Stories
Slash Boxes
Comments

SoylentNews is people

What Website Are You Really on? Edge Zero-Day Leaves Windows Users With No Clue

posted by chromas on Thursday May 03 2018, @09:50PM   Printer-friendly
from the running-windows—I-mean-javascript—I-mean-malware dept.

fyngyrz writes:

From The Daily Swig:

A serious vulnerability in the latest version of Microsoft Edge [a Windows web browser ed] enables attackers to spoof URLs with just five lines of code. The flaw, discovered by Argentine researcher Manuel Caballero, can make a malicious website appear to be legitimate through the use of the Stop() command, which interrupts the page loading process. With the target URL still appearing in the address bar, the document.write() JavaScript command can then be used to overwrite the contents of the page.

[...] With this bug, probably the only truly safe way reach any website using Edge is to open a new tab and type the URL by hand, or access it through your bookmarks.

This vulnerability appeared in a recent "security" update from Microsoft; users of Edge might want to investigate what version they are using.

Original Submission

 
This discussion has been archived. No new comments can be posted.
What Website Are You Really on? Edge Zero-Day Leaves Windows Users With No Clue | Log In/Create an Account | Top | 41 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by black6host on Thursday May 03 2018, @11:00PM (3 children)

    by black6host (3827) on Thursday May 03 2018, @11:00PM (#675380) Journal

    Microsoft strives to make it's users happy. It provides all kinds of time saving code in an effort to make every user's day as easy as possible. I mean really, think of it. Happy malware writers can knock off early having completed their tasks in record time! Yay!!!!!

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 2) by takyon on Thursday May 03 2018, @11:18PM (2 children)

    by takyon (881) <takyonNO@SPAMsoylentnews.org> on Thursday May 03 2018, @11:18PM (#675386) Journal

    If malware writers are the users, then who's using the browser... the products! The products are being used by the browser!

    So I guess the true test here is to see who can get access to updates. Are there some Windows 10 users who won't quality for support much longer?

    --
    [SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]

    • (Score: 0) by Anonymous Coward on Friday May 04 2018, @09:41AM (1 child)

      by Anonymous Coward on Friday May 04 2018, @09:41AM (#675555)

      I thought the whole idea behind Windows 10 is that support would be infinitely forthcoming.... well as long as Microsoft as a corporation remains viable.

      But, in exchange, you give up control of your machine to Microsoft. Kinda like giving up your car to some corporation, then asking them nicely if you can drive it somewhere - they will know where you went and every detail of your trip.

      In addition, you agree to pay whatever they may bill you for in the future, or forfeit your car.

      You will also agree its ok if they later start sending you ads, and your car may not run until you acknowledge them. Using your computer will likely become just like trying to watch a show on TV. If some bastard can buy a five minute ad - about the best you can do is eat your lunch, shave, pee, or whatever, because that business has paid for the time to annoy you, and there ain't much you can do about it.

      • (Score: 2) by takyon on Friday May 04 2018, @12:03PM

        by takyon (881) <takyonNO@SPAMsoylentnews.org> on Friday May 04 2018, @12:03PM (#675606) Journal

        I thought the whole idea behind Windows 10 is that support would be infinitely forthcoming.... well as long as Microsoft as a corporation remains viable.

        I remember. And maybe it's feasible. But I don't think they will hold to that, or that most computer users care or know about the promise(s).

        Old hardware will still be kicked to the curb eventually, and the OS itself could undergo major UI changes without the version number being bumped up:

        https://en.wikipedia.org/wiki/Windows_10#Updates_and_support [wikipedia.org]

        Microsoft's support lifecycle policy for the operating system notes that "Updates are cumulative, with each update built upon all of the updates that preceded it", that "a device needs to install the latest update to remain supported", and that a device's ability to receive future updates will depend on hardware compatibility, driver availability, and whether the device is within the OEM's "support period"‍—‌a new aspect not accounted for in lifecycle policies for previous versions. This policy was first invoked in 2017 to block Intel Clover Trail devices from receiving the Creators Update, as Microsoft asserts that future updates "require additional hardware support to provide the best possible experience", and that Intel no longer provided support or drivers for the platform. Microsoft stated that these devices would no longer receive feature updates, but would still receive security updates through January 2023.

        --
        [SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]