#Security Vulnerability

**What is the version information for this release?** Microsoft Edge Channel Microsoft Edge Version Based on Chromium Version Date Released Stable 120.0.2336.0 120.0.6099.216/217 1/11/2024

**According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?** This vulnerability could lead to a browser sandbox escape.

Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigations might apply in your situation: * Systems that have disabled NTLM are not affected. * Apply the existing group policy to block NTLM hash. With this policy enabled, this issue for a remote SMB location client or server can be mitigated. To enable the policy: Select **Computer Configuration** > **Windows Settings** > \*\* Security Settings\*\* > **Local Policies** > **Security Options**. On the right pane, double-click the Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers policy per the options listed below in the Network security: **Restrict NTLM: Outgoing NTLM traffic to remote servers** documentation. **References**: * For customers running Windows Server 2008 or 2008 R2: Introducing the Restriction of NTLM Authentication * For customers runnin...

**According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?** Exploiting this vulnerability requires an attacker to be within proximity of the target system to send and receive radio transmissions.

**How could an attacker exploit this vulnerability?** An attacker could exploit the vulnerability by convincing, or waiting for, a user to connect to an Active Directory Domain Controller and then stealing network secrets. When the vulnerability is successfully exploited this could allow the attacker to retrieve sensitive data in plain-text which could be exploited for further attacks.

**According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?** An authenticated attacker with Site Owner permission can use the vulnerability to inject arbitrary code and execute this code in the context of SharePoint Server.

**What type of information could be disclosed by this vulnerability?** An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.