MS16-038: Cumulative Security Update for Microsoft Edge (3148532)

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

The remote host has a web browser installed that is affected by
multiple vulnerabilities.

Description :

The version of Microsoft Edge installed on the remote host is missing
Cumulative Security Update 3148532. It is, therefore, affected by
multiple vulnerabilities :

- Multiple remote code execution vulnerabilities exist due
to improper handling of objects in memory. An attacker
can exploit these vulnerabilities by convincing a user
to visit a specially crafted website, resulting in the
execution of arbitrary code in the context of the
current user. (CVE-2016-0154, CVE-2016-0155,
CVE-2016-0156, CVE-2016-0157)

- A privilege escalation vulnerability exists due to
improper enforcement of cross-domain policies. An
attacker can exploit this vulnerability by convincing a
user to visit a specially crafted website, allowing
the attacker to inject information from an outside
domain. (CVE-2016-0158)

- A privilege escalation vulnerability exists due to
improper validation of JavaScript. An attacker can
exploit this, by convincing a user to visit a specially
crafted website, to run JavaScript at a higher privilege
level than is allowed. (CVE-2016-0161)

Note that CVE-2016-0155 will only affect Windows client installations
running at the version 1511 level.

See also :

https://technet.microsoft.com/library/security/MS16-038

Solution :

Microsoft has released a set of patches for Windows 10.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 90432 ()

Bugtraq ID: 85894
85898
85902
85904
85905
85938

CVE ID: CVE-2016-0154
CVE-2016-0155
CVE-2016-0156
CVE-2016-0157
CVE-2016-0158
CVE-2016-0161

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now