Cumulative Security Update for Microsoft Edge
15 March 2017
Remote code execution, information disclosure, spoofing, security feature bypass
A cumulative security update for Microsoft Edge addresses multiple vulnerabilities that could be exploited into allowing remote code execution, information disclosure, spoofing, and security feature bypass.
Microsoft has issued a cumulative security update for Microsoft Edge following the discovery of numerous vulnerabilities. Of the total thirty two discovered vulnerabilities, twenty one could lead to remote code execution, five could lead to information disclosure, three could lead to spoofing, and three could lead to security feature bypass.
Multiple factors contributed to the existance of these vulnerabilities, amongst the factors were scripting engines rendering errors, improper parsing of HTTP responses in the browser, incorrect application of Same Origin Policy for HTML elements, and improper handling of objects in memory. All discovered issues have been resolved in the latest updates through corrective modification and fixes.
CVE-2017-0009, CVE-2017-0010, CVE-2017-0011, CVE-2017-0012, CVE-2017-0015, CVE-2017-0017, CVE-2017-0023, CVE-2017-0032, CVE-2017-0033, CVE-2017-0034, CVE-2017-0035, CVE-2017-0037, CVE-2017-0065, CVE-2017-0066, CVE-2017-0067, CVE-2017-0068, CVE-2017-0069, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0135, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0140, CVE-2017-0141, CVE-2017-0150, CVE-2017-0151
Install the latest security patch for applicable system, available for download from https://technet.microsoft.com/en-us/library/security/ms17-007