Sunday, September 8, 2024
Homecyber securityMicrosoft Patched a Critical Edge Flaw that Led to Arbitrary Code Execution

Microsoft Patched a Critical Edge Flaw that Led to Arbitrary Code Execution

Published on

Microsoft has addressed several critical vulnerabilities in its Chromium-based Edge browser. Users of the affected versions are strongly advised to update to the latest version to mitigate potential security risks.

According to the Asec Ahnlab reports, the vulnerabilities were found in Microsoft Edge versions 127.0.6533.88 and 127.0.6533.89.

These versions are based on the Chromium engine, widely used across various web browsers for its performance and security features.

- Advertisement - EHA

How to Build a Security Framework With Limited Resources IT Security Team (PDF) - Free Guide

Resolved Vulnerabilities

Microsoft’s security update resolves three critical vulnerabilities that could allow attackers to execute arbitrary code or perform out-of-bounds (OOB) memory access via specially crafted HTML content. The details of the vulnerabilities are as follows:

  1. Improper Data Validation in Dawn (CVE-2024-7256):
    • This vulnerability allows attackers to execute arbitrary code by exploiting improper data validation in Microsoft Edge’s Dawn component. Crafted HTML content can trigger this flaw, leading to potential system compromise.
  2. Uninitialized Use in Dawn (CVE-2024-6990):
    • An uninitialized use vulnerability in the Dawn component permits attackers to perform OOB memory access. This flaw can be exploited using crafted HTML, potentially leading to system instability or further exploitation.
  3. Vulnerability in WebTransport Feature (CVE-2024-7255):
    • A vulnerability in the WebTransport feature of Microsoft Edge allows attackers to perform OOB memory access via crafted HTML. This flaw could be used to compromise the security of the affected system.

Vulnerability Patches

Microsoft has released specific patches to address these vulnerabilities in the latest update.

Users are encouraged to download and install the updates through the Windows Update feature or by visiting the official Microsoft website.

Microsoft Edge 127.0.6533.88/89 (Chromium-based) Version: The patches are available for download and installation to ensure users are protected from these critical vulnerabilities.

Security experts emphasize the importance of keeping software up to date to protect against emerging threats. Microsoft’s prompt response to these vulnerabilities underscores its commitment to user security.

Users of Microsoft Edge are urged to update their browsers immediately to safeguard their systems from potential exploits.

Are you from SOC and DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Free Access

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Vulnerabilities in IBM Products Let Attackers Exploit & Launch DOS Attack

IBM has issued a security bulletin addressing critical vulnerabilities in its MQ Operator and...

BBTok Abuses Legitimate Windows Utility Command Tool to Stay Undetected

Cybercriminals in Latin America have increased their use of phishing scams targeting business transactions...

Predator Spyware Exploiting “one-click” & “zero-click” Flaws

Recent research indicates that the Predator spyware, once thought to be inactive due to...

Tropic Trooper Attacks Government Organizations to Steal Sensitive Data

Tropic Trooper (aka KeyBoy, Pirate Panda, and APT23) is a sophisticated cyberespionage APT group,...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

Vulnerabilities in IBM Products Let Attackers Exploit & Launch DOS Attack

IBM has issued a security bulletin addressing critical vulnerabilities in its MQ Operator and...

BBTok Abuses Legitimate Windows Utility Command Tool to Stay Undetected

Cybercriminals in Latin America have increased their use of phishing scams targeting business transactions...

Predator Spyware Exploiting “one-click” & “zero-click” Flaws

Recent research indicates that the Predator spyware, once thought to be inactive due to...