Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

Zero-Day in Microsoft Edge and IE browser

 

Systems Affected


Microsoft Edge and Internet Explorer browser

Threat Level


High


Overview


Allow a remote attacker to steal sensitive user information using same‐origin policy.


Description


There are two 'unpatched' zero-day vulnerabilities which affects the latest Microsoft Internet Explorer and another the latest Edge Browser. Which will allows an attacker to bypass same-origin policy on victim's browser.
Same Origin Policy ‐ This is a security feature implemented in modern browsers that restrict a web page or a script loaded from one origin to interact with a resource from another origin, preventing unrelated sites from interfering with each other.
One example attack would be Universal Cross-site scripting.


Impact


  ✦  Stealing victim's sensitive data (login sessions and cookies)


Solution/ Workarounds


  ✦  Users are advice to use other web browsers since Microsoft still haven't addressed the issue.


References


https://thehackernews.com/2019/03/microsoft-edge-ie-zero-days.html


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.