An IBM security researcher has discovered a major security flaw in Microsoft´s Edge browser. Using drive-by-attack techniques attackers can execute malicious code in a similar way than how it´s usually done with malicious Flash, Java or Silverlight plugins.
The culprit of the security flaw is Windows 10´s built-in PDF Renderer library WinRT PDF which allows developers to easily integrate PDF viewing features inside their apps.
According to Mark Vincent Yason, security researcher in IBM's X-Force Advanced Research team an attacker can contain a WinRT PDF exploit within a PDF file, which could be secretly opened using of screen iframes built with CSS.
In a drive-by-attack, the attacker could use any vulnerabilities in WinRT and not Edge itself to leverage and distribute his malware.
He adds however that as Windows 10 implemented former EMET features like ASLR protection and Control Flow Guard, such exploits would be time consuming and therefore costly.
Mark Vincent Yason is scheduled to offer an in-depth presentation of this attack scenario at this year's RSA security conference in San Francisco.
SOURCE: Security Intelligence