Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Discloses Yet Another New Unpatched Microsoft Vulnerability In Edge/IE (bleepingcomputer.com)

Posted by EditorDavid on from the browser-bugs dept.

An anonymous reader quotes BleepingComputer: Google has gone public with details of a second unpatched vulnerability in Microsoft products, this time in Edge and Internet Explorer, after last week they've published details about a bug in the Windows GDI (Graphics Device Interface) component... The bug, discovered by Google Project Zero researcher Ivan Fratric, is tracked by the CVE-2017-0037 identifier and is a type confusion, a kind of security flaw that can allow an attacker to execute code on the affected machine, and take over a device.

Details about CVE-2017-0037 are available in Google's bug report, along with proof-of-concept code. The PoC code causes a crash of the exploited browser, but depending on the attacker's skill level, more dangerous exploits could be built... Besides the Edge and IE bug, Microsoft products are also plagued by two other severe security flaws, one affecting the Windows GDI component and one the SMB file sharing protocol shipped with all Windows OS versions...
Google's team notified Microsoft of the bug 90 days ago, only disclosing it publicly on Friday.

9 of 73 comments (clear)

  1. What am I missing? by TheRealMindChild · · Score: 5, Interesting

    Note: The analysis below is based on an 64-bit IE (running in single process mode) running on Windows Server 2012 R2. Microsoft Symbol Server has been down for several days and that's the only configuration for which I had up-to-date symbols. However Microsoft Edge and 32-bit IE 11should behave similarly.

    Ok, there is no information as to why this would affect any version other than the 64-bit IE that the guy tested. Especially since Edge *supposedly* uses a separate codebase, and this is an exploit in the MSHTML engine anyway

    --

    "When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
  2. This might be payback... by supremebob · · Score: 5, Interesting

    For all of those "Chrome is draining your battery faster than Edge would" notification messages in the Windows notification center when you use Chrome with Windows 10.

    That tactic just seems slimy to me. It seems that Microsoft is once again trying to exploit their near monopoly of desktop PC OS's to regain browser market share.

    1. Re:This might be payback... by raind · · Score: 2

      I do - doesn't happen on this machine...

      --
      Get up!
    2. Re:This might be payback... by Harlequin80 · · Score: 4, Interesting

      If I buy a fridge and the fridge keeps saying "Cottee's codial tastes better than x brand you're using" I would have an issue with that.

      I hate that Windows 10 is an advertising vector.

  3. but but but .. by khz6955 · · Score: 3, Funny

    Microsoft Edge running under windows is the most secure browser on the planet, Microsoft says so.

    1. Re:but but but .. by Billly+Gates · · Score: 2, Insightful

      Microsoft Edge running under windows is the most secure browser on the planet, Microsoft says so.

      As much as it is fashionable to bash MS at this anti MS website I will ask if you think Chrome is any better? It is kind of unfair as of course Google won't disclose it's own bugs.

      The problem is anything that executes programs (javascript and flash count even if they are not compiled) from anywhere on an untrusted world wide platform is stupid beyond belief!

      Perhaps we can replace javascript once logic can be performed through CSS. Of course at that point I would imagine CSS would then become an attack vector.

      I will bash MS on this though, SMB is a security issue (old SMB like in server 2003/XP especially) and I wonder why a browser would use this? Sharepoint integration perhaps from an era of IE 7 when MS was thinking a browser is an operating system? This should be seperated

      --
      http://saveie6.com/
  4. Re:Google are a bunch of cunts by 93+Escort+Wagon · · Score: 2

    Internally "Project Zero" has a second definition - it's the number of Chrome vulnerabilities team members are allowed to investigate.

    --
    #DeleteChrome
  5. Interesting Headline by bulled · · Score: 5, Insightful

    Why not:

    Microsoft fails to patch yet another vulnerability for 90 days?

    Right, because isn't so much news as status quo.

  6. Disclosure is a tool to get the problem fixed. by robbak · · Score: 4, Insightful

    Actually following through with the threat to disclose in 90 days (which is far too long in my opinion) is the only way to get corporations to take vulnerability reports seriously.

    Microsoft made a choice - to push their big marketing and style changes to all their users by bundling them with necessary security updates. This bad decision means that they can't push out small security-only, no-reboot-required updates on an as-needed basis. It is this profit-driven motive that makes a short disclosure period hard for them. The right way for the world deal with this is keep up the pressure, so they switch back to pushing out small security-only updates as needed when needed; to rebuild their customer's trust that Microsoft's updates won't break people's systems, won't suddenly uninstall legacy software, that sysadmins don't have to put updates through verification because they'll probably break something. This way, vulnerabilities in windows are fixed within days of them being reported.

    There is zero excuse for not fixing a vulnerability for 90 days. If something makes it hard for a corporation to fix vulnerabilities quickly, then it is that something that needs to change. Responsible disclosure like this pushes corporations to make such changes.

    --
    Prediction for end of Universe #42: Fencepost error in Quantum_bogosort.cpp