Kaspersky LabKLA12430KLA12430 Multiple vulnerabilities in Microsoft Browser
9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
8.9 High
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.034 Low
EPSS
Percentile
91.3%
Detect date:
01/20/2022
Severity:
Warning
Description:
Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service.
Exploitation:
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Affected products:
Microsoft Edge (Chromium-based)
Solution:
Install necessary updates from the Settings and more menu, that are listed in your About Microsoft Edge page (Microsoft Edge About page usually can be accessed from the Help and feedback option)
Microsoft Edge update settings
Original advisories:
CVE-2022-0293
CVE-2022-0311
CVE-2022-0289
CVE-2022-0310
CVE-2022-0291
CVE-2022-0303
CVE-2022-0306
CVE-2022-0302
CVE-2022-0304
CVE-2022-0297
CVE-2022-0309
CVE-2022-0305
CVE-2022-0307
CVE-2022-0295
CVE-2022-0308
CVE-2022-0290
CVE-2022-0298
CVE-2022-0296
CVE-2022-0292
CVE-2022-0294
CVE-2022-0301
CVE-2022-0300
Impacts:
ACE
Related products:
CVE-IDS:
CVE-2022-03056.5High
CVE-2022-03068.8Critical
CVE-2022-02938.8Critical
CVE-2022-02988.8Critical
CVE-2022-02909.6Critical
CVE-2022-02968.8Critical
CVE-2022-03078.8Critical
CVE-2022-03048.8Critical
CVE-2022-03028.8Critical
CVE-2022-03108.8Critical
CVE-2022-03088.8Critical
CVE-2022-02946.5High
CVE-2022-03034.0Warning
CVE-2022-03017.8Critical
CVE-2022-02898.8Critical
CVE-2022-03118.8Critical
CVE-2022-02958.8Critical
CVE-2022-02926.5High
CVE-2022-03008.8Critical
CVE-2022-02916.5High
CVE-2022-02978.8Critical
CVE-2022-03096.5High
Microsoft official advisories:
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0289
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0290
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0291
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0292
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0293
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0294
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0295
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0296
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0297
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0298
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0300
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0301
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0302
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0303
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0304
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0305
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0306
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0307
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0308
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0309
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0310
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0311
msrc.microsoft.com/update-guide/en-US/vulnerability/c
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-0289
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-0290
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-0291
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-0292
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-0293
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-0294
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-0295
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-0296
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-0297
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-0298
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-0300
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-0301
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-0302
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-0303
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-0304
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-0305
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-0306
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-0307
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-0308
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-0309
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-0310
portal.msrc.microsoft.com/en-us/security-guidance
statistics.securelist.com/vulnerability-scan/month
support.microsoft.com/en-us/topic/microsoft-edge-update-settings-af8aaca2-1b69-4870-94fe-18822dbb7ef1
threats.kaspersky.com/en/class/Exploit/
threats.kaspersky.com/en/product/Microsoft-Edge/
Related
9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
8.9 High
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.034 Low
EPSS
Percentile
91.3%