Skip to main content
  1. Home
  2. Computing
  3. Web
  4. News

Google’s Project Zero publishes another Microsoft vulnerability

Mark Coppock
By

A pair of hands on a laptop keyboard with two displays.
Google’s Project Zero is the company’s initiative to identify and eventually publicize security vulnerabilities in software and systems, with the express purpose of compelling developers to fix them. Project Zero staff notify developers about “zero-day” bugs, or those that a developer is not aware of and can be exploited, and the team then gives that vendor 90 days to fix it before it’s publicized.

Microsoft has been at the receiving end of a few of Project Zero’s efforts, raising some questions as to whether Google’s team of white hat hackers is acting irresponsibly by revealing bugs that a developer simply hasn’t had time to fix. The most recent Microsoft zero-day bug is one involving the company’s Internet Explorer and Edge browsers, as MSPU reports.

The bug, which causes browser crashes and allows nefarious parties to execute arbitrary code, was identified by Project Zero on November 25, 2016 and then published on February 23, 2017. At that time, Microsoft had already cancelled its Patch Tuesday release of bug fixes for Windows operating systems for February 2017, pushing it off until a month later — leaving systems vulnerable to this and other bugs right as Google has notified the world of the bug’s existence.

According to the Project Zero team, exploiting the vulnerability appears to be a relatively trivial task, requiring only 17 lines of HTML code. The details are meaningful mainly to developers and those who would exploit the code, but it basically involves modifying table properties. The post does not indicate precisely which versions of Internet Explorer and Edge running on which Windows operating systems are affected.

The net result is that hackers now have all of the information they need to attack vulnerable systems. Until Microsoft issues a bug fix, which could come in the next Patch Tuesday in March 2017, there’s not much users can do to avoid the bug. As MSPU points out, you can utilize or create a separate admin account on your Windows machine and then use it to make sure your primary account is running at a limited security level. That would take away much of the damage that browsers could wreak on a system, but of course could also impact how other applications function.

Editors' Recommendations

This new Windows 11 feature will help you protect your passwords
A man sits, using a laptop running the Windows 11 operating system.
Hackers may be hiding in plain sight on your favorite website
A depiction of a hacked computer sitting in an office full of PCs.
Malwarebytes resolves error that was blocking Google this morning
malwarebytes shows av firms failing customers keyboard virus mem2
This beloved TikTok hashtag just got its own app feature
The TikTok app on a smartphone's screen. The smartphone is sitting on a white table.
The HP Pavilion laptop is only $500 with this limited-time deal
Front angle of the HP Pavilion 15-inch laptop against a white background.
This 11-inch Chromebook from HP is only $98 at Walmart today
Woman sits at desk using a HP 11.6-inch Chromebook.
This HP Omen gaming PC with RTX 3070 is $500 cheaper today
The HP OMEN 40L desktop gaming PC against a white background.
This dangerous vulnerability tricks researchers by mimicking old threats
norton 360 deluxe with lifelock deal best buy december 2021 shutterstock antivirus
GPU prices and availability (October 2022): How much are GPUs today?
An AMD Radeon RX 6500XT placed on a motherboard.
Best Microsoft Surface Laptop deals: Prices from $490
A woman using the Microsoft Surface Laptop 4 while sitting on a block.
The best external hard drives for 2022
Seagate Backup Plus Ultra Slim 2TB HD box.
The best Chromebooks for 2022: great choices at every price point
Close up of the Chrome logo on the top of a Chromebook.
It turns out AMD isn’t cutting GPU prices after all
AMD RX 6950 XT graphics card on a pink background.