Microsoft Teams & Edge Zero-Day Vulnerabilities Leads to Code Execution
- С сайта: Zero-Day(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Zero-Day(cybersecuritynews.com)
Microsoft has addressed two zero-day vulnerabilities in two Open-Source Software security vulnerabilities, which include Microsoft Edge, Microsoft Teams for Desktop, Skype for Desktop, and Webp images extension.
These vulnerabilities were previously reported and had the CVE ID as CVE-2023-4863 and CVE-2023-5217. The severity for both of these vulnerabilities is given as 8.8 ( High ).
📁🄳🄾🄲🅄🄼🄴🄽🅃
Microsoft Teams Zero-Day
CVE-2023-4863 is related to a heap buffer overflow that exists in the libwebp, which could allow a threat actor to perform an out-of-bounds memory write using a crafted HTML page. This vulnerability was previously associated with Chromium-based browsers. However, Microsoft Edge (Chromium-based) ingests Chromium, which gives rise to this vulnerability.
Likewise, CVE-2023-5217 was another heap buffer overflow vulnerability that existed in vp8 encoding in libvpx. This vulnerability exists in Microsoft Edge (Chromium-based) browsers, which threat actors can exploit to perform heap corruption via a crafted HTML page.
Both of these vulnerabilities were previously reported to Google Chrome and were fixed in version 117.0.5938.132.
Product Article Download Build Number Microsoft SkypeRelease NotesSecurity Update8.105.0.208WebP Image ExtensionRelease NotesSecurity Update1.0.62681.0Microsoft Teams for MacRelease NotesSecurity Update1.6.00.26463Microsoft Teams for DesktopRelease NotesSecurity Update1.6.00.26474Microsoft Edge (Chromium-based)Release NotesSecurity Update116.0.1938.81Source: Microsoft
As per Microsoft Edge, Microsoft has released the following build information.
Microsoft Edge Channel Microsoft Edge Version Based on Chromium Version Date Released Stable117.0.2045.47117.0.5938.1329/29/2023Extended Stable116.0.1938.98116.0.5845.2289/29/2023
Microsoft has released patches for fixing these vulnerabilities and urged its users to patch them accordingly. Users of these products are recommended to upgrade to the latest versions of these products to prevent these vulnerabilities from getting exploited.
#Cyber_Security_News #Microsoft #Vulnerability #Zero-Day #Microsoft_Teams #vulnerability #Zero_day
Оригинальная версия на сайте:
Microsoft Teams & Edge Zero-Day Vulnerabilities Leads to Code Execution
Author: EswarMicrosoft has addressed two zero-day vulnerabilities in two Open-Source Software security vulnerabilities, which include Microsoft Edge, Microsoft Teams for Desktop, Skype for Desktop, and Webp images extension.
These vulnerabilities were previously reported and had the CVE ID as CVE-2023-4863 and CVE-2023-5217. The severity for both of these vulnerabilities is given as 8.8 ( High ).
📁🄳🄾🄲🅄🄼🄴🄽🅃
Microsoft Teams Zero-Day
CVE-2023-4863 is related to a heap buffer overflow that exists in the libwebp, which could allow a threat actor to perform an out-of-bounds memory write using a crafted HTML page. This vulnerability was previously associated with Chromium-based browsers. However, Microsoft Edge (Chromium-based) ingests Chromium, which gives rise to this vulnerability.
Likewise, CVE-2023-5217 was another heap buffer overflow vulnerability that existed in vp8 encoding in libvpx. This vulnerability exists in Microsoft Edge (Chromium-based) browsers, which threat actors can exploit to perform heap corruption via a crafted HTML page.
Both of these vulnerabilities were previously reported to Google Chrome and were fixed in version 117.0.5938.132.
Product Article Download Build Number Microsoft SkypeRelease NotesSecurity Update8.105.0.208WebP Image ExtensionRelease NotesSecurity Update1.0.62681.0Microsoft Teams for MacRelease NotesSecurity Update1.6.00.26463Microsoft Teams for DesktopRelease NotesSecurity Update1.6.00.26474Microsoft Edge (Chromium-based)Release NotesSecurity Update116.0.1938.81Source: Microsoft
As per Microsoft Edge, Microsoft has released the following build information.
Microsoft Edge Channel Microsoft Edge Version Based on Chromium Version Date Released Stable117.0.2045.47117.0.5938.1329/29/2023Extended Stable116.0.1938.98116.0.5845.2289/29/2023
Microsoft has released patches for fixing these vulnerabilities and urged its users to patch them accordingly. Users of these products are recommended to upgrade to the latest versions of these products to prevent these vulnerabilities from getting exploited.
#Cyber_Security_News #Microsoft #Vulnerability #Zero-Day #Microsoft_Teams #vulnerability #Zero_day
Оригинальная версия на сайте:
