Vulnerability Protection

Cumulative Security Update for Microsoft Edge


Report ID:


Date Published:

15 March 2017

Date Revised:



Compromise Type:

Remote code execution, information disclosure, spoofing, security feature bypass

Compromise From:


Affected Product/Component:

Microsoft Edge
Windows Server 2016


A cumulative security update for Microsoft Edge addresses multiple vulnerabilities that could be exploited into allowing remote code execution, information disclosure, spoofing, and security feature bypass. 

Detailed Description

Microsoft has issued a cumulative security update for Microsoft Edge following the discovery of numerous vulnerabilities. Of the total thirty two discovered vulnerabilities, twenty one could lead to remote code execution, five could lead to information disclosure, three could lead to spoofing, and three could lead to security feature bypass. 

Multiple factors contributed to the existance of these vulnerabilities, amongst the factors were scripting engines rendering errors, improper parsing of HTTP responses in the browser, incorrect application of Same Origin Policy for HTML elements, and improper handling of objects in memory. All discovered issues have been resolved in the latest updates through corrective modification and fixes.  

CVE Reference

CVE-2017-0009, CVE-2017-0010, CVE-2017-0011, CVE-2017-0012, CVE-2017-0015, CVE-2017-0017, CVE-2017-0023, CVE-2017-0032, CVE-2017-0033, CVE-2017-0034, CVE-2017-0035, CVE-2017-0037, CVE-2017-0065, CVE-2017-0066, CVE-2017-0067, CVE-2017-0068, CVE-2017-0069, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0135, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0140, CVE-2017-0141, CVE-2017-0150, CVE-2017-0151


Install the latest security patch for applicable system, available for download from


Microsoft Security Bulletin MS17-007