MS-ISAC CYBERSECURITY ADVISORIES
MS-ISAC ADVISORY NUMBER:
Cumulative Security Update for Microsoft Edge (MS16-068)
Multiple vulnerabilities have been discovered in Microsoft Edge that could allow for remote code execution. Microsoft Edge replaced Internet Explorer as the default browser on Windows 10. Successful exploitation of these vulnerabilities could result in an attacker gaining the same privileges as the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
There are currently no reports of these vulnerabilities being exploited in the wild.
- Windows 10
- Large and medium government entities:High
- Small government entities:Medium
- Large and medium business entities:High
- Small business entities:Medium
Home users: Low
Multiple vulnerabilities have been discovered in Microsoft Edge that could allow for remote code execution. These include:
- Two Windows PDF Information Disclosure Vulnerabilities exist when a user opens a specially-crafted .pdf file (CVE-2016-3201, CVE-2016-3215)
- One Windows PDF Remote Code Execution Vulnerability exists when a user opens a specially-crafted .pdf file (CVE-2016-3203)
- One Security Feature Bypass vulnerability exists when the Edge Content Security Policy fails to properly validate specially crafted documents (CVE-2016-3198)
We recommend the following actions be taken: