A Microsoft Edge feature may threaten Internet Explorer’s security
Spoiler, the secret is the capability and group SIDs for the « Microsoft. MicrosoftEdge_8wekyb3d8bbwe » package:-) This seems par for the course with Edge, adding backdoors all over the place. Wonder if this approach will apply to Edgium? /cc @ericlaw https://t.co/lu78M7N0qO
It has been nearly a week since security researcher John Page reported that he had found an Internet Explorer XML eXternal Entity (XXE) vulnerability. A new layer of this vulnerability has been recently discovered and the implications are far more serious. A Microsoft Edge feature may threaten Internet Explorer’s security. The vulnerability is a XML eXternal Entity or XXE attack. The attack occurs when an XML parser processes an XML input that includes a reference to an external entity. This type of attack could lead to the unwanted disclosure of sensitive information and a slew of other issues. In Page’s demonstration, he opened a malicious MHL file with a file manager. Internet Explorer automatically uploaded several files to a remote server.
