A Wellington-based ICT security company, Security-Assessment.com, has uncovered vulnerabilities in the Microsoft Edge and Internet Explorer browsers which can allow attackers to obtain sensitive information and potentially run malicious code on victim machines.
“The ability for an attacker to run malicious code on a victim’s machine could have dramatic and severely damaging impact for both organisations and individuals,” says Security-Assessment.com Practice Lead Phil Doole.
The vulnerabilities, which affect Microsoft Edge and Internet Explorer browsers, were discovered in May by Security-Assessment.com Principal Consultant Scott Bell and were reported to Microsoft immediately.
Bell, who has reported numerous vulnerabilities to Microsoft in the past says, “Security-Assessment.com follows responsible disclosure guidelines. This means alerting the vendor to the vulnerabilities immediately and not releasing information about the vulnerabilities until they are fixed. This is to prevent malicious actors from actively exploiting the vulnerabilities”.
Microsoft released a patch for these vulnerabilities in May, based on the information it received from Security-Assessment.com. Security-Assessment.com is urging all users of the affected software to update with the appropriate patches immediately.
Owned by Dimension Data, Security-Assessment.com was the first ethical hacking security company in New Zealand and regularly performs research into software, solutions and hardware used by organizations. They have developed their own in-house, proprietary methodologies to discover vulnerabilities that can negatively impact businesses and recommend remediation.