The new checks don't require IE7. The checks currently look for critical updates and if you're using IE7, the required updates adjust to reflect updates for ie6 only. For example, if you have ie7 installed, then you wouldn't be required to have the list of checks bound to ie6. From the pr_xp_hotfixes rule:
(pc_IE7_0|(pc_KB917344_MS06-023_XP&pc_KB923191_MS06-057_XP))
To pass this portion of the rule you must either have ie7 installed or "|" the following pc_checks which are part of the ie6 set of critical updates.
Simon
>>>
From: "Franklin, Elliott" <[log in to unmask]>
To: <[log in to unmask]>
Date: 11/13/2006 10:18 AM
Subject: Patch Tuesday Tomorrow - IE7
We are currently using a copy of the pr_XP_Hotfixes rule since we
discovered that it was FORCING users to upgrade to IE7. Any word on if
the current rule set is still requiring this upgrade? We would like to
enforce all critical Windows updates tomorrow but not require IE 7 as we
still have not approved it for our environment.
Thanks!
Elliott Franklin, CISSP
Information Security
Texas State University-San Marcos
http://www.vpit.txstate.edu/security
512.245.2501