New privacy-focused features in Microsoft's technology, and the future of privacy for large tech conglomerates

Posted on May 8, 2019

From the likes of our Chief Research Officer, Alexander Heid.

The announcement by Microsoft that the Edge web browser is moving to the Chromium engine is quite significant, and indicates that Microsoft has embraced the concept of open source software and will likely leverage open source code in the future for additional major development projects. The shift also indicates the full retirement of the antiquated and vulnerable Internet Explorer web browser. The use of Internet Explorer by the average personal computer user has pretty much vanished, as Microsoft no longer includes the software within new versions of Windows. However, the use of Internet Explorer legacy software is still quite common within the enterprise environment as there are many older applications that require the use of IE or related plugins.

In these latest releases, Microsoft appears to have created an 'IE View Mode' whereby users of the Edge browser can interface with legacy applications that require IE browsers. This appears to be available in order to provide backwards compatibility to enterprise customers - the documentation released by Microsoft last month talks about the 'Enterprise Mode': https://docs.microsoft.com/en-us/microsoft-edge/deploy/emie-to-improve-compatibility

It will be interesting to see how the backwards comparability features play out in the wild as they relate to the use of client side browser exploits and other legacy/enterprise software client side attack vectors. While it can be presumed that many of the common exploitable vectors in IE are now gone due to the use of the Chromium engine - it is always possible (and likely) that new vulnerabilities will emerge that did not previously exist, and attack methods will evolve to make use of these new features in ways that were not intended or anticipated during development. Backwards compatibility is oftentimes a vector that allows for exploitation of 'updated' software.

For more on the topic: https://www.verdict.co.uk/microsoft-build-internet-explorer-edge/

Security Research in your Inbox

Thanks for siging up for the newsletter!

No waiting, 100% Free

Get your personalized scorecard today

Get your free scorecard and learn how you stack up across 10 risk categories. Answer a few simple questions and we'll instantly send your score to your business email.

Get Your Free Score

Get In Touch

Thank you for contacting us!

Request a Demo

Thank you for requesting a demo!