A mere week after Google exposed a Windows GDI library vulnerability that affects Windows 10 and every version down to Windows Vista SP2, Google has again released details regarding yet another unpatched flaw called “type confusion flaw” that affects both Microsoft Edge as well as Internet Explorer on the same Windows versions.
But this time is different: Google security researcher Ivan Fratric has actually released a PoC (proof-of-concept) exploit along with the vulnerability, which is in a module in Edge and IE and could lead to arbitrary code execution.
Once again, the exposed vulnerability affects multiple Windows versions, including Windows 10, Windows 8.1 and Windows 7.
As of now there are three unpatched vulnerabilities and Microsoft has already cancelled February’s Patch Tuesday, which fell on Valentine’s Day this year. The reason for the cancellation was a “last-minute issue” that prompted Microsoft to delay the patches by a month and roll them into next month’s Patch Tuesday.
The second unpatched vulnerability is the GDI library flaw disclosed by Google last week. The third one is the Windows SMB flaw, the PoC exploit code for which was released nearly two weeks ago.
All three flaws are susceptible to attacks by sophisticated hackers, who can do much more than pull down your browsers! To stay safe, you can switch to Chrome, Safari or Firefox until March 14, which is the next scheduled Patch Tuesday.
If you’re a hardcore IE or Edge user, at least avoid visiting or clicking within untrusted websites, or following questionable links. Exercising caution is always a prerequisite for staying safe online.
Thanks for reading our work! Please bookmark 1redDrop.com to keep tabs on the hottest, most happening tech and business news from around the world. On Apple News, please favorite the 1redDrop channel to get us in your news feed.
