I know most of you don’t even use Internet Explorer and we all know how it was humiliated throughout the years. However, since the new Microsoft Edge might be using some IE code, it’s worth pointing this out anyway.
It looks like security experts have encountered and disclosed four new vulnerabilities in Microsoft’s browser. The researchers have noted the issues through Hewlett-Packard’s Zero Day Initiative, a program which creates detection signatures and also reports them to their respective vendors.
Microsoft has already been notified, however, ZDI gives 120 days to the vendor to fix them. So, since Microsoft is more focused on Windows 10, the issues were not resolved and limited information about them have been released to the public. By limited information, it means that the actual code affected has not been released for the wise guys to figure out an actual working exploit.
However, one of the four exploits seems to have been disclosed in more detail. This is because at one of ZDI’s contest back in November, a hacker used the exploit and provided ZDI with the necessary information on how to take advantage of the vulnerability. If you’re curious, the exploit can be found here.
The remaining vulnerabilities are just theoretical at this point, but Microsoft should look into patching them as soon as possible before someone else manages to find a way to exploit them further.
Thank you PCWorld for providing us with this information