CVE-2023-29350 – This vulnerability in Microsoft Edge allows att... (How to Fix)

Q: What is the severity of CVE-2023-29350?

CVE-2023-29350 has a CVSS score of 7.5 (HIGH). This vulnerability in Microsoft Edge allows attackers to gain elevated privileges on affected systems. It affects users running vulnerable versions of Microsoft Edge on Windows systems. Successful exploitation could let attackers execute code with higher privileges than intended.

📋 TL;DR

This vulnerability in Microsoft Edge allows attackers to gain elevated privileges on affected systems. It affects users running vulnerable versions of Microsoft Edge on Windows systems. Successful exploitation could let attackers execute code with higher privileges than intended.

💻 Affected Systems

Products:

Microsoft Edge (Chromium-based)

Versions: Versions prior to 113.0.1774.50

Operating Systems: Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, Windows Server 2022

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Microsoft Edge based on Chromium, not legacy EdgeHTML-based versions.

📦 What is this software?

Edge Chromium by Microsoft

View all CVEs affecting Edge Chromium →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to install programs, view/change/delete data, or create new accounts with full user rights.

🟠

Likely Case

Local privilege escalation allowing attackers to gain administrative privileges on the compromised system.

🟢

If Mitigated

Limited impact if systems are fully patched and running with least privilege principles.

🌐 Internet-Facing: LOW - This is primarily a local privilege escalation vulnerability requiring local access.

🏢 Internal Only: MEDIUM - Could be combined with other attacks to escalate privileges within an organization's network.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access to the system and user interaction to trigger the vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Microsoft Edge version 113.0.1774.50 or later

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29350

Restart Required: Yes

Instructions:

1. Open Microsoft Edge. 2. Click Settings (three dots) → Help and feedback → About Microsoft Edge. 3. Browser will automatically check for and install updates. 4. Restart Edge when prompted.

🔧 Temporary Workarounds

Disable Microsoft Edge

windows

Temporarily disable Microsoft Edge until patching is possible

🧯 If You Can't Patch

Implement application whitelisting to prevent unauthorized Edge execution
Run Edge with least privilege user accounts (non-admin)

🔍 How to Verify

Check if Vulnerable:

Open Microsoft Edge → Settings → Help and feedback → About Microsoft Edge. Check if version is below 113.0.1774.50.

Check Version:

msedge --version

Verify Fix Applied:

Verify Microsoft Edge version is 113.0.1774.50 or higher in About Microsoft Edge.

📡 Detection & Monitoring

Log Indicators:

Windows Event Logs showing unexpected Edge process elevation
Security logs with privilege escalation attempts

Network Indicators:

Unusual outbound connections from Edge processes with elevated privileges

SIEM Query:

EventID=4688 AND ProcessName="msedge.exe" AND NewProcessName contains elevated privilege indicators

📊 Metadata

CVE ID: CVE-2023-29350

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-269

Published: May 5, 2023

Last Updated: February 28, 2025

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29350 Patch,Vendor Advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29350 Patch,Vendor Advisory
https://security.gentoo.org/glsa/202309-17 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-29350, you might also want to check these: