Annoying 'Open PDF In Edge' Default Option Puts Windows 10 Users At Risk

An anonymous reader writes from a report via Softpedia: Microsoft fixed today a serious security flaw in the Windows PDF Library, a standard library used by Windows 10 to open and render PDF files, embedded by default in Edge. Exploiting this flaw allows attackers to execute code on the user's machine and take over the device, just by tricking a user into accessing a PDF hosted online via Edge. Since Edge is not only the default browser in Windows 10, but also the default PDF reader, this flaw puts countless of users that have not changed those settings at risk. Even worse, Microsoft has the annoying habit of resetting your personal app preferences once in a blue moon, always reverting Edge as the default browser and the default app to open PDF files.

Re:At risk of what??

[omnichad]

Joke or not, this is not due to functionality in PDF files macros, but a memory corruption issue leading to code execution. The exact same type of thing that happens with most Adobe Reader vulnerabilities. The only difference is the choice in vendor for your bugs.

Re:Surprise surprise!

[ArmoredDragon]

I think the bigger surprise was that Microsoft claims that UWP apps are sandboxed, only they're not.

Re:Microsoft: convenience over security

I'll mention that Chrome I think was the first of the browsers to start the native PDF rendering without a plugin. In this case Microsoft is following Google's lead.

Personally I haven't had my Windows 10 settings revert away from my alternate PDF reader that I set as the default viewer but with the we'll say 'quirks' of Windows 10 I'm not at all surprised if that has happened to people.