Google’s Project Zero publishes another Microsoft vulnerability

google project zero publishes microsoft browser day bug hacker keyboard dark room
Google’s Project Zero is the company’s initiative to identify and eventually publicize security vulnerabilities in software and systems, with the express purpose of compelling developers to fix them. Project Zero staff notify developers about “zero-day” bugs, or those that a developer is not aware of and can be exploited, and the team then gives that vendor 90 days to fix it before it’s publicized.

Microsoft has been at the receiving end of a few of Project Zero’s efforts, raising some questions as to whether Google’s team of white hat hackers is acting irresponsibly by revealing bugs that a developer simply hasn’t had time to fix. The most recent Microsoft zero-day bug is one involving the company’s Internet Explorer and Edge browsers, as MSPU reports.

The bug, which causes browser crashes and allows nefarious parties to execute arbitrary code, was identified by Project Zero on November 25, 2016 and then published on February 23, 2017. At that time, Microsoft had already cancelled its Patch Tuesday release of bug fixes for Windows operating systems for February 2017, pushing it off until a month later — leaving systems vulnerable to this and other bugs right as Google has notified the world of the bug’s existence.

According to the Project Zero team, exploiting the vulnerability appears to be a relatively trivial task, requiring only 17 lines of HTML code. The details are meaningful mainly to developers and those who would exploit the code, but it basically involves modifying table properties. The post does not indicate precisely which versions of Internet Explorer and Edge running on which Windows operating systems are affected.

The net result is that hackers now have all of the information they need to attack vulnerable systems. Until Microsoft issues a bug fix, which could come in the next Patch Tuesday in March 2017, there’s not much users can do to avoid the bug. As MSPU points out, you can utilize or create a separate admin account on your Windows machine and then use it to make sure your primary account is running at a limited security level. That would take away much of the damage that browsers could wreak on a system, but of course could also impact how other applications function.


Could the next Microsoft HoloLens be announced at MWC 2019?

After not having a presence at Mobile World Congress for three years, Microsoft is now sending out media invites for a press conference on February 24 during the annual event in Barcelona. Could a next-generation HoloLens be on the way?

Microsoft CEO says Project xCloud is the ‘Netflix for games’

Microsoft CEO Satya Nadella referred to the company's Project xCloud game streaming service as "Netflix for games." The service will let users play Xbox and PC games on a variety of devices.

An update to Microsoft To-Do will help you keep up with your resolutions

If you're looking to stay productive in 2019, you might want to check out the freshly updated Microsoft To-Do app, now with additional integration with the Windows 10 Start Menu and more.

Microsoft will end support for Windows 7 one year from now

Microsoft is set to end extended support for Windows 7 on January 14, 2020, putting a halt on the free bug fixes, and security patches for most who have the operating system installed. 

Data breach compromises 773 million records, 21 million passwords

A security researcher was alerted to a collection of breached data that included more than 773 million compromised records. After digging deeper, the breach was revealed to contain more than 21 million passwords.

Dell teases new XPS laptop with Intel’s 10th-gen Ice Lake for summer 2019

After teasing a mysterious Ice Lake-powered XPS laptop during Intel's keynote, Dell confirmed that it will announce a new 10th-generation Ice Lake-powered XPS laptop this year. The new XPS notebook could debut as early as summer.

Faster new PCIe 5.0 standard leapfrogs the best feature of AMD’s Ryzen 3

PCIe 5.0 will bring even faster data transfers, but it may only be found on HPCs and servers initially. The standard is four times faster than your current PC at transferring data, and new devices could appear later this year.

From Chromebooks to MacBooks, here are the best laptop deals for January 2019

Whether you need a new laptop for school or work or you're just doing some post-holiday shopping, we've got you covered: These are the best laptop deals going right now, from discounted MacBooks to on-the-go gaming PCs.

Keep your laptop battery in tip-top condition with these handy tips

Learn how to care for your laptop's battery, how it works, and what you can do to make sure yours last for years and retains its charge. Check out our handy guide for valuable tips, no matter what type of laptop you have.

Protect your expensive new laptop with the best Macbook cases

If you recently picked up a new MacBook, you’ll want something to protect its gorgeous exterior. Here, we've gathered the best MacBook cases and covers, whether you're looking for style or protection.

Watch out for these top-10 mistakes people make when buying a laptop

Buying a new laptop is exciting, but you need to watch your footing. There are a number of pitfalls you need to avoid and we're here to help. Check out these top-10 laptop buying mistakes and how to avoid them.

Don't spend a fortune on a PC. These are the best laptops under $300

Buying a laptop needn't mean spending a fortune. If you're just looking to browse the internet, answer emails, and watch Netflix, you can pick up a great laptop at a great price. These are the best laptops under $300.

Dell XPS 13 vs. Asus Zenbook 13: In battle of champions, who will be the victor?

The ZenBook 13 UX333 continues Asus's tradition of offering great budget-oriented 13-inch laptop offerings. Does this affordable machine offer enough value to compete with the excellent Dell XPS 13?
Product Review

LG Gram 14 proves 2-in-1 laptops don’t need to sacrifice battery for light weight

The LG Gram 14 2-in-1 aims to be very light for a laptop that converts to a tablet. And it is. But it doesn’t skimp on the battery, and so it lasts a very long time on a charge.