The tech giant failed to meet the Google Project Zero team 90-day disclosure deadline, which resulted in the disclosure of an unpatched Internet Explorer vulnerability; the second flaw disclosed by the team since the company’s Patch Tuesday delay.
Researchers at Google have shared that the disclosed vulnerability is a type confusion flaw that impacts Microsoft Edge and Internet Explorer, potentially giving remote attackers the ability to executive arbitrary code. Google Project Zero previously disclosed a memory disclosure vulnerability in Windows’ GDI library on Feb. 14, the day Microsoft announced its security release delay.
Microsoft blamed its February delay on “a last-minute issue that could impact some customers and was not resolved in time for our planned updates.”