KLA11858
Multiple vulnerabilities in Microsoft Browser

Updated: 07/22/2020
Detect date
?
07/14/2020
Severity
?
Critical
Description

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code.

Below is a complete list of vulnerabilities:

  1. An information disclosure vulnerability in Skype for Business via Microsoft Edge (EdgeHTML-based) can be exploited remotely via specially crafted to obtain sensitive information.
  2. An information disclosure vulnerability in Skype for Business via Internet Explorer can be exploited remotely via specially crafted to obtain sensitive information.
  3. An information disclosure vulnerability in Microsoft Edge PDF can be exploited remotely via specially crafted to obtain sensitive information.
  4. A remote code execution vulnerability in VBScript can be exploited remotely via specially crafted website to execute arbitrary code.
Exploitation

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Affected products

Internet Explorer 9
Internet Explorer 11
Microsoft Edge (EdgeHTML-based)

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2020-1462
CVE-2020-1432
CVE-2020-1433
CVE-2020-1403

Impacts
?
ACE 
[?]

OSI 
[?]
Related products
Microsoft Internet Explorer
Microsoft Edge
CVE-IDS
?
CVE-2020-14620.0Unknown
CVE-2020-14320.0Unknown
CVE-2020-14330.0Unknown
CVE-2020-14030.0Unknown
KB list

4565541
4565524
4558998
4565489
4565479
4565483
4565508
4565511
4565513
4565537
4565503

Microsoft official advisories
Microsoft Security Update Guide
Find out the statistics of the vulnerabilities spreading in your region