Google developers in the Project Zero project discovered a vulnerability in the Microsoft Edge browser. For a long time, the company did not report the vulnerability, but Microsoft did not have time to fix it, writes The Verge.
In the Windows 10 Creators Update, Arbitrary Code Guard (ACG) technology was introduced to protect against attacks involving the loading of malicious code into memory. It allows you to display in memory only the code that has the appropriate signature. However, experts have found a vulnerability that allows you to bypass this protection. As a result, attackers can put malicious code in the computer's memory.
The vulnerability was discovered in November 2017, however, according to the rules of Project Zero, developers are given 90 days to fix. After this time, the developers publish a description of the problem. Microsoft acknowledged that it took an unexpectedly long time to fix the vulnerability and the patch will appear only in March 2018.
Microsoft Edge is a standard Windows 10 browser that replaced Internet Explorer. In addition, in the version of Windows 10 S users are not allowed to change the standard browser. Even if a user downloads a third-party application, all links from emails and other services will open in Microsoft Edge.
. (tagsToTranslate) Microsoft (t) î (t) ð (t) é (t) ò (t) é (t) ü (t) and (t) and (t) ü (t) Project Zero (t) å (t) î (t) ì (t) î