Microsoft’s emergency patch: What it means for IT

Microsoft put out perhaps its best advertisement for its new Edge browser yet: It has issued an emergency patch that affects every version of Internet Explorer, but not Edge. 

The patch is a fix for a vulnerability that puts users at risk if they visit an affected or hacked website. According to the accompanying security advisory:

“An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.”

In other words, when users visit these sites, the attacker has complete control of their systems.

According to at least one source, this vulnerability has already been exploited in the wild, meaning that hackers are using it against users.

What it means for IT

Of course, you should apply the update immediately. But does this attack spell trouble for Microsoft’s once-ubiquitous, much-maligned browser?

There are several security improvements in the Edge browser, chief among them that it doesn’t allow browser helper objects or toolbars. ActiveX, an often exploited deprecated software framework, is also not on the new browser.

But do these improvements make it a suitable replacement for IE … let alone the other browsers on the market?

According to Trend Labs, there could be dangers ahead because Edge supports both a subset of Java Script and the vulnerability magnet that is Adobe Flash.

Assuming that the browser is compatible with all your web apps (and that may be a big assumption), it seems like Edge could be a safe alternative to IE, perhaps on par with Chrome.

But that said, keep an eye out for future problems, and be prepared to advise users to switch to an alternative if there’s a major issue to come.

Make Smarter Tech Decisions

Get the latest IT news, trends, and insights - delivered weekly.

Privacy Policy