Login Sign Up

CVE-2022-26909

8.3 HIGH

📋 TL;DR

This vulnerability allows an attacker to gain elevated privileges in Microsoft Edge by exploiting a flaw in the Chromium-based browser's security model. It affects users running vulnerable versions of Microsoft Edge on Windows systems. Successful exploitation could allow attackers to execute arbitrary code with higher privileges than intended.

💻 Affected Systems

Products:
  • Microsoft Edge (Chromium-based)
Versions: Versions prior to 101.0.1210.32
Operating Systems: Windows 10, Windows 11, Windows Server 2019, Windows Server 2022
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects Chromium-based Microsoft Edge, not legacy EdgeHTML version. Requires user interaction or combined with other exploits.

📦 What is this software?

Edge Chromium by Microsoft

View all CVEs affecting Edge Chromium →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through arbitrary code execution with elevated privileges, potentially leading to data theft, malware installation, or lateral movement within the network.

🟠

Likely Case

Local privilege escalation allowing attackers to bypass security restrictions, access sensitive data, or install persistent malware on the affected system.

🟢

If Mitigated

Limited impact with proper patch management and security controls in place, though temporary exposure during patch rollout windows.

🌐 Internet-Facing: MEDIUM - While primarily a local attack vector, it could be combined with other exploits in drive-by download scenarios.
🏢 Internal Only: HIGH - Most dangerous in internal environments where attackers could combine this with initial access to escalate privileges laterally.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access or combination with other vulnerabilities. Microsoft has not disclosed technical details to prevent weaponization.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Microsoft Edge version 101.0.1210.32 or later

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26909

Restart Required: Yes

Instructions:

1. Open Microsoft Edge. 2. Click Settings (three dots) → Help and feedback → About Microsoft Edge. 3. Browser will automatically check for and install updates. 4. Restart Edge when prompted. For enterprise deployments, use Microsoft Edge Update policies or Microsoft Endpoint Configuration Manager.

🔧 Temporary Workarounds

Disable Edge via Group Policy

windows

Temporarily disable Microsoft Edge usage while patching

gpedit.msc → Computer Configuration → Administrative Templates → Windows Components → Microsoft Edge → Set 'Allow Microsoft Edge to start and load the Start and New Tab page at Windows startup and each time Microsoft Edge is closed' to Disabled

🧯 If You Can't Patch

  • Restrict user privileges to standard accounts to limit impact scope
  • Implement application whitelisting to prevent unauthorized Edge execution

🔍 How to Verify

Check if Vulnerable:

Open Edge → Settings → About Microsoft Edge → Check if version is below 101.0.1210.32

Check Version:

msedge --version (Windows command line)

Verify Fix Applied:

Confirm Edge version is 101.0.1210.32 or higher in About Microsoft Edge page

📡 Detection & Monitoring

Log Indicators:

  • Unusual Edge process spawning with elevated privileges
  • Security event logs showing privilege escalation attempts

Network Indicators:

  • Unusual outbound connections from Edge processes
  • Traffic to known exploit hosting domains

SIEM Query:

Process Creation where (Image contains 'msedge.exe' and IntegrityLevel changes from 'Medium' to 'High' or 'System')

📊 Metadata

CVE ID: CVE-2022-26909
CVSS v3 Score: 8.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Published: April 5, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON