An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser. An attacker who successfully exploited this vulnerability could gain elevated privileges and break out of the Edge AppContainer sandbox. The vulnerability by itself does not allow arbitrary code to run. However, this vulnerability could be used in conjunction with one or more vulnerabilities (for example a remote code execution vulnerability and another elevation of privilege vulnerability) to take advantage of the elevated privileges when running. The security update addresses the vulnerability by modifying how Microsoft Edge handles sandboxing.
Microsoft Edge CVE-2018-8469 Remote Privilege Escalation Vulnerability
Microsoft Edge Sandbox Escape Command Execution (CVE-2018-8463; CVE-2018-8468; CVE-2018-8469)
KB4457138: Windows 10 Version 1703 September 2018 Security Update
KB4457142: Windows 10 Version 1709 and Windows Server Version 1709 September 2018 Security Update
KB4457131: Windows 10 Version 1607 and Windows Server 2016 September 2018 Security Update
KB4457128: Windows 10 Version 1803 and Windows Server Version 1803 September 2018 Security Update
Microsoft Patch Tuesday - September 2018