Google has again publically revealed the unpatched vulnerabilities in Microsoft products for second time and this time it is associated with Edge and IE. Interestingly, they have published vulnerabilities about the Windows GDI (Graphics Device Interface) components few days back. Till now, the bug remained unpatched as Microsoft didn’t reveal their February’s Patch Tuesday security updates due to last minute issue.
The bug has been discovered under the Google research named as “Product Zero”. It has been tracked by CVE-2017-0037 identifier. Google has given the description “Type confusion in HandleColumnBreakOnColumnSpanningElement” and this bug has potential for allowing cyber-criminals to execute highly malicious malware code. It is notable that Google has notified this problem to Microsoft 90 days ago but the company didn’t able to fix the bug so Google released the problem publically. All the details about CVE-2017-0037 are put on “Google Bug Report”. This bug can continuously crash the browser and cyber-criminals could take advantage to bring highly malicious exploits. This malicious exploits has been reportedly found in 32-bit and 64-bit version of IE as well as Microsoft Edge. Microsoft has not commented on this issue or put their views but they have definitely pushed their scheduled patch for February to probably March first week.