Both software developers and computer users are seriously worried about an increasing number of cyber attacks. Home PC users, small business, and even huge companies lost millions of dollars after their PCs were hijacked by ransomware viruses, such as Cryptolocker, FBI, Ukash, Locky, and many others. While ransomware attacks are the most severe, there are lots of other methods that hackers use to make a profit by blackmailing people. Tech giants, including Microsoft, have always been working hard to ensure users’ protection, but apparently, there are hundreds of professional programmers among hackers who manage to exploit the least security vulnerabilities. This is an ongoing issue, which is widely discussed on the Internet and various measures are taken to stop hackers from scamming people.
Project Zero informed Microsoft about the IE/Edge flaw on November 25, 2016, and gave 90 days to release the patch. Otherwise, the Project Zero will disclose vulnerability details publicly. Microsoft has acknowledged the issue and, we believe, were working hard to fix the crack, though in vain. It was expected that the fix will be released with the February’s Patch Tuesday, which, unfortunately, has been canceled due to yet unknown reasons. The usual Patch Tuesday is scheduled for March only. Up until Microsoft releases the patch, security experts recommend people to take precautionary measures and rely on Google Chrome (64-bit version) instead of Edge or IE. Besides, switching to Windows 10 from earlier versions is also a highly advisable precautionary measure to take.
Another heated question related to Microsoft’s Edge and IE bug is whether people should trust third-party patches or not. Acros Security has unveiled a temporary patch for an Internet Explorer and Edge Type Confusion Vulnerability, which may prevent the execution of malicious codes. Acros Security is aimed at unpatched vulnerabilities, end-of-life and unsupported products, vulnerable third-party software, and similar. It is pointed out that this patch is applicable for most of the exploitable vulnerabilities (e.g. format strings, binary planting, DLL injections, unchecked buffers, data patching, etc.). Nevertheless, Microsoft does not recommend Windows users to trust third-party patches. While the developers of Acros Security 0patch claim that the patch canceled as soon as the user installs the official patch released by OS vendor. However, according to Security Professional Chris Goettl, “Once Microsoft releases a fix will it install over the top of the changes from 0Patch? If any issues occur it leaves the user\company in a gray area.” Therefore, to get full support and all available fixes from Microsoft, you’d better not allow third parties to modify Microsoft’s components in any way.