Microsoft’s Patch Tuesday Delay Results in IE Flaw Disclosure by Google

February 27, 2017
By Marcos Colon

The tech giant failed to meet the Google Project Zero team 90-day disclosure deadline, which resulted in the disclosure of an unpatched Internet Explorer vulnerability; the second flaw disclosed by the team since the company’s Patch Tuesday delay.

Researchers at Google have shared that the disclosed vulnerability is a type confusion flaw that impacts Microsoft Edge and Internet Explorer, potentially giving remote attackers the ability to executive arbitrary code. Google Project Zero previously disclosed a memory disclosure vulnerability in Windows’ GDI library on Feb. 14, the day Microsoft announced its security release delay.

Microsoft blamed its February delay on “a last-minute issue that could impact some customers and was not resolved in time for our planned updates.”

prestitial ad