are “many issues that surround the support of this new release with your Reuters desktop solutions.” And they had a warning to offer:
Reuters will not support Internet Explorer 7.0 for any Reuters product deployed on the desktop for the foreseeable future
Reuters desktop products will not function with Internet Explorer 7.0
This is not a Reuters unique issue. Throughout the software industry, support for this release is a major issue
The Reuters Support Center (RSC) cannot assist any client with removing Internet Explorer 7.0 or downgrading from Internet Explorer 7.0 to 6.0.
Maybe Reuters didn’t get the news that IE7 was on the way? More seriously, expect a bunch more similar stories from vendors who weren’t particularly proactive in testing and accommodating IE7 although not supporting “for the foreseeable future” seems a bit drastic. Also many large businesses will have internal holds on IE7 installations until they can confirm the compatibility of their internal applications.
And, of course, what would a browser be without a security vulnerability? IE7 may only be 24 hours old, but it has got one already:
Less than 24 hours after the launch of Internet Explorer 7, security researchers are poking holes in the new browser.
Danish security company Secunia reported today that IE7 contains an information disclosure vulnerability, the same one it reported in IE6 in April. The vulnerability affects the final version of IE7 running on Windows XP with Service Pack 2.
If a surfer uses IE7 to visit a maliciously crafted Web site, that site could exploit the security flaw to read information from a separate, secure site to which the surfer is logged in. That could enable an attacker to read banking details, or messages from a Web-mail account, said Thomas Kristensen, Secunia’s chief technology officer.
It’s not particularly easy to exploit, but it’s the thought that counts. The Secunia advisory is here.
Update: While we’re on the subject it’s worth mentioning again that IE7 will be made available by Automatic Update on November 1 and Tony Chor at Microsoft’s IEBlog summarizes the ways you or organization can ” just say no.”
Update: Microsoft says that technically the defect reported by Secunia is an Outlook Express flaw – it’s just that the browsers can be used to exploit it.