Cyber Security

What the Microsoft Edge Vulnerability Can Teach Us About Cyber Security

End users continue to reap the benefits of stiff competition in Silicon Valley. A vulnerability in the Microsoft Edge web browser was recently uncovered by none other than Google employee, Jake Archibald.

As he recounts in a June 20th blog post, Archibald uncovered a bug in Microsoft Edge that allows malicious websites to retrieve data from other websites. So what does this mean for Edge users?

Peering over the Edge

“It means you could visit my [proof-of-concept] site in Edge, and I could read your emails, I could read your Facebook feed, all without you knowing,” Archibald explains.

Archibald attributes this phenomenon, which he dubs the “Wavethrough” vulnerability, to a flaw in Microsoft Edge’s Cross-Origin Resource Sharing (CORS) feature. When functioning as intended, the CORS feature prevents websites from loading resources from other sites. But in Microsoft Edge, this configuration does not issue a CORS request for the receiving malicious site. This allows the attacking site to load and retrieve content from random domains—potentially exposing a user’s most sensitive and private data.

A teachable moment

It may be surprising to learn that Microsoft—arbiter and, arguably, inventor of cyber security—could overlook such a critical flaw in its product’s code. But Archibald maintains that the oversight is no rookie mistake. He admits that an earlier incarnation of Google’s Chrome web browser suffered from a similar hole.

The discovery of Edge’s Wavethrough vulnerability is the latest example of a cyber landscape in which any and all weakness can and will be exploited by attackers. Incidents such as these highlight the importance of a comprehensive cyber security system.

The foundation of any cyber security system is up-to-date software. In the case of Edge, Microsoft acknowledged the Wavethrough vulnerability and released a patch as part of its June 2018 Patch Tuesday updates. Edge and Firefox users are encouraged to update their browsers to guard against the bug.

Other popular web browsers like Google Chrome and Safari aren’t affected. However, in general, all end users should make a habit of updating their software as patches become available. Studies indicate that 70-80% of the ten most common malware strains are unable to infiltrate up-to-date software, so a little caution goes a long way.

Of course, two forms of protection are better than one. eMazzanti offers 24/7 IT monitoring, comprehensive endpoint security solutions, and other products and services designed to stop cyber threats well before they reach the web browser. To find out more, contact our cyber security experts today.

Bryan Antepara

Bryan Antepara: IT Specialist Bryan Antepara is a leader in Cloud engagements with a demonstrated history of digital transformation of business processes with the user of Microsoft Technologies powered by the team of eMazzanti Technologies engineers. Bryan has a strong experience working with Office 365 cloud solutions, Business Process, Internet Information Services (IIS), Microsoft Office Suite, Exchange Online, SharePoint Online, and Customer Service. He has the ability to handle the complexity of moving data in and out of containers and cloud sessions, makes him the perfect candidate to help organizations large and small migrate to new and more efficient platforms.  Bryan is a graduate of the University of South Florida and is Microsoft Certification holder.

Recent Posts

Top 5 Collaborative Tools in Microsoft 365 Drive Productivity and Innovation

In today’s fast-paced digital landscape, businesses cannot thrive without effective collaboration. Microsoft continues its unwavering…

3 days ago

7 Essential Contact Information Tips for Email Signatures to Enhance Your Professional Image

An email signature accomplishes much more than simply telling readers who you are and how…

1 week ago

Maximizing Threat Response Efficiency with Security Copilot

Cyber security professionals work hard to safeguard companies’ information. But with criminals constantly changing their…

2 weeks ago

Why should a firm use DMARC? What is the need?

Domain-Based Message Authentication, Reporting, and Conformance (DMARC) is an e-mail security protocol designed to validate…

3 weeks ago

eCare Cloud Backup is in fashion. It’s the new you!

My job is to manage my law office’s cloud servers here at Justice Freaks.  As…

4 weeks ago

I Think I’m Dating an AI

My worst nightmare would be to date someone who isn’t who they say they are.…

4 weeks ago