Microsoft Edge Multiple Vulnerabilities
RISK: Extremely High Risk
TYPE: Clients - Browsers
Multiple vulnerabilities were identified in Microsoft Edge, a remote attacker could exploit some of these vulnerabilities to trigger remote code execution and sensitive information disclosure on the targeted system.
HKCERT is aware of these vulnerabilities have been reported publicly that they are being exploited in the wild, and encourages users and administrators to review the security update pages for the affected products and apply the related updates as soon as possible.
Note:
CVE-2021-37975 and CVE-2021-37976 are being exploited in the wild.
Impact
- Remote Code Execution
- Information Disclosure
System / Technologies affected
- Microsoft Edge prior to 94.0.992.38
Solutions
Before installation of the software, please visit the software vendor web-site for more details.
Apply fixes issued by the vendor:
- Update to version 94.0.992.38
Vulnerability Identifier
Source
Related Link
- https://chromereleases.googleblog.com/2021
- https://msrc.microsoft.com/update-guide/en-us
- https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37974
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37975
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37976
Share with