High Threat Security Alert (A23-09-12): Multiple Vulnerabilities in Microsoft Edge
18 September 2023
Microsoft released a security update to address multiple vulnerabilities in Microsoft Edge. A remote attacker could entice a user to open a web page with specially crafted content on a vulnerable browser to exploit the vulnerabilities.
Reports indicate that the remote code execution vulnerability (CVE-2023-4863) is being exploited in the wild. System administrators and users are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.
Microsoft Edge (Stable) prior to version 117.0.2045.31
Microsoft Edge (Version 109) prior to version 109.0.1518.140
Please note that Microsoft Edge (Version 109) will reach End-Of-Life (EOL) on 10 October 2023. No security fixes will be provided thereafter. System administrators and users should arrange upgrading the Microsoft Edge to supported versions or migrating to other supported technology.
Successful exploitation of the vulnerabilities could lead to remote code execution, elevation of privilege, security restriction bypass or spoofing on an affected system.
Microsoft has released new versions of Microsoft Edge to address the issues and the details of the security update can be found at: https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#september-15-2023
System administrators and users of affected systems should follow the recommendations provided by Microsoft and take immediate actions to mitigate the risk.