漏洞类别:Windows
漏洞等级: 
漏洞信息
Microsoft Edge is the latest web-browser developed by Microsoft which is included in the Windows Operating Systems.
Microsoft Edge suffers multiple security vulnerabilities. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. Many information disclosure vulnerabilities have been fixed in the Microsoft Edge Fetch API, JavaScript XML DOM objects, scripting engine these allow attackers to detect browser extensions, URL of a cross-origin request, detect specific files. This update also addresses vulnerabilities in how edge enforces same-origin policy and Content Security Policies.
Affected Version:
Microsoft Edge on all Windows 10 versions and Windows Server 2016 KB Articles associated with the Update:
1) 4022715
2) 4022725
3) 4022714
4) 4022727
QID Detection Logic (Authenticated):
Operating Systems: All versions of Windows 10 and Windows Server 2016
This QID checks for the file version of %windir%\System32\edgehtml.dll
The following KBs are checked:
The patch version is 11.0.10586.962(KB4022714)
The patch version is 11.0.14393.1356(KB4022715)
The patch version is 11.0.15063.413(KB4022725)
The patch version is 11.0.10240.17443(KB4022727)
漏洞危害
Successful exploitation of the vulnerability may allow the attacker to cause:
1) Remote Code Execution
2) Arbitrary Code Execution
3) File and browser extension detection
解决方案
For more information, Customers are advised to refer the Security Update Guide.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
Edge Security Update for May 2017: Windows 10 Version 1511 for x86 and x64
Edge Security Update for May 2017: Windows Server 2016
Edge Security Update for May 2017: Windows 10 Version 1607 for x86 and x64
Edge Security Update for May 2017: Windows 10 Version 1703 for x86 and x64
Edge Security Update for May 2017: Windows 10 for x86 and x64
0daybank
文章评论