Google just released the latest report on finding a bug in Microsoft’s browsing programs that could become a huge inspiration for the attackers to build hack tools and website that can even crash the software.
The bug is so vulnerable that in some major case, it can allow an attacker to hijack a victim’s browser, said by Google researcher Ivan Fratric. Meanwhile, the bug reported in November, but as the 90-days deadline has expired, which was given by Google to Microsoft to fix the bug, they decided now to released it publicly.
Microsoft has still yet to make a comment on when they will produce a patch to repair the bug
According to the BBC, Mr. Fratric never expected Microsoft to miss the deadline of 90-days to fix the vulnerability. The bug found in the program code of Microsoft’s Internet Explorer 11 and Edge Browser. The way these programs handles the instructions to format the website pages is probably the one most reason of being vulnerable, they said.
Microsoft did not make any referenced statement regarding the significance of the issue, but said it had a “customer commitment to investigate reported security issues and proactively update impacted devices as soon as possible.”
Also stated that Microsoft was committed in “an ongoing conversation with Google about extending their deadline since the disclosure could potentially put customers at risk.”
Despite, the bug has now publicly released, but so far there is no evidence on being attacked maliciously exploiting the buggy code of the browsing program, revealed by Mr. Fratric.
Strangely, Microsoft has canceled their regular monthly update this time without stating the reason. Maybe the cancellation of the update was expected because of the security fixes to be included. Also, during the same month, other researchers has also released details about a way to exploit a vulnerability in Microsoft server code. No fix has been released yet so far for this vulnerability.