Skip to main content
  1. Home
  2. Computing
  3. Web
  4. News

Google’s Project Zero publishes another Microsoft vulnerability

By
Add as a preferred source on Google

Google’s Project Zero is the company’s initiative to identify and eventually publicize security vulnerabilities in software and systems, with the express purpose of compelling developers to fix them. Project Zero staff notify developers about “zero-day” bugs, or those that a developer is not aware of and can be exploited, and the team then gives that vendor 90 days to fix it before it’s publicized.

Microsoft has been at the receiving end of a few of Project Zero’s efforts, raising some questions as to whether Google’s team of white hat hackers is acting irresponsibly by revealing bugs that a developer simply hasn’t had time to fix. The most recent Microsoft zero-day bug is one involving the company’s Internet Explorer and Edge browsers, as MSPU reports.

Recommended Videos

The bug, which causes browser crashes and allows nefarious parties to execute arbitrary code, was identified by Project Zero on November 25, 2016 and then published on February 23, 2017. At that time, Microsoft had already cancelled its Patch Tuesday release of bug fixes for Windows operating systems for February 2017, pushing it off until a month later — leaving systems vulnerable to this and other bugs right as Google has notified the world of the bug’s existence.

According to the Project Zero team, exploiting the vulnerability appears to be a relatively trivial task, requiring only 17 lines of HTML code. The details are meaningful mainly to developers and those who would exploit the code, but it basically involves modifying table properties. The post does not indicate precisely which versions of Internet Explorer and Edge running on which Windows operating systems are affected.

The net result is that hackers now have all of the information they need to attack vulnerable systems. Until Microsoft issues a bug fix, which could come in the next Patch Tuesday in March 2017, there’s not much users can do to avoid the bug. As MSPU points out, you can utilize or create a separate admin account on your Windows machine and then use it to make sure your primary account is running at a limited security level. That would take away much of the damage that browsers could wreak on a system, but of course could also impact how other applications function.

Mark Coppock
Mark Coppock
Former Computing Writer
Mark Coppock is a Freelance Writer at Digital Trends covering primarily laptop and other computing technologies. He has…
Topics
Windows 11’s modern Media Player is somehow worse than the version from 17 years ago
The modern Media Player for Windows 11 is slower and heavier than the classic version
Windows 11 media player user interface

Microsoft has released a new Insider Preview update for the modern Windows 11 Media Player. However, the app is facing criticism after tests revealed it uses more memory and opens local video files more slowly than the classic 17-year-old Windows Media Player.

The update adds some useful fixes, including better captions, clearer codec errors, and improved file recognition. But the biggest complaints remain higher RAM usage and paid codec support for some common video formats. The update is not available to everyone yet. Media Player version 11.2605.14.0 has only arrived on Experimental Insider builds as part of Microsoft’s June 12 Insider Preview releases.

Read more
If you have a Mac, you should try this free and beautifully-designed disk space tool
Radix is a free open-source alternative to paid Mac disk analyzers
File, Electronics, Mobile Phone

Running out of storage on a Mac is common, but Apple’s built-in storage tools are not always great at showing what is actually taking up space. You usually get broad categories, but finding the exact folders, downloads, app files, or old projects causing the problem can still take some work.

Radix is a free, open-source Mac app that tries to make that process clearer. It is a disk space analyzer that scans a folder, drive, or volume and displays the results in an interactive sunburst chart. Rather than digging through folders manually, you get a visual overview of how storage is being used across your drive.

Read more
This free Mac app puts stunning glassy widgets on your lock screen
WidgetScreen brings weather, calendar, battery, and music widgets to your Mac lock screen
Aquatic, Water, Animal

The Mac lock screen has always felt a little underused. You see the time, your wallpaper, and not much else. macOS already supports desktop widgets, but once your Mac is locked, that extra information disappears.

WidgetScreen is trying to fix that in a pretty simple way. The free Mac app, made by UK computer science student Sam Cook, adds glassy widgets to the lock screen so you can quickly check things like the weather, clock, calendar, battery, music playback, countdowns, and system information.

Read more