Microsoft Teams & Edge Zero-Day Vulnerabilities Leads to Code Execution

发布于 / 英文文章 / 0 条评论
Microsoft Teams & Edge Zero-Day Vulnerabilities Leads to Code Execution

Microsoft has addressed two zero-day vulnerabilities in two Open-Source Software security vulnerabilities, which include Microsoft Edge, Microsoft Teams for Desktop, Skype for Desktop, and Webp images extension.

These vulnerabilities were previously reported and had the CVE ID as CVE-2023-4863 and CVE-2023-5217. The severity for both of these vulnerabilities is given as 8.8 (High). 



FREE Demo


Deploy Advanced AI-Powered Email Security Solution

Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware


Microsoft Teams Zero-Day

CVE-2023-4863 is related to a heap buffer overflow that exists in the libwebp, which could allow a threat actor to perform an out-of-bounds memory write using a crafted HTML page. This vulnerability was previously associated with Chromium-based browsers. However, Microsoft Edge (Chromium-based) ingests Chromium, which gives rise to this vulnerability.

Likewise, CVE-2023-5217 was another heap buffer overflow vulnerability that existed in vp8 encoding in libvpx. This vulnerability exists in Microsoft Edge (Chromium-based) browsers, which threat actors can exploit to perform heap corruption via a crafted HTML page.

Both of these vulnerabilities were previously reported to Google Chrome and were fixed in version 117.0.5938.132.  

Product Article Download Build Number
Microsoft Skype Release Notes Security Update 8.105.0.208
WebP Image Extension Release Notes Security Update 1.0.62681.0
Microsoft Teams for Mac Release Notes Security Update 1.6.00.26463
Microsoft Teams for Desktop Release Notes Security Update 1.6.00.26474
Microsoft Edge (Chromium-based) Release Notes Security Update 116.0.1938.81
Source: Microsoft

As per Microsoft Edge, Microsoft has released the following build information.

Microsoft Edge Channel Microsoft Edge Version Based on Chromium Version Date Released
Stable 117.0.2045.47 117.0.5938.132 9/29/2023
Extended Stable 116.0.1938.98 116.0.5845.228 9/29/2023

Microsoft has released patches for fixing these vulnerabilities and urged its users to patch them accordingly. Users of these products are recommended to upgrade to the latest versions of these products to prevent these vulnerabilities from getting exploited.

Protect yourself from vulnerabilities using Patch Manager Plus to quickly patch over 850 third-party applications. Take advantage of the free trial to ensure 100% security.

转载原创文章请注明,转载自: Pikachu Hacker » Microsoft Teams & Edge Zero-Day Vulnerabilities Leads to Code Execution
Not Comment Found