| VID |
50363 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The version of Microsoft Edge installed on the remote Windows host is prior to 96.0.1054.57. It is, therefore, affected by multiple vulnerabilities as referenced in the December 14, 2021 advisory.
- Insufficient data validation in Mojo (CVE-2021-4098)
- Use after unlocking in Swiftshader (CVE-2021-4099)
- Object lifecycle issues in ANGLE (CVE-2021-4100)
- Heap buffer overflow in Swiftshader (CVE-2021-4101 )
- Used after releasing in V8 (CVE-2021-4102)
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of these conditions will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#december-14-2021
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4098
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4099
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4100
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4101
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4102
* Platforms Affected:
Microsoft Edge versions prior to 96.0.1054.57
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of Microsoft Edge at (96.0.1054.57 or later), as described in the Microsoft Security bulletin at
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#december-14-2021 |
| Related URL |
CVE-2021-4098,CVE-2021-4099,CVE-2021-4100,CVE-2021-4101,CVE-2021-4102 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
