Gee, that didn’t take long at all. Researchers have found the first vulnerability in Microsoft Edge. And interestingly, this security flaw actually affects other software as well.
Think programs like Internet Explorer, Windows Media Player, Excel, AVG, BitDefender, Comodo Antivirus and even QuickTime — needless to say, this is a very widespread bug that affects all versions of Windows, including the recently released Windows 10.
A team of security experts led by Jonathan Brossard presented this at the Black Hat USA 2015 conference in Las Vegas.
It has to do with the Server Message Block (SMB) protocol that is used for file sharing in local networks. Now this protocol was created by IBM some 21 years back, and it is now on version 3.0, which is what ships on most versions of Windows.
Although it is primarily used enterprise networks for sharing files and printers and quickly authenticate themselves on Windows powered servers.
As is quite often the case, a faulty DLL is at the core of this problem.
But what’s a little bit threatening is that while the technique that allows hackers to extract user credentials this way usually worked only in LANs, it can now be performed on Internet connections too.
This
research paper (PDF file) was written before the launch of Windows 10, and, obviously, before Spartan was renamed to Edge.
As noted, all versions of Internet Explorer are vulnerable, and the same goes for Microsoft Edge, making this the first attack against Windows 10 and its default web browser that has been unearthed.
Hopefully, Microsoft manages to take care of this as soon as possible.
source:windows10update
