CVE-2019-0655 – This is a remote code execution vulnerability i... (How to Fix)

Q: What is the severity of CVE-2019-0655?

CVE-2019-0655 has a CVSS score of 7.5 (HIGH). This is a remote code execution vulnerability in Microsoft Edge's scripting engine that allows attackers to execute arbitrary code on affected systems. It affects users running vulnerable versions of Microsoft Edge on Windows systems. Attackers can exploit this by tricking users into visiting malicious websites.

📋 TL;DR

This is a remote code execution vulnerability in Microsoft Edge's scripting engine that allows attackers to execute arbitrary code on affected systems. It affects users running vulnerable versions of Microsoft Edge on Windows systems. Attackers can exploit this by tricking users into visiting malicious websites.

💻 Affected Systems

Products:

Microsoft Edge

Versions: Microsoft Edge (EdgeHTML-based) versions prior to the February 2019 security update

Operating Systems: Windows 10, Windows Server 2016, Windows Server 2019

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the legacy EdgeHTML-based Microsoft Edge browser, not the newer Chromium-based Edge. Windows 7/8.1 are not affected as they don't include EdgeHTML-based Edge.

📦 What is this software?

Chakracore by Microsoft

View all CVEs affecting Chakracore →

Edge by Microsoft

View all CVEs affecting Edge →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control over the victim's machine, enabling data theft, ransomware deployment, or persistent backdoor installation.

🟠

Likely Case

Malicious code execution in the context of the current user, potentially leading to credential theft, data exfiltration, or installation of additional malware.

🟢

If Mitigated

No impact if patched or if security controls block malicious websites and scripts.

🌐 Internet-Facing: HIGH - Exploitation requires only visiting a malicious website, which is common for internet-facing systems.

🏢 Internal Only: MEDIUM - Internal users could still be targeted via phishing or compromised internal websites.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires user interaction (visiting malicious website) but no authentication. Memory corruption vulnerabilities in browsers are frequently exploited in the wild.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Microsoft Edge version with February 2019 security updates

Vendor Advisory: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0655

Restart Required: Yes

Instructions:

1. Open Windows Update settings. 2. Check for updates. 3. Install all available updates, particularly the February 2019 security updates. 4. Restart the system when prompted.

🔧 Temporary Workarounds

Disable JavaScript

windows

Disable JavaScript in Microsoft Edge to prevent exploitation of scripting engine vulnerabilities

edge://settings/content/javascript (set to 'Block')

Use Enhanced Security Configuration

windows

Enable Enhanced Security Configuration in Internet Explorer mode settings for higher security

edge://settings/privacy (enable 'Enhanced security')

🧯 If You Can't Patch

Migrate to Chromium-based Microsoft Edge which is not affected by this vulnerability
Implement web filtering to block known malicious websites and restrict browsing to trusted sites only

🔍 How to Verify

Check if Vulnerable:

Check Edge version by navigating to edge://settings/help and verify if version is prior to February 2019 updates

Check Version:

In Edge browser, navigate to edge://settings/help or check Windows Update history for February 2019 security updates

Verify Fix Applied:

Verify Edge version is updated to February 2019 or later security update version

📡 Detection & Monitoring

Log Indicators:

Edge crash reports with memory corruption signatures
Unexpected process creation from Edge browser
Suspicious network connections from Edge to unknown domains

Network Indicators:

Traffic to known exploit kit domains
Unexpected outbound connections following Edge usage
Malicious script downloads

SIEM Query:

source="Microsoft-Windows-Security-Mitigations" AND event_id="1" AND process_name="MicrosoftEdge.exe" AND (memory_corruption OR access_violation)

📊 Metadata

CVE ID: CVE-2019-0655

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: March 5, 2019

Last Updated: November 21, 2024

🔗 References

http://www.securityfocus.com/bid/106912 Third Party Advisory,VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0655 Patch,Vendor Advisory
http://www.securityfocus.com/bid/106912 Third Party Advisory,VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0655 Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-0655, you might also want to check these: