Multiple serious vulnerabilities have been found in Microsoft Edge, Microsoft Internet Explorer 9 through 11. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, bypass security restrictions, spoof user interface.

Below is a complete list of vulnerabilities:

1. An improper handling of mixed content in Microsoft Internet Explorer can be exploited remotely via a malicious website or via an email containing specially designed *.url file to bypass security restrictions;
2. An improper handling of an access to objects in memory in Microsoft Edge can be exploited remotely via a specially designed website to execute arbitrary code;
3. Multiple vulnerabilities in JavaScript Engine, which are related to handling of an access to objects in memory in Microsoft Internet Explorer can be exploited remotely via a specially designed website to execute arbitrary code;
4. Multiple vulnerabilities related to an incorrect handling of objects in JavaScript engines done while rendering can be exploited remotely via specially designed websites and Microsoft documents or an embedded ActiveX control marked as «safe for initialization» to execute arbitrary code;
5. An improper handling of mixed content in Microsoft Internet Explorer can be exploited remotely via a specially designed website to execute arbitrary code;
6. Multiple vulnerabilities related to an incorrect handling of objects in memory done by Microsoft scripting engines of Microsoft Edge can be exploited remotely via specially designed websites and Microsoft documents or an embedded ActiveX control marked as «safe for initialization» to execute arbitrary code;
7. An improper parsing of HTML and incorrect way of rendering SmartScreen Filter can be exploited remotely via a specially designed URL to spoof user interface;
8. An incorrect handling of sandboxing in Microsoft Edge can be exploited remotely to escape from the AppContainer sandbox and gain privileges;
9. Multiple vulnerabilities in Chakra JavaScript Engine can be exploited remotely via specially designed websites and Microsoft documents or an embedded ActiveX control marked as «safe for initialization» to execute arbitrary code;
10. An improper handling of objects in memory in JavaScript Engine can be exploited remotely via specially designed websites and Microsoft documents or an embedded ActiveX control marked as «safe for initialization» execute arbitrary code;
11. An incorrect rendering of a domain-less page in the URL in Microsoft Edge can be exploited remotely by convincing a user to visit a specially designed webpage to gain privileges and perform actions in the context of the Intranet Zone and access some functions of browser, which are not available while browsing in the context of the Internet Zone.

Technical details

Vulnerability (1) allows to load HTTP content, which is unsecure, to HTTS locations, which are secure.

Vulnerabilities (9) in Chakra JavaScript Engine are related to rendering in Microsoft Edge.

To exploit all vulnerabilities described above via a specially designed webpage, a malicious user should somehow convince user to visit it.

Microsoft Internet Explorer versions 9 through 11
Microsoft Edge

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

4016871
4019474
4018271
4019215
4019264
4019216
4034668
4034733
4034674
4034681
4034658
4034660
4019473
4019472