Microsoft Edge browser-explosive high-risk vulnerabilities, controlled by computer-executable any command-vulnerability warning-the black bar safety net

10 on 12 May, security researchers released a Windows Shell REC（ CVE-2018-8495), the vulnerability proof of concept code, the affected software for Windows 10 built-in Microsoft Edge, the attacker can use the code through the Microsoft Edge browser on the remote computer to run malicious code.
It is understood that the vulnerability is due to the Windows Shell handles URI, unfiltered special URI, such as pulling up the script for the Windows Script Host URI for wshfile, the cause of the RCE.
! [](/Article/UploadPic/2018-10/20181013192510850. jpg? www. myhack58. com)
! [](/Article/UploadPic/2018-10/20181013192510663. jpg? www. myhack58. com)
When the structure contains a special URI of the page, to induce the user to open the tap, it will pop up the following window, this time the default focus is ok button, only the user press again the enter key, it will pull up the script to execute arbitrary commands.
The vulnerability is in the 10 month 9 day exposure, the levels belonging to the“high-risk”is. Currently, Microsoft has released a repair patch. The user can click onhereas soon as possible repair.