Microsoft has addressed two zero-day vulnerabilities in two Open-Source Software security vulnerabilities, which include Microsoft Edge, Microsoft Teams for Desktop, Skype for Desktop, and Webp images extension.
These vulnerabilities were previously reported and had the CVE ID as CVE-2023-4863 and CVE-2023-5217. The severity for both of these vulnerabilities is given as 8.8 (High).
Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware
Microsoft Teams Zero-Day
CVE-2023-4863 is related to a heap buffer overflow that exists in the libwebp, which could allow a threat actor to perform an out-of-bounds memory write using a crafted HTML page. This vulnerability was previously associated with Chromium-based browsers. However, Microsoft Edge (Chromium-based) ingests Chromium, which gives rise to this vulnerability.
Likewise, CVE-2023-5217 was another heap buffer overflow vulnerability that existed in vp8 encoding in libvpx. This vulnerability exists in Microsoft Edge (Chromium-based) browsers, which threat actors can exploit to perform heap corruption via a crafted HTML page.
Both of these vulnerabilities were previously reported to Google Chrome and were fixed in version 117.0.5938.132.
As per Microsoft Edge, Microsoft has released the following build information.
| Microsoft Edge Channel | Microsoft Edge Version | Based on Chromium Version | Date Released |
| Stable | 117.0.2045.47 | 117.0.5938.132 | 9/29/2023 |
| Extended Stable | 116.0.1938.98 | 116.0.5845.228 | 9/29/2023 |
Microsoft has released patches for fixing these vulnerabilities and urged its users to patch them accordingly. Users of these products are recommended to upgrade to the latest versions of these products to prevent these vulnerabilities from getting exploited.
Protect yourself from vulnerabilities using Patch Manager Plus to quickly patch over 850 third-party applications. Take advantage of the free trial to ensure 100% security.