GOOGLE PROJECT ZERO RESEARCHER Ivan Fratric has had enough of Microsoft not fixing a severe vulnerability in Microsoft Edge and blown a big whistle on it.

This is what Project Zero does. Fratric took the issue to Microsoft last year, and the firm failed to fix it within Google's deadline so the company has, naturally, made the vulnerability public.

The bug was reported to Microsoft in November with a three-month deadline. Four days ago, this 90-day deadline expired and the information was released into the wild.

The bug, known as a type-confusion bug, affects Windows 10 and below, and is as severe as it sounds. Fratric explains that "values [data] can be controlled by an attacker (with some limitations)".

After the deadline was exceeded Fratic was asked a question by an interested party about the exploit, however, he declined to provide any more detail until the bug is officially fixed...

Read more: http://www.theinquirer.net/inquirer/...y-fix-deadline

Posted By: Brink
28 Feb 2017