{"id":255,"date":"2017-03-01T21:50:30","date_gmt":"2017-03-02T03:50:30","guid":{"rendered":"https:\/\/media-moon.com\/blog\/?p=255"},"modified":"2018-03-09T20:45:38","modified_gmt":"2018-03-10T02:45:38","slug":"edge-and-internet-explorer-vulnerability-disclosed-by-project-zero","status":"publish","type":"post","link":"https:\/\/media-moon.com\/blog\/edge-and-internet-explorer-vulnerability-disclosed-by-project-zero\/","title":{"rendered":"Edge And Internet Explorer Vulnerability Disclosed By Project Zero"},"content":{"rendered":"

Google Project Zero’s 90-day disclosure policy bites Microsoft again, as a zero-day Edge and IE vulnerability is made public before a patch is available.<\/h3>\n

For the second time in one week, Google Project Zero’s disclosure policy has uncovered an Edge and IE vulnerability without a fix following the cancellation of February’s Patch Tuesday release.\"\"<\/p>\n

According to a security researcher for Google Project Zero, the issue is primarily an Internet Explorer (IE) vulnerability that produces mixed results against the new Edge browser, leveraging a type-confusion flaw. The researcher was able to exploit the issue in both browsers (Edge and Internet Explorer), but while commenters on the Project Zero post were able to confirm the IE vulnerability, they could NOT\u00a0confirm it in the Edge browser.<\/p>\n

A different researcher states that this appears to be a “very dangerous” IE vulnerability, because it is “remotely exploitable and leads to remote code execution by simply visiting an attacker’s page.” This makes it prime for phishing, malvertising and other methods of wide distribution.<\/p>\n

As far as the release of the bug disclosure, Google Project Zero has a 90-day disclosure policy, after which time the details of a bug will automatically become public. It is unclear whether this IE vulnerability would have been fixed in a normal month. But this month, Microsoft cancelled Patch Tuesday, with little explanation.<\/p>\n

Neither Google nor Microsoft acknowledged if the two companies had been in contact regarding this specific IE vulnerability following the delay of Patch Tuesday.<\/p>\n

\"\"“We believe in coordinated vulnerability disclosure, and we’ve had an ongoing conversation with Google about extending their deadline, since the disclosure could potentially put customers at risk,” a Microsoft spokesperson said. “Microsoft has a customer commitment to investigate reported security issues and proactively update impacted devices as soon as possible.”<\/p>\n

It was surprising that Microsoft cancelled the patch Tuesday. One software security senior engineer stated, “given Microsoft’s relatively recent push for improving security and transparency. Perhaps they discovered more bugs in responding and didn’t want to publicize them until a fix was ready, or it was just an oversight. Either way, it seems like a poor response.”<\/p>\n","protected":false},"excerpt":{"rendered":"

Google Project Zero’s 90-day disclosure policy bites Microsoft again, as a zero-day Edge and IE vulnerability is made public before a patch is available. For the second time in one week, Google Project Zero’s disclosure policy has uncovered an Edge and IE vulnerability without a fix following the cancellation of February’s Patch Tuesday release. According […]<\/p>\n","protected":false},"author":7,"featured_media":262,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[156],"tags":[39,43,37,45,38,36,44,35,40,41,42],"class_list":["post-255","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyber-security","tag-edge","tag-internet","tag-internet-explorer","tag-malware","tag-microsoft","tag-patch","tag-phishing","tag-security","tag-vulnerability","tag-web-browser","tag-web-browsers"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/media-moon.com\/blog\/wp-json\/wp\/v2\/posts\/255","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/media-moon.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/media-moon.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/media-moon.com\/blog\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/media-moon.com\/blog\/wp-json\/wp\/v2\/comments?post=255"}],"version-history":[{"count":0,"href":"https:\/\/media-moon.com\/blog\/wp-json\/wp\/v2\/posts\/255\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/media-moon.com\/blog\/wp-json\/wp\/v2\/media\/262"}],"wp:attachment":[{"href":"https:\/\/media-moon.com\/blog\/wp-json\/wp\/v2\/media?parent=255"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/media-moon.com\/blog\/wp-json\/wp\/v2\/categories?post=255"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/media-moon.com\/blog\/wp-json\/wp\/v2\/tags?post=255"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}