Microsoft Edge users now need to be extra cautious while surfing since a new exploit is coming. An exploit developer has discovered a zero-day Microsoft Edge vulnerability that triggers remote code execution attacks. Since the researcher has not informed Microsoft of the problem yet, one may not expect a quick fix for this.
Zero-Day Microsoft Edge Vulnerability Induces RCE Attacks
As disclosed, an exploit developer Yushi Liang has claimed to have found a vulnerability that breaks Microsoft Edge browsers. The newly discovered zero-day Microsoft Edge vulnerability could allow an attacker to remotely execute arbitrary codes on the target system. Liang first revealed his discovery in a tweet.
As stated, Liang has teamed up with a Russian exploit developer Alexander Kochkov to create a stable exploit that escapes sandbox. Whereas, he has found the exploit by using Wadi Fuzzer
Allegedly, exploiting the zero-day vulnerability referred herewith lets an attacker execute arbitrary commands. The extent of the RCE attacks largely depends on the privilege level of the account logged in. In case of an administrator account, an attacker may exfiltrate data from the system, create admin accounts, or install programs on the target machine.
While talking to Bleeping Computers, Liang stated that they are working out to develop a stable exploit to achieve “full sandbox escaping of the code”. Moreover, they will also try to find ways of escalating execution privileges.
Although Liang hasn’t revealed much technical details of the exploit yet, he has demonstrated the exploit in a video. As shown, he has triggered Microsoft Edge to launch Firefox that loads a Google Chrome download page.
No Patches Available Yet
For now, users of Microsoft Edge may not find a fix for the bug since the researcher has not reported the flaw to Microsoft. Probably, as more details come up, Microsoft may release a patch for it. However, until then, the only mitigation seems to be the choice of user accounts. While using Microsoft Edge, users may avoid logging in to accounts with administrator privileges for minimal damages.
Take your time to comment on this article.