Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Security Microsoft The Internet Technology

Researchers 'Break' Microsoft's Edge With Zero-Day Remote Code Exploit (itpro.co.uk) 50

Posted by BeauHD from the proof-of-concept dept.
Exploit developers Yushi Laing and Alexander Kochkov have teased a zero-day exploit for Microsoft's Edge browser that can allow a malicious actor to run commands on a user's machine. "Laing teased the 'stable exploit' for the Microsoft-developed web browser last week with an image that appeared to show the Windows Calculator app launched from a web browser, after working on the project for just under a week," reports IT PRO. From the report: The researcher had initially been looking into three remote code execution bugs for Firefox as part of an 'exploit chain', but struggled to establish code for the third. He then found two similar flaws on Microsoft Edge using the Wadi Fuzzer app developed by SensePost. Laing told BleepingComputer the pair wanted to develop a stable exploit for Microsoft Edge and escape the sandbox, termed as an exploit that force-crashes and incorrectly reloads an app with manipulated permissions.

This would allow a user to run functions, and access other apps, beyond its normal permissions, as well as access data from other applications. They were also looking for a way to effectively seize control of a machine by escalating execution privileges to "system." They published a proof-of-concept for the Edge exploit in a short clip which shows the team using the browser to open the landing page for Google Chrome via Firefox.
This discussion has been archived. No new comments can be posted.

Researchers 'Break' Microsoft's Edge With Zero-Day Remote Code Exploit More

Researchers 'Break' Microsoft's Edge With Zero-Day Remote Code Exploit

Comments Filter:

  • Firefox (Score:1)

    by Anonymous Coward

    Makes me happy to be running Firefox ... on a Mac.

    • Re: (Score:1)

      by Gr8Apes ( 679165 )
      Well, the funny thing is that Edge numbers are under 10% according to the last chart I saw. That puts it under MacOS as a target. What was that tripe about marketshare and being the target of hackers?

    • You think Firefox doesn't collect user data and statistics?

  • FOSS (Score:3)

    by ChunderDownunder ( 709234 ) on Tuesday November 06, 2018 @05:24AM (#57598638)

    Chakra is open source. What do MS have to lose by githubbing the rest of the browser?

    By the "many eyes" theory, security bugs would be dealt with greater expedience if a version of (let's call it) 'Edgium' were available in fedora and debian repositories. And the benefit for Windows 10 is web site compatibility that people might actually test for Edge cases, pun intended, if they could still develop under Linux/macos.

  • Who uses Edge anyway? (Score:1)

    by Anonymous Coward

    I'm sure most of us have only used Edge occasionally at best and many probably only to download another browser. Every browser has security issues at times, the question is, how fast do these issues get fixed? Microsoft is sort of slow with this because Edge get's major updates in Windows feature upgrades and security ones in monthly Windows updates. Microsoft has considered separating Edge updates from Windows but has yet to do so. Almost any other major browser is going to be better then Edge addressing s

    • Re: (Score:1)

      by HydrusZ ( 539461 )

      Every browser has security issues at times, the question is, how fast do these issues get fixed? Microsoft is sort of slow with this because Edge get's major updates in Windows feature upgrades and security ones in monthly Windows updates.

      Severe vulnerabilities are patched out-of-band. Microsoft does it all the time.

  • Safety (Score:3)

    by Artem S. Tashkinov ( 764309 ) on Tuesday November 06, 2018 @06:08AM (#57598722) Homepage

    Quite some time ago I came to a conclusion that the safest way to browse the web is to run your web browser in a VM or on a separate device which your log into via network. And, no, running it under a separate user account doesn't cut it because your kernel and local listening daemons are fully exposed to the browser and might be used to circumvent users accounts separation, not to mention various (mostly theoretical but still real) CPU vulnerabilities. Too bad, I haven't followed my own conclusion and I still happily run the browser under my user account without any protections whatsoever, except for uBlock Origin and NoScript.

    The reason VM is not particularly well-suited for browsing the web is because 2D/3D acceleration doesn't work well in it, and also there's latency involved which makes the whole experience not exactly perfect - simple web sites work well but anything with heavy JS code and/or various graphical effects might suffer.

    • Running in a VM helps, but if you get hit by rowhammer it will not make a difference.
      • The rowhammer attack works only against certain DDR modules (e.g. my PC is not affected) and it also causes 100% CPU usage which is very easy to spot.
        • Fair enough, the point though does remain. The only "safe" computer would be one not connected to the internet at all. All you are doing is mitigating attacks from 0 day web browser attacks, and perhaps some malware required by dodgy places when you go to dodgy websites. Perhaps decide to not go there, and the problem will go away.

    • Re: (Score:1)

      by AHuxley ( 892839 )
      Enjoy MS for video games. Find a real OS for anything interesting.

    • Re: (Score:2)

      by Slayer ( 6656 )

      There is a product [rohde-schwarz.com] which does this, albeit in a very kludgy way. It would be trivial to provide a similar solution based on QEMU, linux/*BSD and some browser, but I guess most people who want that just roll their own.

      There are several problems involved with this:

      • Lots of people do most of their stuff through their browser, and this includes banking, shopping, consuming music&video, ... if you hack their browser, there isn't much else to look for on their computer
      • A computer hacked through the browser for
    • How about just sandboxing the damn web browser. There is software out there that does this. If it leaks, it leaks in it's own sandbox. Change the litter(reinstall sandbox) once a week. And who gives a shit
  • Can't we just assume at this point that all devices are broken? I do.
  • At least now we have a way top relate Edge and its older colleague Internet Explorer.
  • We are moving from Windows 7 to Windows 10. They are trying to enforce us into only using Edge as our browser. We use SharePoint a lot. From forms being created on mobile devices and transmitted, to other functions. Example of why I say edge SUCKS. If you are in a SharePoint page, and try to open explorer from that SharePoint page. It doesn't work. Hell, this is a hot topic on Microsoft forums. https://answers.microsoft.com/... [microsoft.com]
    What I told the people to do was. When they try to open with explorer, ge

  • What ever happened to giving advanced notice before release? Not enough notoriety?

Slashdot Top Deals

Ocean: A body of water occupying about two-thirds of a world made for man -- who has no gills. -- Ambrose Bierce

Close