Earlier today, we reported that there are currently 3 unpatched vulnerabilities in the Microsoft Edge browser. These vulnerabilities can be used to steal passwords and other data stored in cookies.
Following the reports, we reached out to Microsoft for comment, to which a spokesperson for the company responded:
Windows has a customer commitment to investigate reported security issues, and proactively update impacted devices as soon as possible. Our standard policy is to provide solutions via our current Update Tuesday schedule. We encourage customers to practice safe computing habits online, including exercising caution when clicking on links and opening unknown files and not downloading content from untrusted sources to avoid this type of issue.
Further to the above comment, we can also confirm that Microsoft’s Security Response team is aware of the reports. While the company has not stated when fixes may be available, the above statement suggests that when fixes are available, the company will roll them out in the usual Update Tuesday fixes, rather than earlier. This is despite recently being applauded for its quick response to an exploit report by a Google security researcher earlier this week.Further reading: Microsoft, Microsoft Edge, Security, Windows 10