Edge receives fix for escalation of privilege vulnerability

by Don Sharpe
Don Sharpe
Don Sharpe
Author
Don has been writing professionally for over 10 years now, but his passion for the written word started back in his elementary school days. His work has been... read more
Affiliate Disclosure
  • A security patch for an escalation of privileges threat in Edge is now available
  • Edge version  83.0.478.37. contains this update.
  • Visit the News page to learn more about software fixes and improvements from Microsoft.
  • Don't forget to check out our Microsoft Edge section for updates about the Chromium-based browser.
Edge-security

XINSTALL BY CLICKING THE DOWNLOAD FILE
To fix various PC problems, we recommend Restoro PC Repair Tool:
This software will repair common computer errors, protect you from file loss, malware, hardware failure and optimize your PC for maximum performance. Fix PC issues and remove viruses now in 3 easy steps:

  1. Download Restoro PC Repair Tool that comes with Patented Technologies (patent available here).
  2. Click Start Scan to find Windows issues that could be causing PC problems.
  3. Click Repair All to fix issues affecting your computer's security and performance
  • Restoro has been downloaded by 0 readers this month.

Microsoft takes Edge security and privacy seriously, which is necessary to stand a chance of catching on to the levels of Chrome and Firefox. Toward that end, the tech giant shipped a fix for an escalation of privilege vulnerability in its Chromium-based browser.

The security patch is part of the Edge update 83.0.478.37 that is currently rolling out in the Stable channel. The non-security updates include features like automatic profile switching.

Escalation of privilege vulnerability

Microsoft calls the security risk in question CVE-2020-1195. The exposure stems from the tendency of the Feedback extension in Edge to incorrectly validate input.

Therefore, if an attacker managed to take advantage of the loophole, they could move files to arbitrary memory locations. Doing that could also give the hacker higher system privileges.

An elevation of privilege vulnerability exists in Microsoft Edge (Chromium-based) when the Feedback extension improperly validates input. An attacker who successfully exploited this vulnerability could write files to arbitrary locations and gain elevated privileges. This vulnerability could be used in conjunction with one or more vulnerabilities (for example a remote code execution vulnerability and another elevation of privilege vulnerability) to take advantage of the elevated privileges when running.

Microsoft assigned the vulnerability an exploitation assessment index of 2. It means that users of the latest version of Edge are less likely to be a target for this kind of attack.

The escalation of privileges vulnerability, in itself, does not amount to an attacker executing illegal code. But a hacker can use it to pave the way for a more serious breach.

For example, after illegally attaining elevated privileges, they could exploit a remote code execution (RCE) loophole. An RCE attack could in turn allow them to steal data, spy, or even stage a denial of service attack.

However, the escalation of privilege vulnerability in Edge should be no cause for alarm. Microsoft has not received any evidence of its exploitation in the wild.

If you have any questions or suggestions regarding Microsoft Edge security, you can always leave them in the comments section below.

idee restoro Still having issues? Fix them with this tool:
  1. Download this PC Repair Tool rated Great on TrustPilot.com (download starts on this page).
  2. Click Start Scan to find Windows issues that could be causing PC problems.
  3. Click Repair All to fix issues with Patented Technologies (Exclusive Discount for our readers).

Restoro has been downloaded by 0 readers this month.

This article covers:Topics: