Microsoft Patched a Critical Edge Flaw that Led to Arbitrary Code Execution

Microsoft has addressed several critical vulnerabilities in its Chromium-based Edge browser. Users of the affected versions are strongly advised to update to the latest version to mitigate potential security risks.

According to the Asec Ahnlab reports, the vulnerabilities were found in Microsoft Edge versions 127.0.6533.88 and 127.0.6533.89.

These versions are based on the Chromium engine, widely used across various web browsers for its performance and security features.

How to Build a Security Framework With Limited Resources IT Security Team (PDF) - Free Guide

Resolved Vulnerabilities

Microsoft’s security update resolves three critical vulnerabilities that could allow attackers to execute arbitrary code or perform out-of-bounds (OOB) memory access via specially crafted HTML content. The details of the vulnerabilities are as follows:

1. Improper Data Validation in Dawn (CVE-2024-7256):
   • This vulnerability allows attackers to execute arbitrary code by exploiting improper data validation in Microsoft Edge’s Dawn component. Crafted HTML content can trigger this flaw, leading to potential system compromise.
2. Uninitialized Use in Dawn (CVE-2024-6990):
   • An uninitialized use vulnerability in the Dawn component permits attackers to perform OOB memory access. This flaw can be exploited using crafted HTML, potentially leading to system instability or further exploitation.
3. Vulnerability in WebTransport Feature (CVE-2024-7255):
   • A vulnerability in the WebTransport feature of Microsoft Edge allows attackers to perform OOB memory access via crafted HTML. This flaw could be used to compromise the security of the affected system.

Vulnerability Patches

Microsoft has released specific patches to address these vulnerabilities in the latest update.

Users are encouraged to download and install the updates through the Windows Update feature or by visiting the official Microsoft website.

Microsoft Edge 127.0.6533.88/89 (Chromium-based) Version: The patches are available for download and installation to ensure users are protected from these critical vulnerabilities.

Security experts emphasize the importance of keeping software up to date to protect against emerging threats. Microsoft’s prompt response to these vulnerabilities underscores its commitment to user security.

Users of Microsoft Edge are urged to update their browsers immediately to safeguard their systems from potential exploits.

Are you from SOC and DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Free Access