Google Project Zero disclosed Monday a high severity vulnerability it found in Microsoft s Edge and Internet Explorer browsers that could allow remote attackers to execute arbitrary code. Microsoft skipped its regular Patch Tuesday release of security bulletins earlier this month. The next scheduled Patch Tuesday is March 14. The vulnerability (CVE-2017-0037) is tied to a type confusion vulnerability in HandleColumnBreakOnColumnSpanningElement a parameter used in website tables. Microsoft has also left two other publicly disclosed vulnerabilities unpatched.
Source: https://threatpost.com/google-discloses-another-high-severity-microsoft-bug/123934/