Skip Navigation


 UCLA Directory Map Calendar  
UCLA ASTF Applied Security Task Force Contact: safecomputing@ucla.edu
SECURITY at UCLA
ASTF MEMBERS
POLICIES
ALERTS
BULLETINS
FAQ
PROJECTS
SECURITY TOOLS
UC SECURITY
 
 
  Advisories Microsoft Internet Explorer V. 7 (8-16-2006)

 

Microsoft Internet Explorer V. 7 (8-16-2006)

Microsoft has announced its plans to distribute the Internet Explorer 7 (IE7) Web browser as a "high priority" upgrade. As such, IE7 is considered a critical security patch, covered under the UCLA “Minimum Security Standards for Network Devices,” which states that all devices connected to the campus network must have “all currently available security patches installed.”

IE7 alleviates a number of serious security flaws found in IE6 but it also introduces a few new ones of its own. Furthermore, while IE7 enables a number of significant security enhancements, it may be initially unsuitable for some applications on campus. Therefore, we recommend that each browser application be tested using the Internet Explorer 7 browser (available from the Microsoft website) before allowing Windows’ Automatic Update to force its installation.

Some of the differences between IE6 and IE7 include:

  1. HTTPS traffic passing through the new browser uses TLSv1 for encryption instead of SSLv2. If an application or site requires SSL and cannot support TLS, it mill not work properly with the new browser using the default settings.
  2. Plug-ins and browser add-ons require explicit user consent to install using the IE7 browser.
  3. The look and feel of the browser is significantly different. For example, tabs are now used similarly to the Firefox browser. Some features may make sites display improperly.
  4. Site blocking by classifications are a security feature as well as known reported "phishing" sites as defined by Microsoft.

UCLA policy allows for exceptions to the general policy if particular patches compromise the usability of critical applications. If it is determined that an application cannot be migrated to IE7, it can remain on the campus network if the exception is documented and kept on file by the Connectivity Service Provider.

It should be pointed out that Internet Explorer 7 is an integral part of Microsoft’s next release of Windows so applications should be adapted whenever possible to function with the new IE7.

Ross Bollens
Director, IT Security
Office of Information Technology

 

 



safecomputing@ucla.edu