Microsoft Teams & Edge Zero-Day Vulnerabilities Leads to Arbitrary Code Execution

Microsoft has addressed two zero-day vulnerabilities in two Open-Source Software security vulnerabilities, which include Microsoft Edge, Microsoft Teams for Desktop, Skype for Desktop, and Webp images extension.

These vulnerabilities were previously reported and had the CVE ID as CVE-2023-4863 and CVE-2023-5217. The severity for both of these vulnerabilities is given as 8.8 (High). 

Document
FREE Demo

Deploy Advanced AI-Powered Email Security Solution

Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware

Microsoft Teams Zero-Day

CVE-2023-4863 is related to a heap buffer overflow that exists in the libwebp, which could allow a threat actor to perform an out-of-bounds memory write using a crafted HTML page. This vulnerability was previously associated with Chromium-based browsers. However, Microsoft Edge (Chromium-based) ingests Chromium, which gives rise to this vulnerability.

Likewise, CVE-2023-5217 was another heap buffer overflow vulnerability that existed in vp8 encoding in libvpx. This vulnerability exists in Microsoft Edge (Chromium-based) browsers, which threat actors can exploit to perform heap corruption via a crafted HTML page.

Both of these vulnerabilities were previously reported to Google Chrome and were fixed in version 117.0.5938.132.  

ProductArticleDownloadBuild Number
Microsoft SkypeRelease NotesSecurity Update8.105.0.208
WebP Image ExtensionRelease NotesSecurity Update1.0.62681.0
Microsoft Teams for MacRelease NotesSecurity Update1.6.00.26463
Microsoft Teams for DesktopRelease NotesSecurity Update1.6.00.26474
Microsoft Edge (Chromium-based)Release NotesSecurity Update116.0.1938.81
Source: Microsoft

As per Microsoft Edge, Microsoft has released the following build information.

Microsoft Edge ChannelMicrosoft Edge VersionBased on Chromium VersionDate Released
Stable117.0.2045.47117.0.5938.1329/29/2023
Extended Stable116.0.1938.98116.0.5845.2289/29/2023

Microsoft has released patches for fixing these vulnerabilities and urged its users to patch them accordingly. Users of these products are recommended to upgrade to the latest versions of these products to prevent these vulnerabilities from getting exploited.

Protect yourself from vulnerabilities using Patch Manager Plus to quickly patch over 850 third-party applications. Take advantage of the free trial to ensure 100% security.

Eswar
Eswar is a Cyber security reporter with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is reporting data breach, Privacy and APT Threats.