Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Google outs 'severe' Microsoft Edge vulnerability

28 Feb 2017   #1
GEWB

Linux (Mint is primary) / XP, Win7 Home / Win7 Pro, Ultimate / Win8.1 / Win10 archived VM
 
 
Google outs 'severe' Microsoft Edge vulnerability

From The Inquirer:

"GOOGLE PROJECT ZERO RESEARCHER Ivan Fratric has had enough of Microsoft not fixing a severe vulnerability in Microsoft Edge and blown a big whistle on it.

This is what Project Zero does. Fratric took the issue to Microsoft last year, and the firm failed to fix it within Google's deadline so the company has, naturally, made the vulnerability public.


The bug was reported to Microsoft in November with a three-month deadline. Four days ago, this 90-day deadline expired and the information was released into the wild."

Read the story at:

Google outs 'severe' Microsoft Edge vulnerability after firm misses 90-day fix deadline | TheINQUIRER


My System SpecsSystem Spec
.
28 Feb 2017   #2
Anak

Microsoft Community Contributor Award Recipient

Win 7 Home Premium 64bit Ver 6.1.7600 Build 7601 - SP1
 
 

Here's the ars technica article mentioned in GEWB's link, I like the end of the second paragraph and all of the third. It makes it sound like MS is back to pushing 10 again:
Quote:
There's a zero-day exploit in the wild that exploits a key file-sharing protocol in most supported versions of Windows, including Windows 10, the latest and most secure version of the Microsoft operating system. The exploit is probably not worth worrying about, but you'd never know that based on the statement Microsoft officials issued on Thursday when asked what kind of threat the exploit poses:

"Windows is the only platform with a customer commitment to investigate reported security issues and proactively update impacted devices as soon as possible," an unnamed spokesperson replied in an e-mail. "We recommend customers use Windows 10 and the Microsoft Edge browser for the best protection."

An employee at Microsoft's outside PR firm, WE Communications, wouldn't explain why the statement advised customers to use Windows 10 and Edge when the exploit works on all versions of Windows and doesn't require that targets use a browser. Ars reminded the employee that an advisory issued hours earlier by the CERT Coordination Center at Carnegie Mellon University warned that the vulnerability might leave Windows users open to code-execution attacks.


Source: https://Op-ed: Windows 10 0day exploit goes wild, and so do Microsoft marketers
Customers want objective threat guidance, not cheap shots at Microsoft rivals | arstechnica.com
My System SpecsSystem Spec
Reply

 Google outs 'severe' Microsoft Edge vulnerability




Thread Tools



Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 08:23.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App