Proof-of-concept code published for Microsoft Edge remote code execution bug by Catalin Cimpanu.
From the post:
…
The proof-of-concept (PoC) code is for a Microsoft Edge vulnerability —CVE-2018-8495— that Microsoft patched this week, part of its October 2018 Patch Tuesday.The vulnerability was discovered by Kuwaiti security researcher Abdulrahman Al-Qabandi, who reported his findings to Microsoft via Trend Micro’s Zero-Day Initiative program.
Today, after making sure Microsoft had rolled out a fix, Al-Qabandi published in-depth details about the Edge vulnerability on his blog.
…
Such PoCs are usually quite complex, but Al-Qabandi’s code is only HTML and JavaScript, meaning it could be be hosted on any website.
…
When was the last time you heard of North Korean, Russian or Chinese security researchers (sounds classier than “hackers”) reporting a zero-day exploit to a vendor?
Same here.
Consider the opportunities presented by an HTML and Javascript zero-day with regard to governments, military installations and/or corporate entities.
All of those lost by the use of a zero-day submission process and issuance of a patch by Microsoft.
Follow your own conscience but remember, none of the aforementioned are on your side. Why should you be on theirs?