Kaspersky LabKLA12495KLA12495 Multiple vulnerabilities in Microsoft Browser
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.4 High
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
72.1%
Detect date:
04/01/2022
Severity:
High
Description:
Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, gain privileges, spoof user interface.
Affected products:
Microsoft Edge (Chromium-based)
Solution:
Install necessary updates from the Settings and more menu, that are listed in your About Microsoft Edge page (Microsoft Edge About page usually can be accessed from the Help and feedback option)
Microsoft Edge update settings
Original advisories:
CVE-2022-1125
CVE-2022-1128
CVE-2022-1133
CVE-2022-1130
CVE-2022-26894
CVE-2022-1146
CVE-2022-1145
CVE-2022-1127
CVE-2022-1137
CVE-2022-26891
CVE-2022-1136
CVE-2022-26908
CVE-2022-26912
CVE-2022-1139
CVE-2022-24523
CVE-2022-1135
CVE-2022-1138
CVE-2022-1143
CVE-2022-26895
CVE-2022-26900
CVE-2022-1134
CVE-2022-1131
CVE-2022-24475
CVE-2022-1129
CVE-2022-26909
Impacts:
ACE
Related products:
CVE-IDS:
CVE-2022-11438.8Critical
CVE-2022-11338.8Critical
CVE-2022-11348.8Critical
CVE-2022-11386.5High
CVE-2022-11368.8Critical
CVE-2022-11278.8Critical
CVE-2022-11358.8Critical
CVE-2022-11296.5High
CVE-2022-11396.5High
CVE-2022-11376.5High
CVE-2022-11308.1Critical
CVE-2022-11286.5High
CVE-2022-11258.8Critical
CVE-2022-11466.5High
CVE-2022-11457.5Critical
CVE-2022-11318.8Critical
CVE-2022-268948.3Critical
CVE-2022-268918.3Critical
CVE-2022-269088.3Critical
CVE-2022-269128.3Critical
CVE-2022-245234.3Warning
CVE-2022-268958.3Critical
CVE-2022-269008.3Critical
CVE-2022-244758.3Critical
CVE-2022-269098.3Critical
Microsoft official advisories:
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1125
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1127
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1128
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1129
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1130
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1131
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1133
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1134
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1135
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1136
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1137
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1138
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1139
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1143
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1145
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1146
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24475
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24523
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26891
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26894
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26895
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26900
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26908
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26909
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26912
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1125
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1127
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1128
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1129
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1130
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1131
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1133
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1134
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1135
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1136
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1137
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1138
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1139
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1143
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1145
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1146
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24475
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24523
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26891
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26894
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26895
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26900
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26908
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26909
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26912
portal.msrc.microsoft.com/en-us/security-guidance
statistics.securelist.com/vulnerability-scan/month
support.microsoft.com/en-us/topic/microsoft-edge-update-settings-af8aaca2-1b69-4870-94fe-18822dbb7ef1
threats.kaspersky.com/en/product/Microsoft-Edge/
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.4 High
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
72.1%