CVE-2023-36735
📋 TL;DR
This vulnerability in Microsoft Edge allows attackers to execute arbitrary code with elevated privileges by exploiting a use-after-free memory corruption flaw. It affects all users running vulnerable versions of Microsoft Edge on Windows systems. Successful exploitation could lead to complete system compromise.
💻 Affected Systems
- Microsoft Edge (Chromium-based)
📦 What is this software?
Edge Chromium by Microsoft
⚠️ Risk & Real-World Impact
Worst Case
Complete system takeover with SYSTEM-level privileges, enabling installation of persistent malware, data theft, and lateral movement across networks.
Likely Case
Local privilege escalation allowing attackers to bypass security controls, install additional malware, or access sensitive system resources.
If Mitigated
Limited impact if Edge is run with sandboxing enabled and users have limited privileges, though exploitation could still bypass some security boundaries.
🎯 Exploit Status
Requires local access or ability to execute code in user context first. Often chained with other vulnerabilities for remote exploitation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Microsoft Edge version 116.0.1938.69 and later
Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36735
Restart Required: Yes
Instructions:
1. Open Microsoft Edge. 2. Click Settings (three dots) → Help and feedback → About Microsoft Edge. 3. Browser will automatically check for and install updates. 4. Restart Edge when prompted. For enterprise deployments, use Microsoft Edge Update policies or Microsoft Endpoint Configuration Manager.
🔧 Temporary Workarounds
Disable Edge sandbox escape mitigations
windowsConfigure Edge to run with enhanced sandboxing to limit privilege escalation impact
Not applicable - configure via Group Policy or registry settings
Run Edge with reduced privileges
windowsConfigure Edge to run as standard user without administrative rights
Not applicable - configure via Windows User Account Control settings
🧯 If You Can't Patch
- Restrict Edge usage to non-administrative accounts and implement application control policies
- Deploy additional endpoint protection with memory corruption exploit prevention capabilities
🔍 How to Verify
Check if Vulnerable:
Open Microsoft Edge → Settings → Help and feedback → About Microsoft Edge. Check if version is below 116.0.1938.69.Check Version:
On Windows command line: "reg query "HKEY_CURRENT_USER\Software\Microsoft\Edge\BLBeacon" /v version" or check Edge → Settings → About Microsoft EdgeVerify Fix Applied:
Verify Edge version is 116.0.1938.69 or higher in About Microsoft Edge page.📡 Detection & Monitoring
Log Indicators:
- Windows Event Logs: Process creation events showing Edge spawning child processes with elevated privileges
- Security logs: Privilege escalation attempts, unexpected process behavior from msedge.exe
Network Indicators:
- Unusual network connections originating from Edge processes with elevated privileges
- DNS queries to known exploit or C2 domains from Edge
SIEM Query:
Process Creation where (Image="*\\msedge.exe") AND (ParentImage!="*\\msedge.exe") AND (IntegrityLevel="High" OR IntegrityLevel="System")