window-edge

What the Microsoft Edge Vulnerability Can Teach Us About Cyber Security

SHARE

End users continue to reap the benefits of stiff competition in Silicon Valley. A vulnerability in the Microsoft Edge web browser was recently uncovered by none other than Google employee, Jake Archibald.

As he recounts in a June 20th blog post, Archibald uncovered a bug in Microsoft Edge that allows malicious websites to retrieve data from other websites. So what does this mean for Edge users?

Peering over the Edge

“It means you could visit my [proof-of-concept] site in Edge, and I could read your emails, I could read your Facebook feed, all without you knowing,” Archibald explains.

Archibald attributes this phenomenon, which he dubs the “Wavethrough” vulnerability, to a flaw in Microsoft Edge’s Cross-Origin Resource Sharing (CORS) feature. When functioning as intended, the CORS feature prevents websites from loading resources from other sites. But in Microsoft Edge, this configuration does not issue a CORS request for the receiving malicious site. This allows the attacking site to load and retrieve content from random domains—potentially exposing a user’s most sensitive and private data.

A teachable moment

It may be surprising to learn that Microsoft—arbiter and, arguably, inventor of cyber security—could overlook such a critical flaw in its product’s code. But Archibald maintains that the oversight is no rookie mistake. He admits that an earlier incarnation of Google’s Chrome web browser suffered from a similar hole.

The discovery of Edge’s Wavethrough vulnerability is the latest example of a cyber landscape in which any and all weakness can and will be exploited by attackers. Incidents such as these highlight the importance of a comprehensive cyber security system.

The foundation of any cyber security system is up-to-date software. In the case of Edge, Microsoft acknowledged the Wavethrough vulnerability and released a patch as part of its June 2018 Patch Tuesday updates. Edge and Firefox users are encouraged to update their browsers to guard against the bug.

Other popular web browsers like Google Chrome and Safari aren’t affected. However, in general, all end users should make a habit of updating their software as patches become available. Studies indicate that 70-80% of the ten most common malware strains are unable to infiltrate up-to-date software, so a little caution goes a long way.

Of course, two forms of protection are better than one. eMazzanti offers 24/7 IT monitoring, comprehensive endpoint security solutions, and other products and services designed to stop cyber threats well before they reach the web browser. To find out more, contact our cyber security experts today.

UPCOMING VIRTUAL EVENTS

Demystifying Cyber Security for SMBs

sb-cyber-security-master-class

The continually changing threat landscape requires us to update best practices and add new concepts to keep your organization safe.

SESSION 4: Cyber Security Strategy
Watch On-Demand

SESSION 5: Cyber Insurance & MFA
Watch On-Demand

SESSION 6: Threat Detection | JAN. 15

Microsoft Copilot
Master Class Workshop

sb-microsoft-copilot-master-class

eMazzanti will host 60-minute Master Classes, that speak to how AI can help your business streamline and grow.

In each session, you will have Artificial Intelligence and Automation explained, view a live demo of Copilot, and see it live in action in a dynamic format.

RESOURCES

Cyber Security Awareness Hub

sb-Cyber-Security-Awareness-Hub

Cyber Security Awareness Kit, designed to be delivered to your team in bitesize chunks.

We are sharing the resources and highlighting services your organization needs, covering everything from multifactor authentication to software updates, showing your users just how easy it is to improve their security posture.

Resource Library

sb-resource-library

Insights to help you do what you do better, faster and more profitably.

> Tips to Stay Protected Against Phishing Attacks

> Understanding Ransomware 

> The 6 Known Wi-Fi Threat Categories Targeting Your Business and How to Defend Against Them

> Practical Advice for Avoiding Phishing Emails

Recent Articles

NEWSLETTER

Categories