Microsoft took action on Friday, October 13, 2023, by releasing a security update guide in response to a vulnerability that impacts their Chromium-based web browser, Microsoft Edge. The vulnerability is identified as CVE-2023-36559 with a base score of 4.2,  there is limited information available about the specific spoofing methods that can be used to exploit it due to the recent discovery of this vulnerability. To safeguard against this risk, it is imperative to take immediate action and implement the recommended security measures – Update Chromium-based web browser, Microsoft Edge to most recent version.

Vulnerabilities Discussed

CVE-2023-36559

Table of Contents

• Details of the Vulnerability
• Current Scope of the Attack
• Conclusion
• References

Details of the Vulnerabilities

To exploit this vulnerability successfully, an attacker must first perform specific preparatory actions to configure the target environment. These actions involve luring the user into clicking on a specially crafted URL, which then allows the attacker to compromise the user’s system. It’s important to note that from the exploitation of this vulnerability there are limited impacts on Confidentiality and Integrity, with no impact on Availability. In addition, the attacker would need to combine this vulnerability with other vulnerabilities to carry out a successful attack.

Current Scope of the Attack

To date, Microsoft remains unenlightened of any malevolent exploitation of this vulnerability.

Countermeasures

As a countermeasure, it is advisable to keep your Microsoft Edge browser up-to-date by installing the latest Microsoft Edge Stable Channel, version 118.0.2088.46, which includes the most recent security updates from the Chromium project. This will help enhance the security of your browsing experience.

Conclusion

By updating Microsoft Edge to the latest stable channel version, the customers can minimize exposure to this threat. We will keep a close eye on the latest version release.

References

• https://nvd.nist.gov/vuln/detail/CVE-2023-36559
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36559
• https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security

Contact Us

If you have any questions or require further information on any other cybersecurity matters, please don’t hesitate to contact our dedicated team at [email protected].

If you want to see more about the SOC service we offer, please follow this link https://maidar.io

To ask a question, go to our support portal, Maidar Secure SOC Customer Support

Or Opt-In to our Threat Advisory Services here