Google outs 'severe' Microsoft Edge vulnerability

GEWB

GEWB

New member
Guru
VIP
Local time
6:27 PM
Messages
1,030
Location
Denver, Colorado
From The Inquirer:

"GOOGLE PROJECT ZERO RESEARCHER Ivan Fratric has had enough of Microsoft not fixing a severe vulnerability in Microsoft Edge and blown a big whistle on it.

This is what Project Zero does. Fratric took the issue to Microsoft last year, and the firm failed to fix it within Google's deadline so the company has, naturally, made the vulnerability public.


The bug was reported to Microsoft in November with a three-month deadline. Four days ago, this 90-day deadline expired and the information was released into the wild."

Read the story at:

Google outs 'severe' Microsoft Edge vulnerability after firm misses 90-day fix deadline | TheINQUIRER
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
(7 different computers booting up to 10 systems)
OS
Linux Mint / XP / Win7 Home, Pro, Ultimate / Win8.1 / Win10
Other Info
Four desktops, two laptops, one notebook and one tablet
Here's the ars technica article mentioned in GEWB's link, I like the end of the second paragraph and all of the third. It makes it sound like MS is back to pushing 10 again:
There's a zero-day exploit in the wild that exploits a key file-sharing protocol in most supported versions of Windows, including Windows 10, the latest and most secure version of the Microsoft operating system. The exploit is probably not worth worrying about, but you'd never know that based on the statement Microsoft officials issued on Thursday when asked what kind of threat the exploit poses:

"Windows is the only platform with a customer commitment to investigate reported security issues and proactively update impacted devices as soon as possible," an unnamed spokesperson replied in an e-mail. "We recommend customers use Windows 10 and the Microsoft Edge browser for the best protection."

An employee at Microsoft's outside PR firm, WE Communications, wouldn't explain why the statement advised customers to use Windows 10 and Edge when the exploit works on all versions of Windows and doesn't require that targets use a browser. Ars reminded the employee that an advisory issued hours earlier by the CERT Coordination Center at Carnegie Mellon University warned that the vulnerability might leave Windows users open to code-execution attacks.


Source: https://Op-ed: Windows 10 0day exploit goes wild, and so do Microsoft marketers
Customers want objective threat guidance, not cheap shots at Microsoft rivals | arstechnica.com
Click to expand...
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Gateway DX4831-01e (Mid-Tower Desktop)
OS
Originally Win 7 Hm Prem x64 Ver 6.1.7600 Build 7601-SP1 | Upgraded to Windows 10 December 14, 2019
CPU
Intel i3 530 2.93GHz, 2933MHz 2 Cores 4 Logical Processors
Motherboard
Gateway H57M01 133 megahertz
Memory
6GB of 1,333MHz DDR3 SDRAM
Graphics Card(s)
32MB Intel Graphics Media Accelerator HD IGChip
Sound Card
Realtek High Definition Audio
Monitor(s) Displays
Gateway HX2000 20inch TFT active matrix TN
Screen Resolution
1600 x 900 x 59 hertz
Hard Drives
WDC WD10EADS-00M2B0 [HDD] (1000.20 GB) -- drive 0,
HL-DT-ST DVDRAM GH41N [CD-ROM dr]
Four card readers, and Four USB 2.0
PSU
300watts.
Case
Mid-Tower Desktop
Cooling
Stock from Gateway
Keyboard
Natural Ergonomic Keyboard 4000, see Other Info
Mouse
Orig. Gateway wore out now using Insignia USB wired optical
Internet Speed
Vz FIOS 10ms png 57.64Mbps down 65.53Mbps up Speedtest.org
Antivirus
Zamana Anti-logger with Anti-malware, MSE, Windows Firewall,
Browser
IE11.0.9600.19399-Upd ver11.0.135, Firefox 68.0.1 x64
Other Info
System Specs by Belarc.

BIOS: American Megatrends Inc. P01-A0 11/17/2009

Replaced the MS 'Natural' Standard PS/2 Enhanced 101-102 Keyboard with a new Natural Ergonomic Keyboard 4000 on August 1st 2014.

Canon Pixma MG3222 Printer.

Updated to IE11 on 12102015 | Fios Quantum Router g1100

Additional AV: SpywareBlaster, manual Mbam, SAS
You must log in or register to reply here.

Similar threads

Microsoft Edge celebrates moving to IE mode, Linux, and new search
Replies
0
Views
1K
Brink
Brink
New release cycles for Microsoft Edge
Replies
0
Views
600
Brink
Brink
Microsoft Edge 89 delivering improved browser performance
Replies
0
Views
982
Brink
Brink
Introducing the new Microsoft Edge and Bing
Replies
2
Views
2K
dancer7
D
Microsoft Confirms x64 Windows 7 Aero Vulnerability
2
Replies
21
Views
8K
kucing13
kucing13
Back
Top