KLA12349
Multiple vulnerabilities in Microsoft Browser

Обновлено: 04/08/2022
Дата обнаружения
09/11/2021
Уровень угрозы
Critical
Описание

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to spoof user interface, execute arbitrary code.

Below is a complete list of vulnerabilities:

  1. A spoofing vulnerability in Microsoft Edge can be exploited remotely to spoof user interface.
  2. A memory corruption vulnerability in Chakra Scripting Engine can be exploited remotely to execute arbitrary code.
Пораженные продукты

Microsoft Edge (Chromium-based) in IE Mode
ChakraCore

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
CVE-2021-41351
CVE-2021-42279
Оказываемое влияние
?
ACE 
[?]

SUI 
[?]
Связанные продукты
Microsoft Edge
ChakraCore
KB list

5007206
5007186
5007215
5007189

Microsoft official advisories
Microsoft Security Update Guide
Узнай статистику распространения уязвимостей в твоем регионе