SynopsisThe remote host has a web browser installed that is affected by multiple vulnerabilities.
DescriptionThe version of Microsoft Edge installed on the remote host is missing Cumulative Security Update 3142019. It is, therefore, affected by multiple vulnerabilities :
- Multiple remote code execution vulnerabilities exist due to improper handling of objects in memory. An attacker can exploit these vulnerabilities by convincing a user to visit a specially crafted website, resulting in execution of arbitrary code in the context of the current user. (CVE-2016-0102, CVE-2016-0105, CVE-2016-0109, CVE-2016-0110, CVE-2016-0111, CVE-2016-0116, CVE-2016-0123, CVE-2016-0124, CVE-2016-0129, CVE-2016-0130)
- An information disclosure vulnerability exists due to improper handling of the referrer policy. An attacker can exploit this vulnerabilities by convincing a user to visit a specially crafted website, resulting in the disclosure of sensitive information about the request context or the browsing history of a user.
Note that CVE-2016-0116, CVE-2016-0124, and CVE-2016-0129 do not affect Windows 10, and they are only applicable to the Windows Server versions.
SolutionMicrosoft has released a set of patches for Windows 10.