Cyber Security

What the Microsoft Edge Vulnerability Can Teach Us About Cyber Security

End users continue to reap the benefits of stiff competition in Silicon Valley. A vulnerability in the Microsoft Edge web browser was recently uncovered by none other than Google employee, Jake Archibald.

As he recounts in a June 20th blog post, Archibald uncovered a bug in Microsoft Edge that allows malicious websites to retrieve data from other websites. So what does this mean for Edge users?

Peering over the Edge

“It means you could visit my [proof-of-concept] site in Edge, and I could read your emails, I could read your Facebook feed, all without you knowing,” Archibald explains.

Archibald attributes this phenomenon, which he dubs the “Wavethrough” vulnerability, to a flaw in Microsoft Edge’s Cross-Origin Resource Sharing (CORS) feature. When functioning as intended, the CORS feature prevents websites from loading resources from other sites. But in Microsoft Edge, this configuration does not issue a CORS request for the receiving malicious site. This allows the attacking site to load and retrieve content from random domains—potentially exposing a user’s most sensitive and private data.

A teachable moment

It may be surprising to learn that Microsoft—arbiter and, arguably, inventor of cyber security—could overlook such a critical flaw in its product’s code. But Archibald maintains that the oversight is no rookie mistake. He admits that an earlier incarnation of Google’s Chrome web browser suffered from a similar hole.

The discovery of Edge’s Wavethrough vulnerability is the latest example of a cyber landscape in which any and all weakness can and will be exploited by attackers. Incidents such as these highlight the importance of a comprehensive cyber security system.

The foundation of any cyber security system is up-to-date software. In the case of Edge, Microsoft acknowledged the Wavethrough vulnerability and released a patch as part of its June 2018 Patch Tuesday updates. Edge and Firefox users are encouraged to update their browsers to guard against the bug.

Other popular web browsers like Google Chrome and Safari aren’t affected. However, in general, all end users should make a habit of updating their software as patches become available. Studies indicate that 70-80% of the ten most common malware strains are unable to infiltrate up-to-date software, so a little caution goes a long way.

Of course, two forms of protection are better than one. eMazzanti offers 24/7 IT monitoring, comprehensive endpoint security solutions, and other products and services designed to stop cyber threats well before they reach the web browser. To find out more, contact our cyber security experts today.

Bryan Antepara

Bryan Antepara: IT Specialist Bryan Antepara is a leader in Cloud engagements with a demonstrated history of digital transformation of business processes with the user of Microsoft Technologies powered by the team of eMazzanti Technologies engineers. Bryan has a strong experience working with Office 365 cloud solutions, Business Process, Internet Information Services (IIS), Microsoft Office Suite, Exchange Online, SharePoint Online, and Customer Service. He has the ability to handle the complexity of moving data in and out of containers and cloud sessions, makes him the perfect candidate to help organizations large and small migrate to new and more efficient platforms.  Bryan is a graduate of the University of South Florida and is Microsoft Certification holder.

Recent Posts

The Executive’s Guide to Security Operations Center Models

Cyber threats never take a day off, never clock out and go home at the…

3 days ago

Introduction to Azure Services

Building, deploying, and managing applications via Microsoft's global network of data centers is easier with…

3 days ago

Introduction to Microsoft Copilot

Microsoft Copilot is a tool, powered by AI, that aims to boost your productivity within…

4 days ago

Project Management: Why is it important?

Making things happen is the art and science of project management. The process involves managing…

1 week ago

Enhancing Website Performance and User Experience Through Caching Strategies

In today's fast digital life, website performance is important, as it holds visitors and ensures…

1 week ago

Protecting Municipal Data: Security Tips for City Officials

The FBI reported that cyber attacks against government facilities saw an increase of almost 36…

1 week ago