Threat Advisory

Critical Vulnerability in Microsoft Edge Enables Arbitrary Code Execution

Threat: Vulnerability
Criticality: High
[subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

Researchers have issued a critical security update for its Edge browser, addressing three significant vulnerabilities that could allow attackers to execute arbitrary code and perform out-of-bounds memory operations on affected systems. This update is crucial for users running Microsoft Edge versions prior to 127.0.2651.86 on Windows, macOS, and Linux. Users are strongly advised to update their browsers immediately to mitigate the risks associated with these flaws.[/subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

Researchers have issued a critical security update for its Edge browser, addressing three significant vulnerabilities that could allow attackers to execute arbitrary code and perform out-of-bounds memory operations on affected systems. This update is crucial for users running Microsoft Edge versions prior to 127.0.2651.86 on Windows, macOS, and Linux. Users are strongly advised to update their browsers immediately to mitigate the risks associated with these flaws.[emaillocker id="1283"]

  • CVE-2024-7256: This vulnerability is an insufficient data validation flaw in the Dawn graphics component. It could allow an attacker to execute arbitrary code on the victim’s system, potentially leading to full system compromise. This vulnerability was reported by a security researcher and is considered one of the most critical issues addressed in this update.
  • CVE-2024-6990: This vulnerability involves an uninitialized use in the Dawn component, which can lead to out-of-bounds memory access. Such flaws are particularly dangerous as they can result in unpredictable system behavior, crashes, or even allow an attacker to execute arbitrary code. This vulnerability rated as "Critical," highlighting its potential for severe impact.
  • CVE-2024-7255: This vulnerability affects the WebTransport feature, allowing an attacker to perform out-of-bounds memory read operations. While less severe than arbitrary code execution, this flaw still poses significant risks, such as exposing sensitive data or leading to further exploitation.

Given the severity and potential impact of these vulnerabilities, users are strongly urged to update their Microsoft Edge browser. Keeping the browser up-to-date and enabling enhanced security mode are essential steps to protect against these threats.

RECOMMENDATION:

  • We strongly recommend you update Microsoft Edge to version 127.0.2651.86 or later.

REFERENCES:

The following reports contain further technical details:
https://cybersecuritynews.com/microsoft-edge-vulnerability-arbitrary-code/

[/emaillocker]
crossmenu