Η Google δημοσίευσε άλλο ένα unpatched ελάττωμα ασφαλείας των Windows, σύμφωνα με την πολιτική προγράμματος της εταιρείας Project Zero που αποκαλύπτει τρωτά σημεία 90 ημέρες μετά την γνωστοποίηση τους στην εταιρεία ανάπτυξης.
This time, the vulnerability is a type confusion in Microsoft Edge and Internet Explorer modules. Google researcher Ivan Fratric published a PoC showing how he can crash the programs browsing, opening a door for potential attackers to gain administrative privileges on affected systems.
Fratric reports that he analyzed the 64-bit version of Internet Explorer in Windows Server 2012 R2, but also two versions of 32-bits in Internet Explorer 11 and Microsoft Edge. This means that users of Windows 7, Windows 8.1, and Windows 10 are in imminent danger if they use Microsoft browsers.
Vulnerability was reported in 25 November, and according to Google Project Zero policy, it was announced publicly today 25 February, while Microsoft has not yet released a patch.
Let's say this is it second security flaw which was revealed by Google in two weeks, as the company also published details of the vulnerability in gdi32.dll originally reported to Microsoft in March of 2016.
So right now there are two different security vulnerabilities that have not yet been patched by Microsoft while the details have already been posted on Internet by Google.
As we mention in the title of the article, to protect yourself it is recommended to avoid clicking on websites you do not trust and to replace Internet Explorer and Microsoft Edge with a different one Browser.