Number: IRCNE2015082622
Date: 2015/09/18
According to “computerworld”, released a little over a month ago, Microsoft's new Edge browser has gotten its first set of critical security patches.
As part of its monthly round of security fixes, colloquially known as Patch Tuesday, Microsoft released a critical bulletin, MS15-05, with four patches covering vulnerabilities in the Windows 10-only Edge browser.
Overall this month, Microsoft issued 12 bulletins covering 56 vulnerabilities. Five bulletins were deemed as critical, meaning they should be addressed as soon as possible.
Microsoft built Edge as the next generation browser for Windows, one designed to replace Internet Explorer over time.
All the Edge vulnerabilities Microsoft disclosed this month were also found in Internet Explorer, which was covered by MS15-094, pointed out Wolfgang Kandek, chief technology officer for IT security firm Qualys.
"Someone could attack you, whether you have either Internet Explorer or Edge, using a specially crafted Web page," Kandek said.
The duplicates show the code overlap between Edge and IE, indicating that the engineering team developing Edge used at least part of the code base for IE, Kandek said.
But the fact that Edge had fewer vulnerabilities this month than IE, which had 17, shows that Microsoft's engineering effort in building a more secure browser seems to be paying off, Kandek said.
It also shows how difficult it is to write software that is error-free and immune to attackers, he said.
Because Windows 10 hasn't been widely installed in the enterprise yet, reviewing the Edge bulletin may not be the top priority on administrators' to-do lists.
- 7