MS16-024: Cumulative Security Update for Microsoft Edge (3142019)

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

The remote host has a web browser installed that is affected by
multiple vulnerabilities.

Description :

The version of Microsoft Edge installed on the remote host is missing
Cumulative Security Update 3142019. It is, therefore, affected by
multiple vulnerabilities :

- Multiple remote code execution vulnerabilities exist due
to improper handling of objects in memory. An attacker
can exploit these vulnerabilities by convincing a user
to visit a specially crafted website, resulting in
execution of arbitrary code in the context of the
current user. (CVE-2016-0102, CVE-2016-0105,
CVE-2016-0109, CVE-2016-0110, CVE-2016-0111,
CVE-2016-0116, CVE-2016-0123, CVE-2016-0124,
CVE-2016-0129, CVE-2016-0130)

- An information disclosure vulnerability exists due to
improper handling of the referrer policy. An attacker
can exploit this vulnerabilities by convincing a user
to visit a specially crafted website, resulting in the
disclosure of sensitive information about the request
context or the browsing history of a user.
(CVE-2016-0125)

Note that CVE-2016-0116, CVE-2016-0124, and CVE-2016-0129 do
not affect Windows 10, and they are only applicable to the
Windows Server versions.

See also :

https://technet.microsoft.com/library/security/MS16-024

Solution :

Microsoft has released a set of patches for Windows 10.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:ND)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now