Source
Microsoft Security Response Center
*What is the version information for this release?* Microsoft Edge Version Date Released Based on Chromium Version 95.0.1020.30 10/21/2021 95.0.4638.54
*What is the version information for this release?* Microsoft Edge Version Date Released Based on Chromium Version 95.0.1020.30 10/21/2021 95.0.4638.54
*Which Surface devices are affected by this vulnerability?* The Surface Pro 3. *Are any other devices vulnerable?* Microsoft has confirmed that the Surface Pro 3 is vulnerable. However, it is possible that other devices, including non-Microsoft devices, using a similar BIOS may also be vulnerable. The Surface Pro 4, Surface Book, and more recent Surface devices are not vulnerable. *What can an attacker do with this vulnerability?* Devices use Platform Configuration Registers (PCRs) to record information about device and software configuration to ensure that the boot process is secure. Windows uses these PCR measurements to determine device health. A vulnerable device can masquerade as a healthy device by extending arbitrary values into Platform Configuration Register (PCR) banks. *How do I protect myself?* This technique requires physical access to a target victim’s device, or an attacker would already have had to compromise a legitimate user's credentials. We encourage custom...
*What is the attack vector for this vulnerability?* In a network-based attack, an authenticated attacker can gain access to create a site and could execute code remotely within the SharePoint Server.
*Is the Preview Pane an attack vector for this vulnerability?* Yes, the Preview Pane is an attack vector.
*Is the Preview Pane an attack vector for this vulnerability?* No, the Preview Pane is not an attack vector.
*What kind of information can be disclosed?* An attacker can gain access to an organizational's email, sites, filename, url of file...
*Is the Preview Pane an attack vector for this vulnerability?* No, the Preview Pane is not an attack vector.
*Is the Preview Pane an attack vector for this vulnerability?* No, the Preview Pane is not an attack vector.
*Is the Preview Pane an attack vector for this vulnerability?* No, the Preview Pane is not an attack vector.