Multiple serious vulnerabilities have been found in Microsoft Internet Explorer and Microsoft Edge. Malicious users can exploit these vulnerabilities to execute arbitrary code and obtain sensitive information.

Below is a complete list of vulnerabilities:

1. Multiple vulnerabilities related to an improper handling of objects in memory can be exploited remotely by convincing a user to visit a specially designed website to execute arbitrary code;
2. Incorrect restrictions put on the way the information is returned to Microsoft Edge by JavaScript object methods can be exploited remotely by convincing a user to visit a specially designed website to obtain sensitive information;
3. Multiple vulnerabilities related to an improper handling of objects in memory done by JavaScript scripting engines can be exploited remotely by convincing a user to visit a specially designed website, by embedding an ActiveX control marked “safe for initialization” in an application or via a Microsoft Office document which hosts the Edge rendering engine to execute arbitrary code;
4. An incorrect handling of specific filtered response types done by the Fetch API in Microsoft Edge can be exploited remotely by convincing a user to visit a specially designed website to obtain sensitive information;
5. An improper handling of objects in memory in Microsoft Internet Explorer can be exploited remotely by convincing a user to visit a specially designed website to execute arbitrary code;
6. An incorrect check for scripts which attempt to matipulate HTML elements in other browser windows can be exploited remotely by convincing a user to visit a specially designed website or load a specially designed page to bypass security restrictions;
7. An improper handling of objects in memory can be exploited remotely by convincing a user to visit a specially designed website to obtain sensitive information;
8. An improper enforcement of same-origin policies in Microsoft Edge can be exploited remotely by convincing a user to visit a specially designed website or load a specially designed page to bypass security restrictions;
9. An incorrect validation of documents done by the CSP (Content Security Policy) in Microsoft Edge can be exploited remotely by convincing a user to visit a specially designed website or load a specially designed page to bypass security restrictions.

Microsoft Edge
Microsoft Internet Explorer versions 9 through 11

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

CVE-2017-8520
CVE-2017-8498
CVE-2017-8499
CVE-2017-8496
CVE-2017-8497
CVE-2017-8523
CVE-2017-8530
CVE-2017-8524
CVE-2017-8522
CVE-2017-8549
CVE-2017-8517
CVE-2017-8521
CVE-2017-8504
CVE-2017-8548
CVE-2017-8519
CVE-2017-8547
CVE-2017-8555
CVE-2017-8529
CVE-2017-8496
CVE-2017-8497
CVE-2017-8498
CVE-2017-8499
CVE-2017-8504
CVE-2017-8517
CVE-2017-8519
CVE-2017-8520
CVE-2017-8521
CVE-2017-8522
CVE-2017-8523
CVE-2017-8524
CVE-2017-8529
CVE-2017-8547
CVE-2017-8548
CVE-2017-8549
CVE-2017-8555

4038788
4038782
4038783
4038792
4038799
4038781
4038777
4022719
4022726
4022714
4021558
4022724
4022727
4022715
4022725
4036586