WinXPSP2 IE 7 Security Zones - security concern

Giganews Newsgroups
Subject: WinXPSP2 IE 7 Security Zones - security concern
Posted by:  v2win (v2w…@discussions.microsoft.com)
Date: Wed, 28 Nov 2007

I recently noticed that in my Trusted Sites zone, there is an entry,
"HTTP://", with no further domain identifier.  I did not make this entry and
when I attempt to remove it, I get a system error beep and the entry is then
greyed out.

I checked a number of other WinXPSP2 machines in my network, all subject to
the same GPOs, and none of them have this entry. (NOTE:The subject machine is
a dual-boot with Vista Ultimate; the problem is absent from that instance of
IE 7 and from another instance of XPSP2 I have running under VPC 2004 SP1,
all on the same machine).

As a test, I uninstalled IE 7.  When the machine was rolled back to IE 6,
the entry was still there but I could delete it - or so it appeared. Upon
reopening IE after the apparent delete, the HTTP:// entry had reappeared.

Is this some kind of security attack? (possibly trying to wildcard all
websites as though they were trusted?).

Because the roll back to IE 6 did not solve the problem, I reinstalled IE 7
and the entry persists, with the same behaviour as before.

I ran a full system AV scan with up-to-the-minute AVG and no threats were
found.

Nevertheless, how can I remedy this problem?

--
V2

Replies