Microsoft Edge RCE Vulnerability Let Attackers Take Control of the System


A critical remote code execution (RCE) vulnerability in Microsoft Edge has been discovered. It could allow attackers to take control of affected systems by executing arbitrary code remotely.

Microsoft has assigned the flaw, CVE-2024-38210, an “Important” severity rating. The vulnerability affects Microsoft Edge (Stable) versions before 128.0.2739.42. To exploit this flaw, an attacker would need to either:

EHA

  1. Log on to the target system and run a specially crafted application
  2. Convince a local user to open a malicious file, typically through social engineering tactics like phishing emails or instant messages.

If successfully exploited, this vulnerability could allow an attacker to execute arbitrary code on the targeted system, potentially gaining full control. The attack requires user interaction, with the victim needing multiple steps to trigger the vulnerability.

Free Webinar on Detecting & Blocking Supply Chain Attack -> Book your Spot

Microsoft has addressed this security issue in its latest update. To mitigate the risk, users are strongly advised to update to Microsoft Edge (Stable) version 128.0.2739.42 or later.

Microsoft Edge RCE Vulnerability Let Attackers Take Control of the System
Edge Updated

This vulnerability is part of a larger set of security issues addressed by Microsoft in its recent updates.

To protect against similar threats, users should:

  • Keep their software up-to-date
  • Be cautious when opening files or clicking links from unknown sources
  • Implement robust security measures, including email filtering and user education

No specific information about exploits for CVE-2024-38210 is available, but if this vulnerability has been publicly disclosed, exploits could always be developed quickly. 

Organizations should monitor official sources like Microsoft’s security advisories and CISA’s KEV Catalog for the most up-to-date information on actively exploited vulnerabilities.

You can check your Microsoft Edge version by opening it, clicking the three-dot menu (…) in the top right corner, and going to Help and Feedback> About Microsoft Edge. The version number will be displayed.

If your version is older than 128.0.2739.42, update Edge to the latest version. Edge updates automatically, but you can manually check for updates on the About Microsoft Edge page.

Google has recently addressed a high-severity zero-day vulnerability in its Chrome browser. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi should also apply the latest security updates as they become available.

Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN - 14 day free trial



Source link