| By Mark Joseph Edwards |
There are no patches for two recently discovered Internet Explorer 7 security bugs, but you can defend against them.
Internet Explorer might cache sensitive data
By default, Internet Explorer 7 doesn’t cache Web pages accessed via Secure Sockets Layer (SSL) connections. However, Bill Knox of MITRE discovered that, in some cases, IE 7 might indeed cache sensitive data transmitted via SSL that it should delete automatically when the page closes.
Microsoft is aware of the problem but has no patch available. We’ll probably see a patch for the SSL glitch from the company sooner or later.
In the meantime, the workaround cited on CERT’s page is to delete the browser cache. According to CERT, the cache in question resides in the following directory, where yourname is your user name:
yournameAppDataLocalMicrosoftWindowsTemporary Internet FilesLow
To delete the cache, follow these steps: