Microsoft’s Patch Tuesday Delay Results in IE Flaw Disclosure by Google

By Marcos Colon

The tech giant failed to meet the Google Project Zero team 90-day disclosure deadline, which resulted in the disclosure of an unpatched Internet Explorer vulnerability; the second flaw disclosed by the team since the company’s Patch Tuesday delay.

Researchers at Google have shared that the disclosed vulnerability is a type confusion flaw that impacts Microsoft Edge and Internet Explorer, potentially giving remote attackers the ability to executive arbitrary code. Google Project Zero previously disclosed a memory disclosure vulnerability in Windows’ GDI library on Feb. 14, the day Microsoft announced its security release delay.

Microsoft blamed its February delay on “a last-minute issue that could impact some customers and was not resolved in time for our planned updates.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.