News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • ACROS Security released 0Patch for IE

    Posted on Alex5723 Comment on the AskWoody Lounge

    Home Forums AskWoody support Questions: Browsers and desktop software Internet Explorer and Edge ACROS Security released 0Patch for IE

    This topic contains 3 replies, has 3 voices, and was last updated by

     woody 1 month ago.

    • Author
      Posts
    • #533293

      Alex5723
      AskWoody Plus

      As Microsoft declined to fix the MTH bug ACROS has released a 0Patch

      Edge Decided To Use An Undocumented Security Feature.
      Internet Explorer Didn’t Get The Memo.

      Five days ago, security researcher John Page published details and a proof-of-concept for a vulnerability in Internet Explorer that he had previously reported to Microsoft but received a response that “…a fix for this issue will be considered in a future version of this product or service.”

      https://blog.0patch.com/2019/04/microsoft-edge-uses-secret-trick-and.html

      • This topic was modified 1 month ago by
         Alex5723.
      1 user thanked author for this post.
    • #539633

      woody
      Da Boss

      The situation’s a little more complex than that, but…

      • #540197

        mn–
        AskWoody Lounger

        Well yeah, it’s a funny chicken-and-egg problem of defaulting to trusted when not having sufficient access to check for “mark of the web”, due to running with lowered privileges to reduce attack surface…

        Well, that and allowing active content and network access at all to be triggered from what’s “supposed” to be an ad-hoc offline copy of web content, let alone not very restricted filesystem access, but I suppose that’s probably A Feature(tm) and not a bug.

    The topic ‘ACROS Security released 0Patch for IE’ is closed to new replies.