Microsoft Edge the least vulnerable web browser? Not for long. Windows Built-in PDF reader found exposing Edge to hacking

by Ugnius Kiguolis - -
Microsoft Edge the least vulnerable web browser? Not for long. Windows Built-in PDF reader found exposing Edge to hacking snapshot

Virus and malware attacks, software hacking, scamming, phishing, and similar cyber crimes have been present for a long time. Billions of people have experienced money, and data loss, as well as fatal system crashes initiated by malicious programs managed by hackers. Therefore, developers of operating systems have been steadily improving online security and software resistance to hacking. Unfortunately, but the greatest programmers are not only the developers of OS or reliable software but also cyber criminals seeking to gain profit illegally. Therefore, the improvement of online security and software resistance went hand in hand with the development of virus, malware, spam, exploit kits and other fraudulent means. While Mac OS gets increasingly vulnerable to malware, the biggest flow of cyber attacks is registered on Windows and this OS still remains the number one target for cyber criminals. Microsoft team is aware of low-security rate, which is why it is continuously analyzing security breaches and releases updates regularly.

At the same time as Microsoft introduced Windows 10 OS, which has been promising to minimize security-related issues, it has also released a new web browser named as Microsoft Edge (formerly Internet Explorer). Despite useful features, Microsoft Edge has presented users with the new online security issues as well. A couple of months ago, Microsoft had released a monthly security patch and emphasized a new treat labeled as critical PDF exploit. It has been found that a remote code execution (RCE) contains a flaw in the standard PDF rendering library, which can be exploited when opening a PDF file.

The exploit is related to Windows Runtime PDF Renderer library (WinRT PDF), which is one of the default Windows features that is used as a PDF reader, opener, and modifier. The vast majority of default Windows applications, including Microsoft Edge, and the ones downloaded from the Windows Store is using WinRT PDF by default. Unfortunately, a recent research initiated by an IBM researcher Mark Vincent Yason has exposed the flaw in Microsoft Edge, which may be used as a mean to execute PDF exploit kits and involve Edge’s user into a fraud botnet. The problem is that hackers might start using WinRT PDF exploit kits within a PDF file, which may be executed via an Inline Frames. If this exploit kit would be successfully executed, PC owner’s personal data is put at risk. Besides, it may start drive-by downloads and, furthermore, inject malware. The principle of WinRT PDF exploit kits resembles Angler and Neutrino exploit kits, which allowed hackers to make billions of dollars using Java and Flash vulnerabilities.

Luckily, exploiting WinRT PDF via Edge haven’t yet been used in practice thanks for “Address Space Layout Randomization” (ASLR) protection and Control Flow Guard tools on Windows 10, which protect software from being exploited by hiding existing vulnerabilities. While it doesn’t mean that WinRT vulnerabilities cannot be exploited at all, bypassing several tools for exploiting WinRT vulnerabilities is, for now, too expensive for hackers. However, as researchers note, that’s just a matter of time when hackers find a way to turn this flaw to account, so Edge’s users should always be cautious. Microsoft is already aware of WinRT exploit kits and works hard to prevent them from being implemented. We hope that hackers will not surpass Microsoft regarding this issue.

Prevent websites, ISP, and other parties from tracking you

Private Internet Access is a VPN that can prevent your Internet Service Provider, the government, and third-parties from tracking your online and allow you to stay completely anonymous. The software provides dedicated servers for torrenting and streaming, ensuring optimal performance and not slowing you down. You can also bypass geo-restrictions and view such services as Netflix, BBC, Disney+, and other popular streaming services without limitations, regardless of where you are.

A VPN is also crucial when it comes to user privacy. Online trackers such as cookies can not only be used by social media platforms and other websites but also your Internet Service Provider and the government. Even if you apply the most secure settings via your web browser, you can still be tracked via apps that you are connected to the internet. Besides, privacy-focused browsers like Tor is are not an optimal choice due to diminished connection speed.

Therefore, to stay completely anonymous and prevent the ISP and the government from spying on you, you should employ Private Internet Access VPN. It will allow you to connect to the internet while being completely anonymous, prevent trackers, ads, as well as malicious content. Most importantly, you will prevent the illegal surveillance activities that NSA and other governmental institutions are performing behind your back.


Recover your lost files quickly

Unforeseen circumstances can happen at any time while using the computer: it can turn off due to a power cut, a Blue Screen of Death (BSoD) can occur, or random Windows updates can decide to reboot the machine when you went away for a few minutes. As a result, your schoolwork, important documents, and other data might be lost.

Additionally, you might also be attacked by malware that can corrupt your Windows or encrypt files with a robust encryption algorithm, and ask for a ransom in Bitcoin for the decryption tool. Cybercriminals might not deliver what they promised, however, so it is better to attempt alternative file recovery methods that could help you to retrieve at least some portion of the lost data.

Data recovery software is one of the options that could help you recover your files. Once you delete a file, it does not vanish into thin air – it remains on your system as long as no new data is written on top of it. Data Recovery Pro is recovery software that searchers for working copies of deleted files within your hard drive. By using the tool, you can prevent loss of valuable documents, school work, personal pictures, and other crucial files.

About the author
Ugnius Kiguolis
Ugnius Kiguolis - The problem solver

Ugnius Kiguolis is the founder and editor-in-chief of UGetFix. He is a professional security specialist and malware analyst who has been working in IT industry for over 20 years.

Contact Ugnius Kiguolis
About the company Esolutions

Your opinion regarding Microsoft Edge the least vulnerable web browser? Not for long. Windows Built-in PDF reader found exposing Edge to hacking