Microsoft Edge Vulnerability Could Have Allowed Hackers to Access Your Data on Any Website

On June 28, 2021, Microsoft released updates for the Edge browser addressing two security flaws, one of which involves a critical security bypass vulnerability. This flaw could potentially allow hackers to inject and execute arbitrary code across all websites. Identified as CVE-2021-34506 (CVSS score: 5.4), the issue is rooted in a universal cross-site scripting (UXSS) vulnerability that occurs when the browser’s automatic translation feature, powered by Microsoft Translator, is used. The vulnerability was discovered and reported by Ignacio Laurence along with Vansh Devgan and Shivam Kumar Singh from CyberXplore Private Limited. CyberXplore researchers explained, “Unlike conventional XSS attacks, UXSS exploits client-side vulnerabilities in the browser or extensions to create an XSS condition and run malicious code.”

Security Flaw in Microsoft Edge Could Have Exposed User Data Across Websites

June 28, 2021

Microsoft recently issued updates to its Edge browser addressing two critical security vulnerabilities. Among these is a significant security bypass flaw that has raised concerns regarding the potential for malicious actors to inject and execute arbitrary code within the context of any website. This vulnerability, designated as CVE-2021-34506, carries a CVSS score of 5.4 and is linked to a universal cross-site scripting (UXSS) issue triggered through the browser’s built-in web page translation feature powered by Microsoft Translator.

The discovery of CVE-2021-34506 has been attributed to cybersecurity researchers Ignacio Laurence, Vansh Devgan, and Shivam Kumar Singh from CyberXplore Private Limited. They highlighted that, unlike standard cross-site scripting (XSS) attacks, which typically exploit vulnerabilities in individual web applications, UXSS targets client-side weaknesses within the browser itself or its extensions. This method allows hackers to create an environment conducive to the execution of malicious scripts.

This vulnerability represents a significant risk, as it could allow unauthorized access to sensitive information across various sites accessed through the Edge browser. Business owners utilizing this platform for daily operations should be particularly vigilant, as an exploitation of this flaw could have alarming implications for data integrity and confidentiality. For instance, the potential for attackers to hijack user sessions or obtain personal data underscores the urgent need for timely updates and secure browsing practices.

In terms of adversary tactics discernible through the MITRE ATT&CK framework, the UXSS attack may leverage initial access techniques by utilizing the browser’s built-in features to achieve unauthorized actions. Furthermore, persistence could be established through the installation of harmful scripts that remain within the browser environment, enabling ongoing access.

The implications of this vulnerability extend beyond individual users; organizations that rely on Microsoft Edge for their operations must take the necessary steps to ensure systems are up-to-date and security measures are reinforced. As cyber threats evolve, awareness and proactive strategies remain essential for safeguarding sensitive data against emerging vulnerabilities.

With a focus on collaborative efforts in the cybersecurity community, vigilance, proper security hygiene, and prompt updates are among the practices that can mitigate the risks associated with such vulnerabilities. The Edge browser update serves as a crucial reminder of the importance of maintaining robust cybersecurity protocols in an age where threats are continuously adapting and becoming more sophisticated.

Source link

Related Posts

Researchers Release PoC Exploit for Critical Windows RCE Vulnerability

On June 30, 2021, a proof-of-concept (PoC) exploit for a remote code execution vulnerability in the Windows Print Spooler, identified as CVE-2021-1675, was temporarily posted online before being removed. This security flaw, which Microsoft addressed in a Patch Tuesday update on June 8, 2021, could allow remote attackers to gain complete control over affected systems. The Print Spooler component, responsible for managing printer operations and loading drivers, poses significant risks due to its wide attack surface and high privilege level that enables the dynamic loading of third-party binaries. Shortly after the initial patch, Microsoft updated its assessment of the vulnerability’s impact from an elevation of privilege to remote code execution (RCE) and increased the severity rating.

Microsoft Alerts Users to Critical “PrintNightmare” Vulnerability Under Active Exploitation

On July 2, 2021, Microsoft confirmed that the “PrintNightmare” remote code execution (RCE) vulnerability in the Windows Print Spooler differs from a previously addressed issue in its recent Patch Tuesday update. The company has observed active attempts to exploit this flaw, tracked under CVE-2021-34527, with a severity rating of 8.8 on the CVSS scale. All Windows versions are affected by this vulnerability. Microsoft stated, “A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations.” Successful exploitation could allow attackers to execute arbitrary code with SYSTEM privileges, enabling them to install programs, manipulate data, or create accounts with full user rights.

Microsoft Releases Urgent Patch for Critical PrintNightmare Vulnerability in Windows

Microsoft has issued an emergency out-of-band security update to address a critical zero-day vulnerability, dubbed “PrintNightmare,” affecting the Windows Print Spooler service. This flaw, tracked as CVE-2021-34527 (with a CVSS score of 8.8), enables remote threat actors to execute arbitrary code and potentially seize control of affected systems. The issue impacts all supported versions of Windows, and the company recently reported active exploitation attempts targeting this vulnerability. According to the CERT Coordination Center, the Windows Print Spooler service does not adequately restrict access to functionalities that allow users to add printers and drivers, thus enabling a remote authenticated attacker to execute arbitrary code with SYSTEM privileges. Notably, PrintNightmare encompasses both remote code execution and local privilege escalation vectors that could be exploited in various attacks.

Microsoft’s Emergency Patch Ineffective Against PrintNightmare RCE Vulnerability

July 8, 2021

Microsoft’s attempt to mitigate the notorious PrintNightmare vulnerability across Windows 10 version 1607, Windows Server 2012, and Windows Server 2016 has proven inadequate. Reports indicate that the fix for the remote code execution exploit within the Windows Print Spooler service can still be circumvented under certain conditions, allowing attackers to execute arbitrary code on compromised systems. The company released an emergency out-of-band update for CVE-2021-34527 (CVSS score: 8.8) after researchers from Hong Kong-based cybersecurity firm Sangfor unintentionally disclosed the flaw late last month. Notably, this vulnerability is distinct from another issue, CVE-2021-1675, which Microsoft addressed on June 8. “Several days ago, two security vulnerabilities were identified in Microsoft Windows’ existing printing mechanism,” explained Yaniv Balmas, head of cyber research at C…