Vulnerability

CERT-In Vulnerability Note CIVN-2017-0174
Multiple Vulnerability in Microsoft Edge

Original Issue Date:November 21, 2017

Severity Rating: HIGH

Software Affected

Windows 7 for 32-bit and x64-based Systems Service Pack 1
Windows 8.1 for 32-bit and x64-based systems
Windows RT 8.1
Windows 10 for 32-bit and x64-based Systems
Windows 10 Version 1511 for 32-bit and x64-based Systems
Windows 10 Version 1607 for 32-bit and x64-based Systems
Windows 10 Version 1703 for 32-bit and 64-based Systems
Windows 10 Version 1709 for 32-bit and x64-based Systems
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for 32-bit and x64-based Systems Service Pack 2
Windows Server 2012 and 2012 R2
Windows Server 2016

Overview

Multiple vulnerabilities have been reported in Microsoft Edge, which could be exploited by a remote attacker to obtain sensitive information, execute arbitrary code, bypass security restrictions and gain elevated privileges on the targeted system.

Description

1. Microsoft Edge Security Feature Bypass Vulnerability ( CVE-2017-11863   )

A security feature bypass vulnerability exists in Microsoft Edge due to insufficient validation of user-supplied input by the Microsoft Edge Content Security Policy (CSP) feature. A remote attacker could exploit these vulnerabilities by enticing a user into loading a page containing malicious content or visiting a malicious website.
A successful exploit could allow the remote attacker to bypass security restrictions, which could be used to conduct further attacks.

2. Microsoft Edge Security Feature Bypass Vulnerability ( CVE-2017-11872   )

A security feature bypass vulnerability exists in Microsoft Edge due to improper handling of redirect requests. A remote attacker could exploit these vulnerabilities by persuading a user to access specially crafted page containing malicious content or visiting a malicious website.
A successful exploit could allow the remote attacker to bypass cross-origin resource sharing (CORS) redirect restrictions and force the targeted users browser to disclose sensitive information.

3. Microsoft Edge Security Feature Bypass Vulnerability ( CVE-2017-11874   )

A security feature bypass vulnerability exists in Microsoft Edge due to due to improper memory operations by Edge Just-In-Time (JIT) compiler component. A remote attacker could exploit this vulnerability by enticing a user into accessing a page containing malicious content or visiting a malicious website.
A successful exploitation of this vulnerability could allow the remote attacker to bypass Control Flow Guard (CFG). Furthermore, a remote attacker could use the CFG bypass vulnerability in conjunction with another vulnerability which could allow a remote attacker to execute arbitrary code on the targeted system and compromise the system completely.

4. Microsoft Edge Scripting Engine Memory Corruption Vulnerability ( CVE-2017-11866   CVE-2017-11870   CVE-2017-11871   CVE-2017-11836   CVE-2017-11873   CVE-2017-11837   CVE-2017-11838   CVE-2017-11839   CVE-2017-11840   CVE-2017-11827   CVE-2017-11845   CVE-2017-11846   CVE-2017-11858   CVE-2017-11861   CVE-2017-11862   CVE-2017-11841   CVE-2017-11843   )

Multiple remote code execution vulnerabilities exists in Microsoft Edge due to improper handling of objects in memory by scripting engine. A remote attacker could exploit these vulnerabilities by persuading a user to access specially crafted page containing malicious content or visiting a malicious website.
A successful exploit could allow the remote attacker to execute arbitrary code, which could cause memory corruption. Furthermore, the user logged on with administrative rights could allow a remote attacker to install programs; view, change, or delete data; or create new accounts with full user rights and compromise the system completely.

5. Microsoft Edge Information Disclosure Vulnerability ( CVE-2017-11791   CVE-2017-11803   CVE-2017-11833   CVE-2017-11844   )

Multiple information disclosure vulnerability exists in Microsoft Edge due to improper handling of objects in memory by scripting engine and cross-origin requests. A remote attacker could exploit these vulnerabilities by persuading a user to visit specially crafted page containing malicious content or visiting a malicious website.
A successful exploitation of this vulnerability could allow the remote attacker to access sensitive information on the targeted system, which could be further used to conduct additional attacks.

Solution

Apply appropriate patch as mentioned in Microsoft Security Guidance
https://portal.msrc.microsoft.com/en-us/security-guidance

Vendor Information

Microsoft
https://portal.msrc.microsoft.com/en-us/security-guidance

References

Security Tracker
https://securitytracker.com/id/1039797
https://securitytracker.com/id/1039780
https://securitytracker.com/id/1039801

CVE Name
CVE-2017-11863
CVE-2017-11872
CVE-2017-11874
CVE-2017-11866
CVE-2017-11870
CVE-2017-11871
CVE-2017-11836
CVE-2017-11873
CVE-2017-11837
CVE-2017-11838
CVE-2017-11839
CVE-2017-11840
CVE-2017-11827
CVE-2017-11845
CVE-2017-11846
CVE-2017-11858
CVE-2017-11861
CVE-2017-11862
CVE-2017-11841
CVE-2017-11843
CVE-2017-11791
CVE-2017-11803
CVE-2017-11833
CVE-2017-11844

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Email: info@cert-in.org.in
Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, CGO Complex, Lodhi Road,
New Delhi - 110 003
India