Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researchers 'Break' Microsoft's Edge With Zero-Day Remote Code Exploit (itpro.co.uk)

Posted by BeauHD on from the proof-of-concept dept.

Exploit developers Yushi Laing and Alexander Kochkov have teased a zero-day exploit for Microsoft's Edge browser that can allow a malicious actor to run commands on a user's machine. "Laing teased the 'stable exploit' for the Microsoft-developed web browser last week with an image that appeared to show the Windows Calculator app launched from a web browser, after working on the project for just under a week," reports IT PRO. From the report: The researcher had initially been looking into three remote code execution bugs for Firefox as part of an 'exploit chain', but struggled to establish code for the third. He then found two similar flaws on Microsoft Edge using the Wadi Fuzzer app developed by SensePost. Laing told BleepingComputer the pair wanted to develop a stable exploit for Microsoft Edge and escape the sandbox, termed as an exploit that force-crashes and incorrectly reloads an app with manipulated permissions.

This would allow a user to run functions, and access other apps, beyond its normal permissions, as well as access data from other applications. They were also looking for a way to effectively seize control of a machine by escalating execution privileges to "system." They published a proof-of-concept for the Edge exploit in a short clip which shows the team using the browser to open the landing page for Google Chrome via Firefox.

50 comments

  1. I would like to use Edge, but... by Anonymous Coward · · Score: 0

    it seems insecure, and even with all the privacy settings to the max, I get the idea it's collecting a lot of information on me and sending back to Microsoft. If it was secure and private, I would definitely use it in favor of Firefox on my Windows machine.

    1. Re:I would like to use Edge, but... by Anonymous Coward · · Score: 0

      it seems insecure, and even with all the privacy settings to the max, I get the idea it's collecting a lot of information on me and sending back to Microsoft. If it was secure and private, I would definitely use it in favor of Firefox on my Windows machine.

      You must have a different version of Edge than I do. The one my computer is so crude, primitive, broken and useless that it almost seems like some some sort of joke.

    2. Re:I would like to use Edge, but... by Anonymous Coward · · Score: 0

      You must have a different version of Edge than I do.

      Maybe stop blocking updates?

  2. Firefox by Anonymous Coward · · Score: 1

    Makes me happy to be running Firefox ... on a Mac.

    1. Re:Firefox by Anonymous Coward · · Score: 0

      security by obscurity

    2. Re:Firefox by Anonymous Coward · · Score: 0

      except of course he also found 3 exploits for firefox, sure being such a tiny demographic you probably won't get directly targeted, but that is not the same as being secure.

    3. Re:Firefox by Anonymous Coward · · Score: 0

      except of course he also found 3 exploits for firefox, sure being such a tiny demographic you probably won't get directly targeted, but that is not the same as being secure.

      Sure, but tell me any browser that is "secure"? Every single one can be vulnerable one way or the other (including spyware). Don't try to be a perfectionist but rather pick the most suitable tool for yourself.

    4. Re:Firefox by Gr8Apes · · Score: 1

      Well, the funny thing is that Edge numbers are under 10% according to the last chart I saw. That puts it under MacOS as a target. What was that tripe about marketshare and being the target of hackers?

      --
      The cesspool just got a check and balance.
    5. Re:Firefox by ArchieBunker · · Score: 1

      You think Firefox doesn't collect user data and statistics?

      --
      Only the State obtains its revenue by coercion. - Murray Rothbard
    6. Re:Firefox by Anonymous Coward · · Score: 0

      You can turn it off, and it's still nowhere near what Chrome and Edge collects, because Mozilla is simply not in that business.

    7. Re:Firefox by Anonymous Coward · · Score: 0

      While this is true, it sounds like the OP thinks that his platform is secure, despite the repeated massive security vulnerabilites caused by extremely poor testing.

      I mean, at least this one had to be fudged (crashing the app and reloading with different permissions). His platform of choice had a blank root password, negating the need for malicious actors to spend time and effort finding obscure bugs.

    8. Re: Firefox by Anonymous Coward · · Score: 0

      MacOS is like 1%. You might be confused and thinking of iOS. Which itself is crushed by Android.

    9. Re: Firefox by Gr8Apes · · Score: 1

      I think you're confused or merely trolling. Sadly, your misinformation could have been corrected in less than 5s via any common search engine indicating just how truly poor your knowledge is.

      --
      The cesspool just got a check and balance.
  3. FOSS by ChunderDownunder · · Score: 2

    Chakra is open source. What do MS have to lose by githubbing the rest of the browser?

    By the "many eyes" theory, security bugs would be dealt with greater expedience if a version of (let's call it) 'Edgium' were available in fedora and debian repositories. And the benefit for Windows 10 is web site compatibility that people might actually test for Edge cases, pun intended, if they could still develop under Linux/macos.

    1. Re:FOSS by Gravis+Zero · · Score: 4, Insightful

      Chakra is open source. What do MS have to lose by githubbing the rest of the browser?

      Exposing just how much information they are gathering about their users would be damaging, especially if the EU uses it to rule against them.

      Yeah, they got plenty of money to lose.

      --
      Anons need not reply. Questions end with a question mark.
    2. Re:FOSS by Anonymous Coward · · Score: 0

      By the "many eyes" theory, security bugs would be dealt with greater expedience if a version of (let's call it) 'Edgium' were available in fedora and debian repositories.

      Making source code available does not magically solve problems. The "many eyes" effect is the idea that if a project actually has many active contributors that increases the chance that a bug, once it is known, will be characterized quickly and that the solution will be obvious to someone. If Microsoft decides to make Edge open source that does not guarantee that a large crowd of developers will enthusiasticly start to participate and be available to make this "many eyes" effect happen.

    3. Re: FOSS by ChunderDownunder · · Score: 4, Interesting

      Chromium is open source but Google adds whatever special sauce they please to Chrome downloads.

      MS would be free to pursue a similar policy.

    4. Re: FOSS by ChunderDownunder · · Score: 1

      Certainly liberating the code won't itself form a community overnight but Chromium and Gecko have found uses beyond Google and Mozilla respectively.

    5. Re:FOSS by Anonymous Coward · · Score: 0

      They won't have my eyes, for one. I try to avoid their stuff, and if I gotta touch it I disinfect my hands after that.

      They'd have to end *credibly* their predatory ways for me to consider my position.

      I gues I'm not alone with that. You get the community you deserve.

    6. Re:FOSS by Joce640k · · Score: 4, Insightful

      Chakra is open source. What do MS have to lose by githubbing the rest of the browser?

      Simple: Somebody might recompile it without all the user-spying and data-gathering code.

      --
      No sig today...
    7. Re:FOSS by Anonymous Coward · · Score: 0

      ...and without the DRM authorizations to play back Disney/Netflix/HDR/4k/whatever

      Chromium isn't that popular anyway.

      Really for their target userbase, they have nothing to lose.

  4. Who uses Edge anyway? by Anonymous Coward · · Score: 1

    I'm sure most of us have only used Edge occasionally at best and many probably only to download another browser. Every browser has security issues at times, the question is, how fast do these issues get fixed? Microsoft is sort of slow with this because Edge get's major updates in Windows feature upgrades and security ones in monthly Windows updates. Microsoft has considered separating Edge updates from Windows but has yet to do so. Almost any other major browser is going to be better then Edge addressing security issues.

    1. Re:Who uses Edge anyway? by Anonymous Coward · · Score: 0

      bleepingcomputer-reading lusers like beauhd.

    2. Re:Who uses Edge anyway? by HydrusZ · · Score: 1

      Every browser has security issues at times, the question is, how fast do these issues get fixed? Microsoft is sort of slow with this because Edge get's major updates in Windows feature upgrades and security ones in monthly Windows updates.

      Severe vulnerabilities are patched out-of-band. Microsoft does it all the time.

  5. Safety by Artem+S.+Tashkinov · · Score: 2

    Quite some time ago I came to a conclusion that the safest way to browse the web is to run your web browser in a VM or on a separate device which your log into via network. And, no, running it under a separate user account doesn't cut it because your kernel and local listening daemons are fully exposed to the browser and might be used to circumvent users accounts separation, not to mention various (mostly theoretical but still real) CPU vulnerabilities. Too bad, I haven't followed my own conclusion and I still happily run the browser under my user account without any protections whatsoever, except for uBlock Origin and NoScript.

    The reason VM is not particularly well-suited for browsing the web is because 2D/3D acceleration doesn't work well in it, and also there's latency involved which makes the whole experience not exactly perfect - simple web sites work well but anything with heavy JS code and/or various graphical effects might suffer.

    1. Re: Safety by LordWabbit2 · · Score: 1

      Running in a VM helps, but if you get hit by rowhammer it will not make a difference.

      --
      There are three kinds of falsehood: the first is a 'fib,' the second is a downright lie, and the third is statistics.
    2. Re: Safety by Anonymous Coward · · Score: 0

      For personal reasons, I do not browse the web from my computer. (I also have not net connection much of the time.) To look at page I send mail to a demon which runs wget and mails the page back to me.

      It is very efficient use of my time, but it is slow in real time.

    3. Re: Safety by Artem+S.+Tashkinov · · Score: 2

      The rowhammer attack works only against certain DDR modules (e.g. my PC is not affected) and it also causes 100% CPU usage which is very easy to spot.

    4. Re:Safety by Anonymous Coward · · Score: 0

      I never ran it, but there was a product called Sandboxy which was basically chroot for Windows. Im not sure if it was able able to refuse to allow things like fork/exec (CreateProcess) or IPC calls, but locking-down the disk does get you a measure of protection, and the process still runs on your non-virtual machine.

      These days, VMs with special drivers do quite well in terms of performance. Too bad you can’t install and run eg Chrome or add without the whole OS and windowing environment wrapped around it. Maybe ChromeOS in a VM? Surely, it can be done.

    5. Re:Safety by AHuxley · · Score: 0

      Enjoy MS for video games. Find a real OS for anything interesting.

      --
      Domestic spying is now "Benign Information Gathering"
    6. Re:Safety by Slayer · · Score: 1

      There is a product which does this, albeit in a very kludgy way. It would be trivial to provide a similar solution based on QEMU, linux/*BSD and some browser, but I guess most people who want that just roll their own.

      There are several problems involved with this:

      • Lots of people do most of their stuff through their browser, and this includes banking, shopping, consuming music&video, ... if you hack their browser, there isn't much else to look for on their computer
      • A computer hacked through the browser for running a botnet/spamrelay is the same as a VM hacked through the browser for running a botnet/spamrelay - no help on this front
      • Users often want to download applications or data to use on their regular computer. If you create a path to bridge the gap between VM and host, the solution won't protect you long. If you don't bridge that gap, the system is much less usefull.
    7. Re:Safety by Artem+S.+Tashkinov · · Score: 1

      The full list is a lot longer than that:

      https://medium.com/secjuice/a-...

      https://www.citrix.com/virtual...

    8. Re:Safety by pgmrdlm · · Score: 1

      How about just sandboxing the damn web browser. There is software out there that does this. If it leaks, it leaks in it's own sandbox. Change the litter(reinstall sandbox) once a week. And who gives a shit

      --
      Anonymous comments are as pathetic as the anonymous "sources" that contaminate gutless journalism from the New York Time
    9. Re:Safety by Slayer · · Score: 1

      Interesting links!

      I really love the statement "seem to be focusing their messaging on high risk internet users and C-level employees", which pretty much sums up, why so few security products successfully protect companies.

    10. Re:Safety by Anonymous Coward · · Score: 0

      If you read the description, the white hat hackers were looking for bugs in the sandbox. Sandboxing helps, but is not perfect.

    11. Re: Safety by LordWabbit2 · · Score: 1

      Fair enough, the point though does remain. The only "safe" computer would be one not connected to the internet at all. All you are doing is mitigating attacks from 0 day web browser attacks, and perhaps some malware required by dodgy places when you go to dodgy websites. Perhaps decide to not go there, and the problem will go away.

      --
      There are three kinds of falsehood: the first is a 'fib,' the second is a downright lie, and the third is statistics.
  6. Yet again... by Anonymous Coward · · Score: 0

    Yet another reason to keep javascript disabled by default.

    As if we needed even more of them.

  7. The Real Insult by Anonymous Coward · · Score: 0

    using the browser to open the landing page for Google Chrome via Firefox.

    This browser inside of another awaken by the third is blasphemous!

  8. give it up by AndyKron · · Score: 1

    Can't we just assume at this point that all devices are broken? I do.

  9. Business model: Sell info to anyone who pays. by Futurepower(R) · · Score: 1, Informative

    Apparently, Microsoft's new business model is imitating Google: Collect a lot of information about users, and sell it to any organizations that will pay.

    Microsoft is poorly managed? Plenty of evidence. (Oct. 20, 2018)

    That business model is not going well:

    A watchdog group pretended to be Russian and bought 'divisive' Google ads -- now, Google is blasting the group for its ties to Oracle. (Sep. 4, 2018)

    Facebook discloses possible election meddling by Russia, foreign actors on eve of midterms. (Nov. 5, 2018)

    We read every one of the 3,517 Facebook ads bought by Russians. Here's what we found. (May 13, 2018)

  10. Fake news? by Anonymous Coward · · Score: 0

    Anybody remember what zero day used to mean? It referred to an exploit that was found the same day the flaw was introduced in publicly distributed software.

    There is no evidence in the article that a flaw was found and exploited the same day it first emerged in released software.

    1. Re: Fake news? by Anonymous Coward · · Score: 0

      Actually, 0day came from the pirating community. Meaning the day a game or piece of software dropped, they were available and cracked.

  11. 0-day by hcs_$reboot · · Score: 0

    At least now we have a way top relate Edge and its older colleague Internet Explorer.

    --
    Slashdot, fix the reply notifications... You won't get away with it...
  12. Itâ(TM)s Yushi Liang NOT Yushi Laing by laing · · Score: 1

    N/T

  13. Edge SUCKS by pgmrdlm · · Score: 1

    We are moving from Windows 7 to Windows 10. They are trying to enforce us into only using Edge as our browser. We use SharePoint a lot. From forms being created on mobile devices and transmitted, to other functions. Example of why I say edge SUCKS. If you are in a SharePoint page, and try to open explorer from that SharePoint page. It doesn't work. Hell, this is a hot topic on Microsoft forums. https://answers.microsoft.com/...
    What I told the people to do was. When they try to open with explorer, get the url with the location. Hold down the windows key, and press E. then paste in the path. I suggested that in one of our Windows 10 meetings. Not sure if that will be the work around, or IE 11, or what. I hate Edge. IT SUCKS

    --
    Anonymous comments are as pathetic as the anonymous "sources" that contaminate gutless journalism from the New York Time
    1. Re: Edge SUCKS by Anonymous Coward · · Score: 0

      Welcome to the MS treadmill. Better to stick with stuff that actually computers with standards.

    2. Re: Edge SUCKS by Anonymous Coward · · Score: 0

      *complies dammit.

    3. Re:Edge SUCKS by Anonymous Coward · · Score: 0

      Edge didn't open those IE web-site icons and it doesn't replace IE for the installers, like AMD driver installer, that just get stuck with IE removed from the Windows 10 installation while ignoring the presence of a different default browser of course. So even if you wanted to disable access to IE from the system for security reasons, many old behaviours are still provided only by IE in Windows 10.

  14. Crackers release 0-dat crack? by lpq · · Score: 1

    What ever happened to giving advanced notice before release? Not enough notoriety?