Microsoft Edge Multiple Vulnerabilities
RISK: Extremely High Risk
TYPE: Clients - Browsers
Multiple vulnerabilities were identified in Microsoft Edge, a remote attacker could exploit some of these vulnerabilities to trigger denial of service, remote code execution and security restriction bypass on the targeted system.
HKCERT is aware of these vulnerabilities have been reported publicly that they are being exploited in the wild, and encourages users and administrators to review the security update pages for the affected products and apply the related updates as soon as possible.
Note:
CVE-2021-38000 and CVE-2021-38003 are being exploited in the wild.
Impact
- Denial of Service
- Remote Code Execution
- Security Restriction Bypass
System / Technologies affected
- Microsoft Edge prior to 95.0.1020.40
Solutions
Before installation of the software, please visit the software vendor web-site for more details.
Apply fixes issued by the vendor:
- Update to version 95.0.1020.40
Vulnerability Identifier
Source
Related Link
- https://msrc.microsoft.com/update-guide
- https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37997
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37998
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37999
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38000
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38001
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38002
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38003
Related Tags
Share with