CVE-2022-24475 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE-2022-24475 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Microsoft has assigned this CVE ID to a specific issue with Microsoft Edge web browser on Windows 10. The security advisory for this issue has been published on the following link.



https://support.microsoft.com/en-us/kb/3058522


XSS Resolution Vulnerability - CVE-2022 Affected Software Windows 10 1511 (17134.499); Windows 10 1607 (15063.483); Windows 10 1703 (15063.483); Windows 10 1709 (17134.499); Windows 8.1; Windows 7; Windows Server 2008 R2; Windows Server 2012 R2; Windows Server 2016; Windows Vista; Windows Server 2003 Windows 10 1511 (17134.499); Windows 10 1607 (15063.483); Windows 10 1703 (15063.483); Windows 10 1709 (17134.499); Windows 8.1; Windows 7; Windows Server 2008 R2; Windows Server 2012 R2; Windows Server 2016; Windows Vista; Windows Server 2003 Windows 10 1511 (17134.499); Windows 10 1607 (15063.483); Windows 10 1703 (15063.483); Windows 10 1709 (17134.499); Windows 8.1; Windows 7; Windows Server 2008 R2; Windows Server 2012 R2; Windows Server 2016; Windows Vista; Windows Server 2003 Windows 10 1511 (17134.499); Windows 10 1607 (15063.483); Windows

Windows 10 Vulnerability Summary

Microsoft has assigned this CVE ID to a specific issue with Microsoft Edge web browser on Windows 10. The security advisory for this issue has been published on the following link.
https://support.microsoft.com/en-us/kb/3058522
This vulnerability allows attackers to execute script code in the context of the current user, provided that they have already compromised another system within your network. This is a critical vulnerability that can be used to perform cross-site scripting (XSS) attacks, so it should be taken seriously by all users of Microsoft Edge on Windows 10 operating systems.

Microsoft Edge on Windows 10

Microsoft Edge is affected by an issue that may allow content to be disclosed when a user visits a specially crafted web page. The vulnerability manifests when JavaScript incorrectly manages memory in Microsoft Edge, leading to a potential data disclosure with potential for remote code execution on the targeted system.

Windows 10 version history

Windows 10 1511 (17134.499); Windows 10 1607 (15063.483); Windows 10 1703 (15063.483); Windows 10 1709 (17134.499)

MSRC article

The following article discusses the security advisory published by Microsoft.

"Microsoft has released an update to address a potential vulnerability that could allow code execution in the context of the Local computer. This is not a security issue in Windows 10."

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe