Pankaj Thakur, an ethical hacker from Nepal, has been rewarded USD 40,000 for reporting a bug in Microsoft’s native web browser. He discovered a Remote Code Execution (RCE) vulnerability in the Microsoft Edge browser. And it’s not the first time – Thakur has previously received bounties from Apple, Google, BBC, BMW, and others for discovering bugs in their platforms.
Microsoft Edge RCE vulnerability:
Pankaj, who earned his cybersecurity degree in Hyderabad, is passionate about RCE. After three hours of relentless work, he was eventually able to discover the Render Process RCE vulnerability in the Edge browser.
He says, “We often use Edge browser in Windows. Through this, I was able to access the Windows system event log or Shell. I started writing commands after having accessed someone else’s Shell. The results began to appear on my screen. This (particular bug) would have allowed hackers to access any data saved in the Edge browser, so I reported it”.
What is RCE?
Remote code execution (RCE) is a type of software security flaw/vulnerability. RCE flaws allow a malicious actor to execute whatever code they want on a remote system over LAN, WAN, or the internet. Further, it allows attackers to take over a computer or a server by running arbitrary malicious software (malware).
One of the well-known RCE Vulnerabilities is Wannacry. The ransomware affected hundreds of thousands of users worldwide in May 2017. The malware would encrypt computer files, lockout computer users, and ask for ransom payments in exchange for decryption.
As the internet continues to grow and become more accessible, the effect of RCE vulnerabilities will grow with it.
Edge Chromium Bounty
Microsoft chose to award Pankaj with USD 40,000 under the Edge Chromium Bounty program after he reported the bug. Previously, he received a USD 20,000 prize from a firm headquartered in the Netherlands.
- Meanwhile, check out our camera comparison of IQOO 7 vs Realme X7 Max vs Mi 11X.