Cyber Security News

Microsoft Edge Vulnerability Let Attackers Execute Malicious Code

Three new vulnerabilities have been discovered in Microsoft Edge (Chromium-based) associated with Remote Code execution and Spoofing. The CVEs of these vulnerabilities have been assigned as CVE-2023-36022, CVE-2023-36029, and CVE-2023-36034.

The severity of these vulnerabilities ranges between 4.3 (Medium) and 6.6 (Medium). However, Microsoft has released patches for fixing these vulnerabilities and recommended its users upgrade them accordingly.

CVE-2023-36022 & CVE-2023-36034: Microsoft Edge Remote Code Execution Vulnerability

This vulnerability can be exploited by an unauthenticated, remote threat actor and execute remote commands on the affected versions of Microsoft Edge. However, According to Microsoft, this vulnerability requires user interaction to be performed before exploitation.

The severity for this vulnerability has been given as 6.6 (Medium).

Document
FREE Webinar

Webinar on Cyber Resilience for Financial Sector

Ensure your Cyber Resiliance with the recent wave of cyber-attacks targeting the financial services sector. Almost 60% respondents not confident to recover fully from a cyber attack.

CVE-2023-36029: Microsoft Edge Spoofing Vulnerability

This vulnerability can be exploited by an unauthenticated attacker with network access, which requires certain user interactions to be performed. However, additional details about this vulnerability have not been published. The severity of this vulnerability has been given as 4.3 (Medium).

Microsoft confirmed that there are no publicly available exploits for fixing these vulnerabilities.

Affected Products

CVE IDAffected ProductsAffected VersionsFixed in Version
CVE-2023-36022Microsoft Edge (Chromium-based)earlier than 119.0.2151.44119.0.2151.44
Microsoft Edge (Chromium-based) Extended Stableearlier than 118.0.2088.88118.0.2088.88
CVE-2023-36029Microsoft Edge for Androidearlier than 118.0.2088.88118.0.2088.88
CVE-2023-36034Microsoft Edge (Chromium-based)earlier than 119.0.2151.44119.0.2151.44
Microsoft Edge (Chromium-based) Extended Stableearlier than 118.0.2088.88118.0.2088.88

Users of these products are recommended to upgrade to the latest versions of these products to prevent these vulnerabilities from getting exploited.

Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Try a free trial to ensure 100% security.

Eswar

Eswar is a Cyber security reporter with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is reporting data breach, Privacy and APT Threats.

Recent Posts

Weekly Cyber Security News Letter – Data Breaches, Vulnerability, Cyber Attack & More

On a weekly basis, the cyber security newsletter is considered an essential update on information…

5 hours ago

8.5 Million Windows Systems Hit by CrowdStrike Faulty Update – Microsoft Says!

Microsoft has revealed that a faulty software update released by cybersecurity firm CrowdStrike on July…

1 day ago

Hackers Exploits CrowdStrike Issues to Attack Windows System With RemCos Malware

On July 19, 2024, CrowdStrike identified an issue in a content update for the Falcon…

1 day ago

Alert! Hackers Exploiting CrowdStrike Issue in Cyber Attacks

Cybersecurity experts have uncovered a concerning development following the recent CrowdStrike Falcon sensor issue that…

2 days ago

10 Best Linux Firewalls In 2024

At present, many computers are connected via numerous networks. Monitoring all traffic and having something…

2 days ago

CrowdStrike Releases Fix for Updates Causing Windows to Enter BSOD Loop

CrowdStrike has issued a fix for a problematic update that caused numerous Windows systems to…

2 days ago