Systems Affected
ChakraCore
Microsoft Edge (EdgeHTML-based) for
- https://portal.msrc.microsoft.com/en-us/security-guidance
- Windows 10 version 1607 for 32-bit Systems and x64-based Systems
- Windows 10 version 1709 for 32-bit Systems, ARM64-based Systems and x64-based Systems
- Windows 10 version 1803 for 32-bit Systems, ARM64-based Systems and x64-based Systems
- Windows 10 version 1809 for 32-bit Systems, ARM64-based Systems and x64-based Systems
- Windows 10 version 1903 for 32-bit Systems, ARM64-based Systems and x64-based Systems
- Windows 10 version 1909 for 32-bit Systems, ARM64-based Systems and x64-based Systems
- Windows Server 2016
- Windows Server 2019
Overview
Vulnerability resides in the Microsoft script engine where an attacker could perform remote code execution with the user privilege of the current user
Description
Vulnerability exists in the Chakra scripting engine due to the ineffective way of handling objects in the memory. Remote attacker could exploit this vulnerability to execute arbitrary code pretending to be the current user. Which means an attacker could gain the same user privilege as the currently logged-in user. If the user has logged-in with administrator privileges an attacker could do more damage to the system.
Impact
- Possibility of exposing confidential information to unauthorized parties
- System could be infected with malware
Solution/ Workarounds
Apply appropriate patches as mentioned in the Microsoft Security Guidance
https://portal.msrc.microsoft.com/en-us/security-guidance
References
- https://www.cert-in.org.in
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1073
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.