KLA11858
Multiple vulnerabilities in Microsoft Browser
Обновлено: 22/07/2020
Дата обнаружения
14/07/2020
Уровень угрозы
Critical
Описание

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code.

Below is a complete list of vulnerabilities:

  1. An information disclosure vulnerability in Skype for Business via Microsoft Edge (EdgeHTML-based) can be exploited remotely via specially crafted to obtain sensitive information.
  2. An information disclosure vulnerability in Skype for Business via Internet Explorer can be exploited remotely via specially crafted to obtain sensitive information.
  3. An information disclosure vulnerability in Microsoft Edge PDF can be exploited remotely via specially crafted to obtain sensitive information.
  4. A remote code execution vulnerability in VBScript can be exploited remotely via specially crafted website to execute arbitrary code.
Эксплуатация

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Пораженные продукты

Internet Explorer 9
Internet Explorer 11
Microsoft Edge (EdgeHTML-based)

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
CVE-2020-1462
CVE-2020-1432
CVE-2020-1433
CVE-2020-1403
Оказываемое влияние
?
ACE 
[?]

OSI 
[?]
Связанные продукты
Microsoft Internet Explorer
Microsoft Edge
CVE-IDS
CVE-2020-14620.0Unknown
CVE-2020-14320.0Unknown
CVE-2020-14330.0Unknown
CVE-2020-14030.0Unknown
KB list

4565541
4565524
4558998
4565489
4565479
4565483
4565508
4565511
4565513
4565537
4565503

Microsoft official advisories
Microsoft Security Update Guide