A Wellington-based ICT security company, Security-Assessment.com, has uncovered vulnerabilities in the Microsoft Edge
and Internet Explorer browsers which can allow attackers to obtain sensitive information and potentially run malicious
code on victim machines.
“The ability for an attacker to run malicious code on a victim’s machine could have dramatic and severely damaging
impact for both organisations and individuals,” says Security-Assessment.com Practice Lead Phil Doole.
The vulnerabilities, which affect Microsoft Edge and Internet Explorer browsers, were discovered in May by
Security-Assessment.com Principal Consultant Scott Bell and were reported to Microsoft immediately.
Bell, who has reported numerous vulnerabilities to Microsoft in the past says, “Security-Assessment.com follows
responsible disclosure guidelines. This means alerting the vendor to the vulnerabilities immediately and not releasing
information about the vulnerabilities until they are fixed. This is to prevent malicious actors from actively exploiting
the vulnerabilities”.
Microsoft released a patch for these vulnerabilities in May, based on the information it received from
Security-Assessment.com. Security-Assessment.com is urging all users of the affected software to update with the
appropriate patches immediately.
Owned by Dimension Data, Security-Assessment.com was the first ethical hacking security company in New Zealand and
regularly performs research into software, solutions and hardware used by organizations. They have developed their own
in-house, proprietary methodologies to discover vulnerabilities that can negatively impact businesses and recommend
remediation.
About Security-Assessment.com
Security-Assessment.com provides independent security advisory, assessment and assurance services to help organisations
establish and maintain a secure environment. Security-Assessment.com has been involved in a number of effective
enterprise security strategies which have enabled clients to address their security and compliance requirements.
Security-Assessment.com is a wholly owned subsidiary of Dimension Data. More information can be found at www.security-assessment.com
ENDS