After a Black Hat presentation called the potential of RSS feeds as an attack vector into question, Microsoft described steps they have taken to mitigate this.

RSS offers some distinct advantages over email. Being an opt-in only method, it eliminates the potential for external spammers to jam up one’s feed reader with useless messages, as happens with email inboxes.

Should a feed be compromised, as was discussed at Black Hat in a session on RSS security, the attacker could hit thousand of subscribers with a malicious payload almost instantly.

That presentation also picked on web-based RSS readers, citing their vulnerability to SQL injection, command execution, and DoS attacks. These are scenarios that Microsoft wants to eliminate before they become a reality.

In the Team RSS Blog, Walter vonKoch of Microsoft wrote of how the company has considered potential issues in IE7 and the Windows RSS Platform. They have worked on ways to thwart possible threats from scripts in feeds.