Interestingly, individually the bugs have received “low” severity ratings, meaning that more critical flaws will be addressed first. However, as stated on the blog yesterday, used together they could equal something more:
UPDATE 06/05/2007 2:27 PDT: These two bugs may be used together to allow an attacker to access any file the user has access to on the system. If this is the case, that may change the severity rating to Medium.
It is nice to have developers working so openly with the community, rather than having a team “behind the scenes” that has no apparent contact with the outside world. Microsoft has not commented on when the issues with IE7 or IE6 will be addressed.