CVE-2024-43595
📋 TL;DR
This vulnerability in Microsoft Edge (Chromium-based) allows remote attackers to execute arbitrary code on affected systems by tricking users into visiting a specially crafted website. All users running vulnerable versions of Microsoft Edge are affected. The vulnerability requires user interaction but can lead to full system compromise.
💻 Affected Systems
- Microsoft Edge (Chromium-based)
📦 What is this software?
Edge Chromium by Microsoft
⚠️ Risk & Real-World Impact
Worst Case
Complete system takeover with attacker gaining the same privileges as the logged-in user, potentially leading to data theft, ransomware deployment, or lateral movement within the network.
Likely Case
Malicious code execution leading to credential theft, malware installation, or browser session hijacking for targeted users who visit malicious websites.
If Mitigated
Limited impact due to browser sandboxing and security controls, potentially resulting in browser crash or limited data exposure rather than full system compromise.
🎯 Exploit Status
Exploitation requires user interaction (visiting malicious website) but does not require authentication. The CWE-126 (Buffer Over-read) suggests memory corruption vulnerability.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 124.0.2478.80 or later
Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43595
Restart Required: Yes
Instructions:
1. Open Microsoft Edge. 2. Click the three-dot menu → Help and feedback → About Microsoft Edge. 3. Browser will automatically check for updates and install if available. 4. Restart Edge when prompted.
🔧 Temporary Workarounds
Disable JavaScript
allDisabling JavaScript prevents the malicious code from executing but breaks most website functionality.
Use Enhanced Security Mode
allEnable Microsoft Edge's Enhanced Security Mode for additional protection layers.
🧯 If You Can't Patch
- Restrict user access to untrusted websites using web filtering solutions
- Implement application whitelisting to prevent unauthorized code execution
🔍 How to Verify
Check if Vulnerable:
Check Microsoft Edge version by navigating to edge://settings/help or clicking menu → Help and feedback → About Microsoft EdgeCheck Version:
On Windows: """C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --version"""Verify Fix Applied:
Verify version is 124.0.2478.80 or higher in About Microsoft Edge page📡 Detection & Monitoring
Log Indicators:
- Edge crash reports with memory access violations
- Unusual process creation from Edge browser
- Suspicious network connections from Edge to unknown domains
Network Indicators:
- Traffic to known malicious domains hosting exploit code
- Unusual outbound connections following Edge usage
SIEM Query:
Process Creation where ParentImage contains "msedge.exe" AND CommandLine contains suspicious patterns