First Vulnerability Found In Microsoft Edge

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
Well that didn't take long, now did it?

At the Black Hat USA 2015 conference in Las Vegas, a team of security experts led by Jonathan Brossard have presented a vulnerability in the Microsoft Server Message Block (SMB) protocol used for sharing files in local networks.
 
Not really a vulnerability in Edge, per se. From the article:
Additionally, other vulnerable applications include Windows Media Player, Adobe Reader, Apple QuickTime, Excel 2010, Symantec's Norton Security Scan, AVG Free, BitDefender Free, Comodo Antivirus, IntelliJ IDEA, Box Sync, GitHub for Windows, TeamViewer, and many other more
So just about anything that deals with files, and the opening of them for any reason, is vulnerable. Probably also FireFox and Chrome.
 
Not really a vulnerability in Edge, per se. From the article:

So just about anything that deals with files, and the opening of them for any reason, is vulnerable. Probably also FireFox and Chrome.

No kidding. Windows scare tactics as usual.

If everything has this vulnerability it isn't an "edge" vulnerability.
 
1st in what will assuredly be a long list of vulnerabilities that confirms for me that IE hasn't changed no matter what they change the name to.

This is my shocked face. :rolleyes:
 
1st in what will assuredly be a long list of vulnerabilities that confirms for me that IE hasn't changed no matter what they change the name to.

This is my shocked face. :rolleyes:

One big difference between IE and Edge, no COM control support. However long the list for Edge is it's guaranteed to be shorter than IE because this.
 
I'm just waiting for them to discover how to distribute attacks through the p2p updates :)
 
How do you do mapped drives without SMB?

You map drives outside your LAN/WAN?

The exploit is to come in through the net via smb. If you block incoming smb traffic at your gateway/edge/security checkpoint you don't have to worry too much about it. If an attacker gets a package loaded on an endpoint it won't be able to call home as smb is blocked.

Now I am sure they will figure out a way to fool shit at some point but that is part of he game.
 
Not a problem. Edge does its job perfectly which is allowing a user to go to ninite.com and install another browser.

That's all it has to do.
 
for my parents edge is great. the "other browsers" all have vulnerabilities to or do people stop reading the hardocp and other new sites each week?

there is no safe browser at the moment that I am aware of that is bug/security proof and a lot of the security issues live at the site level (ssl 2.0 still enabled, https not used etc)
 
I do agree that the article is misleading. This is not an edge vulnerability. It's a general windows vulnerability.
 
and it only works with SMB on NTLMv2.
Shouldn't we all be using Kerberos by now?
 
One big difference between IE and Edge, no COM control support. However long the list for Edge is it's guaranteed to be shorter than IE because this.

When whatever they plan to replace COM/ActiveX with comes along, as they have said they plan on some kind of plug-in/extension support to edge in the future, it will no doubt have its own list of vulnerabilities and exploits.

It's kind of a dead browser for a lot of advanced users at the moment with no plugin support. Lots of people I know won't even try out a browser without adblock.
 
When whatever they plan to replace COM/ActiveX with comes along, as they have said they plan on some kind of plug-in/extension support to edge in the future, it will no doubt have its own list of vulnerabilities and exploits.

HTML/JavaScript extensions yes but I've heard nothing of support for native plug-ins. Considering how they've encouraged developers to move away from their on Silverlight plug-in and their pusing more and more of pure HTML/JS/CSS and standards I don't think that native plug-ins are in the cards for Edge.
 
The problem of exploitable extensions (flash, adobe pdf, etc) is different from potential trojan horse add-ons/extensions. That MS wanted to avoid the prior isn't surprising, but the latter is a problem which will need to be addressed later unless MS is fine with Edge simply being a basic browser for n00bs.
 
The problem of exploitable extensions (flash, adobe pdf, etc) is different from potential trojan horse add-ons/extensions. That MS wanted to avoid the prior isn't surprising, but the latter is a problem which will need to be addressed later unless MS is fine with Edge simply being a basic browser for n00bs.

Edge has uses its own Flash plug-in that's coupled with Windows Update and PDF support is built into Edge. With the addition HTML/JS/CSS extensions that's got pretty much everything covered.
 
Back
Top