Issuing CNA: Chrome

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

How can I see the version of the browser?

1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
2. Click on Help and Feedback
3. Click on About Microsoft Edge

Information published.

Issuing CNA: Chrome

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

How can I see the version of the browser?

1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
2. Click on Help and Feedback
3. Click on About Microsoft Edge

Information published.

Issuing CNA: Chrome

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

How can I see the version of the browser?

1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
2. Click on Help and Feedback
3. Click on About Microsoft Edge

Information published.

Issuing CNA: Microsoft

What kind of security feature could be bypassed by successfully exploiting this vulnerability?

An attacker who successfully exploited this vulnerability could bypass Secure Boot.

According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to compromise admin credentials on the device.

Are there additional steps I need to take to be protected from this vulnerability?

All customers should apply the April 9, 2024 Windows security updates. These security updates address this vulnerability by updating the Windows Boot Manager and other components, but the protections are not enabled by default. Additional steps are required at this time to mitigate this vulnerability. Please refer to [https://support.microsoft.com/help/5025885](KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932). This article describes the protection against this Secure Boot security feature bypass, how to enable the protections, and guidance to update bootable media.

Information published.

Issuing CNA: Microsoft

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component.

What kind of security feature could be bypassed by successfully exploiting this vulnerability?

An attacker who successfully exploited this vulnerability could bypass Secure Boot.

Are there additional steps I need to take to be protected from this vulnerability?

All customers should apply the April 9, 2024 Windows security updates. These security updates address this vulnerability by updating the Windows Boot Manager and other components, but the protections are not enabled by default. Additional steps are required at this time to mitigate this vulnerability. Please refer to [https://support.microsoft.com/help/5025885](KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932). This article describes the protection against this Secure Boot security feature bypass, how to enable the protections, and guidance to update bootable media.

According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?

An authenticated attacker could exploit this vulnerability with LAN access.

According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability?

An unauthorized attacker must wait for a user to initiate a connection.

Information published.

Issuing CNA: Microsoft

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component.

What kind of security feature could be bypassed by successfully exploiting this vulnerability?

An attacker who successfully exploited this vulnerability could bypass Secure Boot.

Are there additional steps I need to take to be protected from this vulnerability?

All customers should apply the April 9, 2024 Windows security updates. These security updates address this vulnerability by updating the Windows Boot Manager and other components, but the protections are not enabled by default. Additional steps are required at this time to mitigate this vulnerability. Please refer to [https://support.microsoft.com/help/5025885](KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932). This article describes the protection against this Secure Boot security feature bypass, how to enable the protections, and guidance to update bootable media.

According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?

An authenticated attacker could exploit this vulnerability with LAN access.

According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability?

An unauthorized attacker must wait for a user to initiate a connection.

Information published.

Issuing CNA: Microsoft

According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.

How could an attacker exploit this vulnerability?

To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.

Additionally, an attacker could convince a local user to open a malicious file. The attacker would have to convince the user to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.

According to the CVSS metric, privileges required is low (PR:L). What does that mean for this remote code execution vulnerability?

An authenticated attacker who successfully exploited a vulnerability in WordPad when closing a maliciously crafted .docx file could trigger execution of malicious code.

Information published.

Issuing CNA: Microsoft

What privileges could be gained by an attacker who successfully exploited the vulnerability?

An attacker who successfully exploited this vulnerability could gain specific limited administrator privileges.

According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H) but have no effect on integrity (I:N) or on availability (A:N). What does that mean for this vulnerability?

An authenticated attacker with Read permissions to an Azure Compute Gallery Virtual Machine (VM) deployment could replicate the disk into another VM and view the data it contains. However, they cannot remove or delete the disk from the targeted VM, nor can they alter the disk's data.

What actions do customers need to take to protect themselves from this vulnerability?

The vulnerability has been mitigated by the latest change to the Azure Compute Gallery (ACG) image creation permission requirements. Traditionally, read access on the Virtual Machine and disks/snapshots were required to import the VM/disk into an ACG image. To enhance the security posture and ensure that permissions are granted accurately at the appropriate access level during Virtual Machine Image creation in ACG, customers will be required to have write access on the source Virtual Machine and disks/snapshots/blobs.

For information on how to update permissions, see What RBAC Permissions are required to create an ACG Image.

Information published.

Issuing CNA: Microsoft

What kind of security feature could be bypassed by successfully exploiting this vulnerability?

An attacker who successfully exploited this vulnerability could bypass Secure Boot.

Are there additional steps I need to take to be protected from this vulnerability?

All customers should apply the April 9, 2024 Windows security updates. These security updates address this vulnerability by updating the Windows Boot Manager and other components, but the protections are not enabled by default. Additional steps are required at this time to mitigate this vulnerability. Please refer to [https://support.microsoft.com/help/5025885](KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932). This article describes the protection against this Secure Boot security feature bypass, how to enable the protections, and guidance to update bootable media.

Information published.

Issuing CNA: Microsoft

According to the CVSS metric, the attack vector is physical (AV:P). What does that mean for this vulnerability?

An unauthenticated attacker needs to physically connect a specially crafted USB device to exploit this vulnerability.

Information published.

Issuing CNA: Microsoft

According to the CVSS metric, the attack vector is physical (AV:P). What does that mean for this vulnerability?

An unauthenticated attacker needs to physically connect a specially crafted USB device to exploit this vulnerability.

Information published.

Issuing CNA: Microsoft

Information published.

Issuing CNA: Microsoft

What type of information could be disclosed by this vulnerability?

An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.

Information published.

Issuing CNA: Microsoft

According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.

According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability?

An unauthorized attacker must wait for a user to initiate a connection.

Information published.

Issuing CNA: Microsoft

What type of information could be disclosed by this vulnerability?

Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap.

Information published.

Issuing CNA: Microsoft

According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability?

An unauthorized attacker must wait for a user to initiate a connection.

According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?

This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client.

Information published.