Thursday, July 18, 2024

Microsoft Edge Privilege Escalation Flaw – Update Now!

Microsoft Edge has published a release note that mentioned a Privilege escalation vulnerability with the CVE ID of CVE-2023-36741 and has a CVSS Score of 8.3 (High). This vulnerability exists in the Microsoft-Edge Chromium-based versions prior to 116.0.1938.62.

An unauthorized remote attacker can exploit this vulnerability which requires the interaction of the user.

The scope of this vulnerability is beyond the vulnerable component of Microsoft Edge. There is no known exploit code available for this vulnerability.


Microsoft has not provided any additional details about this vulnerability which limits the current knowledge about this vulnerability.

However, Microsoft mentioned in their security advisory that this vulnerability affects the CIA (Confidentiality, Integrity, and Availability) of the affected application and its environment.

In addition, Tenable has released new plugins for Nessus, which users can use to detect this vulnerability. The plugin is as follows,

180197Microsoft Edge (Chromium) < 116.0.1938.62 Multiple VulnerabilitiesNessusWindowsHIGH

Source: Tenable

During the previous release notes on August 21, 2023, Microsoft patched two vulnerabilities CVE-2023-38158 & CVE-2023-36787. These vulnerabilities were information disclosure and elevation of privileges patched in the versions Microsoft Edge Stable and Extended Stable Channel (Version 116.0.1938.54).

However, in this current release note, Microsoft has patched only one Elevation of privileges vulnerability, which is the 4th patch update this month. As of the month of July, only two release notes were released.

Users of Chromium-based Microsoft Edge are recommended to upgrade to the latest version in order to fix this vulnerability and prevent exploitation.

Keep informed about the latest Cyber Security News by following us on Google NewsLinkedinTwitter, and Facebook.


Latest articles

Octo Tempest Know for Attacking VMWare ESXi Servers Added RansomHub & Qilin to Its Arsenal

Threat actors often attack VMware ESXi servers since they accommodate many virtual machines, which...

TAG-100 Actors Using Open-Source Tools To Attack Gov & Private Orgs

Hackers exploit open-source tools to execute attacks because they are readily available, well-documented, and...

macOS Users Beware Of Weaponized Meeting App From North Korean Hackers

Meeting apps are often targeted and turned into weapons by hackers as they are...

Hackers Exploiting Legitimate RMM Tools With BugSleep Malware

Since October 2023, MuddyWater, which is an Iranian threat group linked to MOIS, has...

Cybercriminals Exploit Attack on Donald Trump for Crypto Scams

Researchers at Bitdefender Labs remain ever-vigilant, informing users about the latest scams and internet...

New TE.0 HTTP Request Smuggling Flaw Impacts Google Cloud Websites

HTTP Request Smuggling is a flaw in web security that is derived from variations...

Volcano Demon Group Attacking Organizations With LukaLocker Ransomware

The Volcano Demon group has been discovered spreading a new ransomware called LukaLocker, which...
Eswar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles