If the integrity service is enabled for a script, it can be triggered by injecting a fake script that appears to come from a trusted source and has the correct hash. Because the integrity service checks the hash against a list of previously checked scripts, an attacker would have to control the injection source to prevent the integrity service from verifying the script. This is more difficult than with other integrity checks, since the integrity service checks the script after the hash has been calculated.

Vulnerability Summary

In the event that a script is injected into a website, malicious actors are able to inject a fake script and cause the integrity service to report it as coming from a trusted source. If the hash of the injected script matches that of one of the scripts on the list, then the injection will be allowed without further verification. This flaw can lead to websites being compromised if an attacker is able to control what script is injected onto their website.
The vulnerability affects both Firefox and Chrome browsers, but high-risk websites are more likely to fall victim to this attack. Businesses that use JavaScript should be aware of this vulnerability so they can implement best practices to prevent it from impacting them.

Vulnerability: Cross-site Scripting

A vulnerability has been found in Microsoft's Integrity Service. This vulnerability can be exploited by a malicious website to execute arbitrary code on the victim's system without their consent.

The vulnerability lies in the way Microsoft's Integrity service validates scripts, which is done after the script has been calculated and as such is not easy to detect.

Microsoft has fixed this vulnerability with the release of Windows 10 Fall Creators Update, but it is important for users to remain vigilant about any suspicious behavior from websites they visit.

CVE-2023-36316

If the integrity service is enabled for a script, it can be triggered by injecting a fake script that appears to come from a trusted source and has the correct hash. Because the integrity service checks the hash against a list of previously checked scripts, an attacker would have to control the injection source to prevent the integrity service from verifying the script. This is more difficult than with other integrity checks, since the integrity service checks the script after the hash has been calculated.

Vulnerability summary

A vulnerability in the Microsoft Edge browser's integrity checker allows an attacker to inject a fake script that appears to come from a trusted source and has the correct hash. Because the integrity service checks the hash against a list of previously checked scripts, an attacker must control the injection source to prevent the integrity service from verifying the script. This is more difficult than with other integrity checks, since the integrity service checks the script after the hash has been calculated.

Timeline

Published on: 12/22/2022 20:15:00 UTC
Last modified on: 01/04/2023 04:23:00 UTC

References