Google reveals yet another vulnerability in Microsoft's software, this time in Edge and IE

Google"s Project Zero research team has actively been detecting vulnerabilities in Microsoft"s software products for quite some time. Back in November 2016, it revealed a "particularly serious" security flaw in Windows 10 just ten days after detailing it to Microsoft - for which it received lots of backlash. Just a few days ago, it disclosed yet another vulnerability in Windows, however, this time after its standard 90-day deadline had passed.

Now, the company has revealed yet another weakness in Microsoft"s software products, and this time, the flaw pertains to Edge and Internet Explorer, which means that it does not only impact Windows 10 but other iterations of the operating system as well.

According to The Register, a security flaw in Microsoft Edge and Internet Explorer was first reported to the company on November 25, 2016. Microsoft was offered the standard 90-day window by Google to patch the issue before it was publicly revealed. Apparently, the company failed to do this, and now the vulnerability has been disclosed to the public.

Apparently, only 17 lines of HTML can lead to both the aforementioned browsers crashing, and can also cause arbitrary code execution. The attack primarily focuses on two variables "rcx" and "rax", and as Google"s Project Zero research team points out, this can aid an attacker by modifying table properties so a web page just needs to modify the rax variable and point it to the memory they control.

Microsoft is yet to comment of the issue, and it"s currently unclear if the fix for the aforementioned vulnerability was part of the company"s delayed Patch Tuesday from this month. You can check out Google"s detailed report here.

Source: The Register via MSPoweruser

Report a problem with article
Next Article

Grab a Lifetime Subscription to PureVPN for just $69 via Neowin Deals

Previous Article

ZTE doubles down on the Blade V8 series by introducing the 'Lite' and 'Mini'