14 DAY TRIAL // As part of this month’s Patch Tuesday rollout, Microsoft released a cumulative security update for Edge browser, as it discovered a total of 11 vulnerabilities that could allow an attacker to get the same privileges as the logged-in user.
The update in question is MS16-024 and is the one that Windows 10 users should prioritize when installing this month’s patches, as 10 of the 11 security flaws found in it are rated as critical.
The remote code execution flaws can only be exploited when an attacker loads a compromised website in Edge browser, so if you haven’t installed the update just yet, it’s better to simply stay away from links coming from sources you don’t know.
“The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights,” Microsoft explains.
The more secure Windows 10 browser
The patch modifies the way Microsoft Edge handles objects in memory and the referrer policy and a system reboot will be required after you install it.
Microsoft Edge was launched as a more secure alternative to Internet Explorer, but with more people moving to Windows 10 these days, it’s quickly becoming the preferred target for cybercriminals who are searching for flaws that can be exploited. At the same time, researchers are also moving to Edge, Wolfgang Kandek, CTO of Qualys, explained.
“Security researchers have been focusing their attention on Edge, which has slowly lost ground on Internet Explorer in terms of vulnerabilities: in December 2015 we were still 30 to 15 versus now in March at 13 to 11,” he said in a statement today.
MS16-024 is aimed at all Windows 10 versions, including 10240 (the RTM rolled out in July 2015) and 1511 (November Update) and can be installed on both 32- and 64-bit systems.