Microsoft Edge was one of the highlights of Windows 10. It was one of the features that brought a difference between the new OS and previous Windows editions. Microsoft believes that it is a browser that’s faster and safer than the discontinued Internet Explorer. Hackers in South Korea proved that although it might be safer, it’s still not 100% fool proof.
This happened in the 2016 PwnFest where hackers try to hack into software and devices to see if there are any security vulnerabilities. They do this by trying to find and exploit any vulnerabilities in the technology used.
Microsoft Edge, which is the biggest new guy in the world of Windows desktop internet browsers was among the victims in this year’s festival. The browser is praised for impressive page loading speeds and conserving battery power when streaming HD video.
It also comes with a cool feature that allows you to make notes or drawings directly on web pages and share them instantly. You can also use One Note to save them locally for future reference. This browser also integrates nicely with Cortana, Microsoft’s new virtual assistant made for Windows 10.
Despite all these cool features that make the concept look fully thought through, hackers were able to find a loophole in its security. They used system level remote code execution in the web browser. It was running on a computer with the 64-bit edition of Windows 10 Anniversary Edition.
The two successful hackers are researchers from a team of hackers known as Qihoo 360 and a security researcher from South Korea known as Jung Hoon. They gave two methods that took advantage of the security vulnerabilities.
The most incredible thing is that Microsoft Edge gave way in just 18 seconds. Microsoft had previously released a patch that removed 3 vulnerabilities before the festival, leaving the hackers with very limited options.
They however, managed to rework the attack and still managed to get access. According to The Register, both hackers received $140,000 for exposing the vulnerabilities.
The new Google Pixel phone, Adobe Flash and VMware Workstation also took a hit in this conference. Details of the hacks will be released to the public after the concerned vendors have been notified and a solution found for removing the vulnerabilities.