As reported by BSI, a vulnerability has been confirmed in Microsoft Edge. You can see which operating systems and products are affected by the security gap at news.de.
federal agency safety in der Informationstechnik (BSI) released a security advisory for Microsoft Edge on July 14, 2023. The notification lists several vulnerabilities that allow attacks. The operating systems Android and iPhoneOS, and the product Microsoft Edge are affected by this vulnerability.
The latest manufacturer recommendations for updates, workarounds, and security patches for this vulnerability can be found here: Microsoft security updates (Stand: July 13, 2023).
Multiple Microsoft Edge Vulnerabilities Reported – Risk: Medium
Risk Level: 4 (Medium)
CVSS base score: 7,8
CVSS Time Score: 6,8
Ranged Attack: No
The Common Vulnerability Scoring System (CVSS) is used to rate computer system vulnerabilities. The CVSS standard allows you to compare potential or actual security vulnerabilities based on a variety of metrics in order to properly prioritize remediation. The attributes ‘None’, ‘Low’, ‘Medium’, ‘High’, and ‘Critical’ are used for vulnerability severity. The base score evaluates attack prerequisites (including authentication, complexity, permissions, and user interaction) and their consequences. The time score also takes into account changes in risk status over time. The vulnerability risk described here is categorized as Medium with a base score of 7.8 according to CVSS.
Microsoft Edge Bugs: Summary of Current Vulnerabilities
Edge is Microsoft’s web browser.
A local attacker could exploit multiple vulnerabilities in Microsoft Edge to execute arbitrary code or manipulate data.
Vulnerabilities were categorized by individual serial number using the CVE designation system (Common Vulnerabilities and Exposures). CVE-2023-36888, CVE-2023-36887, CVE-2023-36883.
Summary of Systems Affected by Vulnerability
operating system
Android, iPhoneOS
product
microsoft edge
Common countermeasures against IT vulnerabilities
Users of affected applications should keep their applications up to date. If security gaps are found, manufacturers should develop patches or workarounds to fix them as soon as possible. Install new security updates as soon as they become available. For information, see the sources listed in the next section. These often include detailed information about the latest version of the software in question, security patch availability, or workaround tips. If you have any further questions or are unsure about anything, please contact your administrator. IT security personnel should regularly check the aforementioned sources to see if new security updates are available.
Sources of Updates, Patches and Workarounds
At this point, we will add more links to information about bug reports, security fixes, and workarounds.
Microsoft Security Update 2023-07-13 (2023.07.14)
See below for details.
Version history for this security warning
This is an early version of this IT Security Notice for Microsoft Edge. This text will be updated when updates are announced. You can read about changes or additions in this version history.
2023/07/14 – Initial version
+++ Editorial Note: This text was created by AI Support based on current BSI data. Feedback and comments are welcome at zettel@news.de. +++
follow News.de already Facebook, twitter, Pinterest and YouTubeHere you can find the latest news, latest videos and direct lines to the editors.?
roj/news.de
