CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
99.4%
Multiple serious vulnerabilities have been found in Microsoft Internet Explorer and Microsoft Edge. Malicious users can exploit these vulnerabilities to gain privileges, bypass security restrictions, execute arbitrary code and obtain sensitive information.
Below is a complete list of vulnerabilities:
Technical details
To exploit vulnerabilities (9) and (13), an attacker can send an URL to the malicious website via email or instant message.
Exploit of vulnerability (12) allows attackers to get sensitive data from memory and possibly bypass ASLR (Address Space Layout Randomization).
Public exploits exist for this vulnerability.
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
CVE-2017-8503 critical
CVE-2017-8625 critical
CVE-2017-8634 critical
CVE-2017-8635 critical
CVE-2017-8636 critical
CVE-2017-8637 high
CVE-2017-8638 critical
CVE-2017-8639 critical
CVE-2017-8640 critical
CVE-2017-8641 critical
CVE-2017-8642 high
CVE-2017-8644 warning
CVE-2017-8645 critical
CVE-2017-8646 critical
CVE-2017-8647 critical
CVE-2017-8650 high
CVE-2017-8651 critical
CVE-2017-8652 high
CVE-2017-8653 critical
CVE-2017-8655 critical
CVE-2017-8656 critical
CVE-2017-8657 critical
CVE-2017-8659 warning
CVE-2017-8661 critical
CVE-2017-8662 warning
CVE-2017-8669 critical
CVE-2017-8670 critical
CVE-2017-8671 critical
CVE-2017-8672 critical
CVE-2017-8674 critical
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.
Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.
Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.
Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.
support.microsoft.com/kb/4034658
support.microsoft.com/kb/4034660
support.microsoft.com/kb/4034664
support.microsoft.com/kb/4034665
support.microsoft.com/kb/4034668
support.microsoft.com/kb/4034674
support.microsoft.com/kb/4034681
support.microsoft.com/kb/4034733
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8503
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8503
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8625
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8634
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8634
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8635
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8635
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8636
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8636
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8637
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8637
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8638
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8638
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8639
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8639
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8640
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8640
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8641
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8641
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8642
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8642
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8644
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8644
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8645
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8645
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8646
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8646
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8647
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8647
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8650
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8651
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8651
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8652
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8652
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8653
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8653
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8655
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8655
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8656
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8656
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8657
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8657
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8659
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8659
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8661
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8661
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8662
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8662
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8669
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8669
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8670
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8670
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8671
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8671
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8672
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8672
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8674
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8674
statistics.securelist.com/
threats.kaspersky.com/en/class/Exploit/
threats.kaspersky.com/en/product/Microsoft-Edge/
threats.kaspersky.com/en/product/Microsoft-Internet-Explorer/
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
99.4%