CVE-2023-36562
📋 TL;DR
This vulnerability in Microsoft Edge allows attackers to gain elevated privileges on affected systems by exploiting a use-after-free memory corruption issue. It affects users running vulnerable versions of Microsoft Edge on Windows systems. Successful exploitation could allow attackers to execute arbitrary code with higher privileges than intended.
💻 Affected Systems
- Microsoft Edge (Chromium-based)
📦 What is this software?
Edge Chromium by Microsoft
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise with SYSTEM-level privileges, enabling installation of persistent malware, credential theft, and lateral movement across the network.
Likely Case
Local privilege escalation allowing attackers to bypass security controls, install unwanted software, or access restricted system resources.
If Mitigated
Limited impact with proper patch management and application sandboxing in place, though some risk remains from sophisticated attacks.
🎯 Exploit Status
Requires user interaction (visiting malicious website) and knowledge of memory corruption techniques. No public exploit code available as of analysis.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Microsoft Edge version 118.0.2088.46 and later
Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36562
Restart Required: Yes
Instructions:
1. Open Microsoft Edge. 2. Click Settings (three dots) → Help and feedback → About Microsoft Edge. 3. Browser will automatically check for updates and install if available. 4. Restart Edge when prompted. For enterprise deployments, use Microsoft Edge update policies or Microsoft Endpoint Manager.
🔧 Temporary Workarounds
Disable Edge via Group Policy
windowsTemporarily disable Microsoft Edge while waiting for patch deployment
gpedit.msc → Computer Configuration → Administrative Templates → Windows Components → Microsoft Edge → Set 'Allow Microsoft Edge to start and load the Start and New Tab page at Windows startup and each time Microsoft Edge is closed' to Disabled
Use Application Control
windowsRestrict execution of Microsoft Edge using Windows Defender Application Control
New-CIPolicy -FilePath EdgeBlock.xml -Level Publisher -UserPEs -Fallback Hash -MultiplePolicyFormat
ConvertFrom-CIPolicy -XmlFilePath EdgeBlock.xml -BinaryFilePath EdgeBlock.bin
Deploy via Group Policy: Computer Configuration → Administrative Templates → System → Device Guard → Deploy Code Integrity Policy
🧯 If You Can't Patch
- Implement strict application whitelisting to prevent unauthorized Edge execution
- Deploy enhanced monitoring for privilege escalation attempts and unusual Edge process behavior
🔍 How to Verify
Check if Vulnerable:
Open Edge → Settings → Help and feedback → About Microsoft Edge. Check if version is below 118.0.2088.46.Check Version:
msedge --version (Windows/Linux) or check edge://settings/help in browserVerify Fix Applied:
Confirm Edge version is 118.0.2088.46 or higher in About Microsoft Edge page.📡 Detection & Monitoring
Log Indicators:
- Windows Event Logs: Security event 4688 (process creation) showing Edge spawning with unusual parent processes
- Edge crash reports with memory corruption signatures
- UAC bypass attempts in Windows Security logs
Network Indicators:
- Connections to known malicious domains from Edge processes
- Unusual outbound traffic following Edge execution
SIEM Query:
source="Windows Security" EventID=4688 AND (NewProcessName="*\msedge.exe" OR ParentProcessName="*\msedge.exe") | stats count by ParentProcessName, NewProcessName, CommandLine