Microsoft is getting hammered once again by Google, with the company’s security outfit once again releasing a new unpatched vulnerability for IE and Edge, which can both be used to crash the browsers and also lead to arbitrary code execution.
The bug, which exploits a type confusion in HandleColumnBreakOnColumnSpanningElement, was first discovered on the 25th November 2016 and publicly released on the 23rd February 2017. Microsoft cancelled Patch Tuesday this month, leaving their users with at least 2 known vulnerabilities available to hackers.
The bug is easy to exploit, with the proof of concept only 17 lines of html, with a focus on two variables rcx and rax.
“An attacker can affect rax by modifying table properties such as border-spacing and the width of the first th element,” Project Zero’s post states – so the crafted Web page just needs to point rax to memory they control.
While users currently remain exposed we know that running as a limited user would mitigate most security issues affecting IE and Edge.
To do this first create a new admin account on your PC (under Control Panel\User Accounts\User Accounts) and make sure you know its username and password well. Then use that account to demote your regular account to a limited account in the same location.
Read more about the exploit at Google here.