CVE-2021-43844 – MSEdgeRedirect versions before 0.5.0.1 are vuln... (How to Fix)

Q: What is the severity of CVE-2021-43844?

CVE-2021-43844 has a CVSS score of 8.8 (HIGH). MSEdgeRedirect versions before 0.5.0.1 are vulnerable to remote code execution via crafted URLs that bypass URL validation. Attackers can execute malicious payloads by tricking users into accepting prompts from attacker-controlled webpages. This affects all users running vulnerable versions of MSEdgeRedirect.

📋 TL;DR

MSEdgeRedirect versions before 0.5.0.1 are vulnerable to remote code execution via crafted URLs that bypass URL validation. Attackers can execute malicious payloads by tricking users into accepting prompts from attacker-controlled webpages. This affects all users running vulnerable versions of MSEdgeRedirect.

💻 Affected Systems

Products:

MSEdgeRedirect

Versions: All versions before 0.5.0.1

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in default configuration; requires user interaction to trigger.

📦 What is this software?

Msedgeredirect by Msedgeredirect Project

View all CVEs affecting Msedgeredirect →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise via remote code execution, allowing attackers to install malware, steal data, or gain persistent access.

🟠

Likely Case

Limited impact due to requiring user interaction and payload download, but successful exploitation could lead to malware execution.

🟢

If Mitigated

No impact if users avoid suspicious prompts and keep software updated.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires user interaction (accepting prompt) and either guessing download path or accessing remote SMB share.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.5.0.1

Vendor Advisory: https://github.com/rcmaehl/MSEdgeRedirect/security/advisories/GHSA-95v4-748v-fmf9

Restart Required: No

Instructions:

1. Download MSEdgeRedirect 0.5.0.1 or later from GitHub releases. 2. Uninstall previous version. 3. Install updated version. 4. Verify version in application settings.

🧯 If You Can't Patch

Uninstall MSEdgeRedirect completely.
Train users to never accept unexpected prompts from web pages.

🔍 How to Verify

Check if Vulnerable:

Check MSEdgeRedirect version in application settings or installed programs list.

Check Version:

Not applicable - check via application GUI or Windows Programs and Features.

Verify Fix Applied:

Verify installed version is 0.5.0.1 or higher.

📡 Detection & Monitoring

Log Indicators:

Unusual file:/// URL executions via MSEdgeRedirect
Unexpected process launches from MSEdgeRedirect

Network Indicators:

Connections to suspicious SMB shares triggered by MSEdgeRedirect

SIEM Query:

Process creation where parent process contains 'MSEdgeRedirect' and command line contains 'file:///'

📊 Metadata

CVE ID: CVE-2021-43844

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-610

Published: December 20, 2021

Last Updated: November 21, 2024

🔗 References

https://github.com/rcmaehl/MSEdgeRedirect/releases/tag/0.5.0.1 Release Notes,Third Party Advisory
https://github.com/rcmaehl/MSEdgeRedirect/security/advisories/GHSA-95v4-748v-fmf9 Exploit,Third Party Advisory
https://github.com/rcmaehl/MSEdgeRedirect/releases/tag/0.5.0.1 Release Notes,Third Party Advisory
https://github.com/rcmaehl/MSEdgeRedirect/security/advisories/GHSA-95v4-748v-fmf9 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-43844, you might also want to check these: