KLA11084 Multiple vulnerabilities in Microsoft Edge and Microsoft Internet Explorer

Multiple serious vulnerabilities have been found in Microsoft Internet Explorer and Microsoft Edge. Malicious users can exploit these vulnerabilities to gain privileges, bypass security restrictions, execute arbitrary code and obtain sensitive information.

Below is a complete list of vulnerabilities:

1. An incorrect handling of sandboxing in Microsoft Edge can be exploited locally to gain privileges;
2. An improper validation of UMCI (User Mode Code Integrity) policies can be exploited locally by convincing a user to visit a specially designed website and run a malicious application to bypass security restrictions;
3. Multiple vulnerabilities related to improper handling of objects in memory in JavaScript engines can be exploited remotely via a specially designed website, Microsoft Office document that hosts the browser rendering engine or embedded ActiveX control marked “safe for initialization” in an application to execute arbitrary code;
4. The ACG (Arbitrary Code Guard) bypass vulnerability related to an improper handling of accessing memory in code which is compiled by the Microsoft Edge JIT (Just-In-Time) compiler can be exploited remotely via a specially designed website to bypass security restrictions;
5. An improper validation and sanitizing of JavaScript parameters in Microsoft Edge can be exploited remotely by convincing a user to click a specially designed link hosted on a malicious website to gain privileges;
6. Multiple vulnerabilities related to an incorrect handling of objects in memory in certain functions in Microsoft Edge can be exploited remotely by convincing a user to view a specially designed website to obtain sensitive information;
7. An improper enforcing of cross-domain policies in Microsoft Edge can be exploited remotely by convincing a user to load a specially designed page or visit a malicious website to bypass security restrictions;
8. An incorrect handling of objects in memory in Microsoft Internet Explorer can be exploited remotely by convincing a user to view a specially designed website to execute arbitrary code;
9. Multiple vulnerabilities related to an improper handling of objects in memory can be exploited remotely by convincing a user to view a specially designed website to execute arbitrary code;
10. An incorrect handling of objects in memory in certain functions in the Chakra scripting engine can be exploited remotely by convincing a user to view a specially designed website to obtain sensitive information;
11. An incorrect handling of objects in memory in Microsoft scripting engines in Microsoft Edge can be exploited remotely via a specially designed website, Microsoft Office document that hosts the browser rendering engine or embedded ActiveX control marked “safe for initialization” in an application to execute arbitrary code;
12. An improper validation of strings in affected scenarios can be exploited remotely via a specially designed website to obtain sensitive information;
13. Multiple vulnerabilities related to an improper handling of objects in memory in Microsoft Edge can be exploited remotely by convincing a user to view a specially designed website to execute arbitrary code;
14. An improper handling of objects in memory in the Chakra JavaScript scripting engine can be exploited remotely to execute arbitrary code.

Technical details

To exploit vulnerabilities (9) and (13), an attacker can send an URL to the malicious website via email or instant message.

Exploit of vulnerability (12) allows attackers to get sensitive data from memory and possibly bypass ASLR (Address Space Layout Randomization).

Original advisories

CVE-2017-8647

CVE-2017-8646

CVE-2017-8645

CVE-2017-8644

CVE-2017-8625

CVE-2017-8642

CVE-2017-8641

CVE-2017-8640

CVE-2017-8669

CVE-2017-8661

CVE-2017-8662

CVE-2017-8503

CVE-2017-8638

CVE-2017-8639

CVE-2017-8636

CVE-2017-8637

CVE-2017-8634

CVE-2017-8635

CVE-2017-8655

CVE-2017-8656

CVE-2017-8657

CVE-2017-8650

CVE-2017-8651

CVE-2017-8652

CVE-2017-8653

CVE-2017-8672

CVE-2017-8670

CVE-2017-8671

CVE-2017-8659

CVE-2017-8674

CVE-2017-8503

CVE-2017-8634

CVE-2017-8635

CVE-2017-8636

CVE-2017-8637

CVE-2017-8638

CVE-2017-8639

CVE-2017-8640

CVE-2017-8641

CVE-2017-8642

CVE-2017-8644

CVE-2017-8645

CVE-2017-8646

CVE-2017-8647

CVE-2017-8651

CVE-2017-8652

CVE-2017-8653

CVE-2017-8655

CVE-2017-8656

CVE-2017-8657

CVE-2017-8659

CVE-2017-8661

CVE-2017-8662

CVE-2017-8669

CVE-2017-8670

CVE-2017-8671

CVE-2017-8672

CVE-2017-8674

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Microsoft-Internet-Explorer

Microsoft-Edge

CVE list

CVE-2017-8503 critical

CVE-2017-8625 critical

CVE-2017-8634 critical

CVE-2017-8635 critical

CVE-2017-8636 critical

CVE-2017-8637 high

CVE-2017-8638 critical

CVE-2017-8639 critical

CVE-2017-8640 critical

CVE-2017-8641 critical

CVE-2017-8642 high

CVE-2017-8644 warning

CVE-2017-8645 critical

CVE-2017-8646 critical

CVE-2017-8647 critical

CVE-2017-8650 high

CVE-2017-8651 critical

CVE-2017-8652 high

CVE-2017-8653 critical

CVE-2017-8655 critical

CVE-2017-8656 critical

CVE-2017-8657 critical

CVE-2017-8659 warning

CVE-2017-8661 critical

CVE-2017-8662 warning

CVE-2017-8669 critical

CVE-2017-8670 critical

CVE-2017-8671 critical

CVE-2017-8672 critical

CVE-2017-8674 critical

KB list

4034668

4034733

4034674

4034681

4034658

4034660

4034665

4034664

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

• ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

• OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

• SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

• PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

• SUI

Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.

Affected Products

• Microsoft Internet Explorer versions 9 through 11Microsoft Edge