Vulnerability Protection

Vulnerability in Microsoft Edge Could Allow Escalation of Privilege

Details

Report ID:

MS20170101

Date Published:

17 January 2017

Date Revised:

Criticality:

Important

Compromise Type:

Escalation of privilege

Compromise From:

Remote

Affected Product/Component:

Windows 10
Windows Server 2016

Summary

A vulnerability in Microsoft Edge could be exploited by an attacker into gaining escalated privileges on an affected system. 

Detailed Description

Microsoft has released a security update to address an escalation of privilege vulnerability in Microsoft Edge. The vulnerability was caused by improper enforcement of cross-domain policies and could be exploited to allow an attacker to access information from one domain and inject it to another one. The issue has been fixed in the latest security update which introduced a unique origin to top-level windows that navigate to Data URLs. 

CVE Reference

CVE-2017-0002

Solution

Install the latest security patch for applicable systems, available for download from https://technet.microsoft.com/en-us/library/security/MS17-001

Source

Microsoft Security Bulletin MS17-001