MS17-001: Security Update for Microsoft Edge (3214288)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote host has a web browser installed that is affected by a
privilege escalation vulnerability.

Description :

The version of Microsoft Edge installed on the remote Windows host is
missing Cumulative Security Update 3214288. It is, therefore, affected
by a privilege escalation vulnerability due to improper enforcement of
cross-domain policies with 'about:blank'. An unauthenticated, remote
attacker can exploit this issue, via specially crafted web content, to
access information from one domain and inject it into another domain,
resulting in an elevation of privileges.

See also :

https://technet.microsoft.com/library/security/MS17-001

Solution :

Microsoft has released a set of patches for Windows 10 and Windows
Server 2016.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.2
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 96390 ()

Bugtraq ID: 95284

CVE ID: CVE-2017-0002

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now