Zero-Day in Microsoft Edge and IE browser

  • CERT Admin
  • Wed Apr 03 2019
  • Alerts

Systems Affected 

Microsoft Edge and Internet Explorer browser

Threat Level

High

Overview 

Allow a remote attacker to steal sensitive user information using same‐origin policy.

Description 

There are two 'unpatched' zero-day vulnerabilities which affects the latest Microsoft Internet Explorer and another the latest Edge Browser. Which will allows an attacker to bypass same-origin policy on victim's browser.Same Origin Policy ‐ This is a security feature implemented in modern browsers that restrict a web page or a script loaded from one origin to interact with a resource from another origin, preventing unrelated sites from interfering with each other.

One example attack would be Universal Cross-site scripting. 

Impact 

  ✦  Stealing victim's sensitive data (login sessions and cookies)

Solution/ Workarounds 

  ✻  Update the latest version of the Mozilla's Firefox on Windows, Linux and Mac.

References 

https://thehackernews.com/2019/03/microsoft-edge-ie-zero-days.html

Disclaimer 

The information provided herein is on "as is" basis, without warranty of any kind.
 

Last updated: Wed Apr 03 2019