CVE-2022-30128 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

The Chromium-based Microsoft Edge browser is prone to a privilege elevation vulnerability, which may allow attackers to perform certain actions on the system as administrator. This issue occurs due to the improper handling of web requests. An unauthenticated attacker may leverage this vulnerability to access the system as administrator or escalate their privileges. This issue affects Microsoft Edge on Windows 10 Creators Update, Anniversary Update, and previous versions. It is recommended that users update their software to the latest version.

Microsoft Edge CVE-2018-0925 Information Disclosure Vulnerability

A remote code execution vulnerability in Microsoft Edge has been discovered. This vulnerability is caused due to the improper handling of web requests. An unauthenticated attacker may leverage this vulnerability to execute arbitrary code on the affected system. This issue affects Microsoft Edge on Windows 10 Creators Update, Anniversary Update, and previous versions. It is recommended that users update their software to the latest version.

Vulnerability overview

This vulnerability is found on the latest version of Microsoft Edge, which is using Chromium as the rendering engine. This vulnerability could allow an unauthenticated attacker to perform certain actions on the system as administrator. An authenticated user would need to be tricked into visiting a malicious website in order to exploit this issue.

Microsoft Edge CVE-2022 Vulnerability - Elevation of Privilege

An unauthenticated attacker may leverage this vulnerability to access the system as administrator or escalate their privileges. This issue affects Microsoft Edge on Windows 10 Creators Update, Anniversary Update, and previous versions. It is recommended that users update their software to the latest version.
Microsoft Edge CVE-2022 Vulnerability - Elevation of Privilege

How to check if you are affected by CVE-2022?

If you are using Microsoft Edge on Windows 10 Creators Update, Anniversary Update, or previous versions and have not updated to the latest version, it is recommended that you update your software. If you are using any other operating system, please visit the Microsoft patch website to see if this issue is resolved for your OS.

Microsoft Edge CVE -2022 Vulnerability - Instructions to take advantage of

Microsoft Edge (CVE-2022-30128) is a website that details the steps to take in order to exploit this vulnerability. In order to perform the exploit, one will need to have administrator privileges on the system. Once this is achieved, the following actions can be performed:
1) Add an administrator account and add it as a trusted publisher
2) Add an administrator account and move it up in trust hierarchy
3) Add a user as an administrator
4) Add users as administrators

Timeline

Published on: 06/01/2022 20:15:00 UTC
Last modified on: 08/15/2022 11:21:00 UTC

References

• https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30128
• https://security.gentoo.org/glsa/202208-25
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-30128