Kaspersky Threats

KLA11667
Multiple vulnerabilities in Microsoft Browser

Обновлено: 18/06/2020

Дата обнаружения	11/02/2020
Уровень угрозы	Critical
Описание	Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, obtain sensitive information. Below is a complete list of vulnerabilities: An elevation of privilege vulnerability in Microsoft Edge can be exploited remotely via specially crafted content to gain privileges. A memory corruption vulnerability in Scripting Engine can be exploited remotely to execute arbitrary code. An information disclosure vulnerability in Microsoft Browser can be exploited remotely via specially crafted content to obtain sensitive information. A memory corruption vulnerability in Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
Эксплуатация	Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Пораженные продукты	Internet Explorer 10 ChakraCore Microsoft Edge (EdgeHTML-based) Internet Explorer 9 Internet Explorer 11
Решение	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Первичный источник обнаружения	CVE-2020-0663 CVE-2020-0767 CVE-2020-0706 CVE-2020-0713 CVE-2020-0712 CVE-2020-0711 CVE-2020-0710 CVE-2020-0674 CVE-2020-0673
Оказываемое влияние ?	ACE [?] OSI [?] PE [?]
Связанные продукты	Microsoft Internet Explorer Microsoft Edge ChakraCore
CVE-IDS	CVE-2020-06630.0Unknown CVE-2020-07670.0Unknown CVE-2020-07060.0Unknown CVE-2020-07130.0Unknown CVE-2020-07120.0Unknown CVE-2020-07110.0Unknown CVE-2020-07100.0Unknown CVE-2020-06740.0Unknown CVE-2020-06730.0Unknown
KB list	4537820 4537821 4537776 4532693 4532691 4537762 4537764 4537789 4537814 4537767
Microsoft official advisories	Microsoft Security Update Guide