Vulnerability Protection

Cumulative Security Update for Microsoft Edge

Details

Report ID:

MS20170302

Date Published:

15 March 2017

Date Revised:

Criticality:

Critical

Compromise Type:

Remote code execution, information disclosure, spoofing, security feature bypass

Compromise From:

Remote

Affected Product/Component:

Microsoft Edge
Windows Server 2016

Summary

A cumulative security update for Microsoft Edge addresses multiple vulnerabilities that could be exploited into allowing remote code execution, information disclosure, spoofing, and security feature bypass. 

Detailed Description

Microsoft has issued a cumulative security update for Microsoft Edge following the discovery of numerous vulnerabilities. Of the total thirty two discovered vulnerabilities, twenty one could lead to remote code execution, five could lead to information disclosure, three could lead to spoofing, and three could lead to security feature bypass. 

Multiple factors contributed to the existance of these vulnerabilities, amongst the factors were scripting engines rendering errors, improper parsing of HTTP responses in the browser, incorrect application of Same Origin Policy for HTML elements, and improper handling of objects in memory. All discovered issues have been resolved in the latest updates through corrective modification and fixes.  

CVE Reference

CVE-2017-0009, CVE-2017-0010, CVE-2017-0011, CVE-2017-0012, CVE-2017-0015, CVE-2017-0017, CVE-2017-0023, CVE-2017-0032, CVE-2017-0033, CVE-2017-0034, CVE-2017-0035, CVE-2017-0037, CVE-2017-0065, CVE-2017-0066, CVE-2017-0067, CVE-2017-0068, CVE-2017-0069, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0135, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0140, CVE-2017-0141, CVE-2017-0150, CVE-2017-0151

Solution

Install the latest security patch for applicable system, available for download from https://technet.microsoft.com/en-us/library/security/ms17-007

Source

Microsoft Security Bulletin MS17-007