Security
Headlines
HeadlinesLatestCVEs

Tag

#Security Vulnerability

CVE-2021-30633: Chromium: CVE-2021-30633 Use after free in Indexed DB API

*What is the version information for this release?* Microsoft Edge Version Date Released Based on Chromium Version 93.0.961.52 9/16/2021 93.0.4577.82

Microsoft Security Response Center
#Microsoft Edge (Chromium-based)#Security Vulnerability#microsoft
CVE-2021-38650: Microsoft Office Spoofing Vulnerability

*Is the Preview Pane an attack vector for this vulnerability?* No, the Preview Pane is not an attack vector.

CVE-2021-30632: Chromium: CVE-2021-30632 Out of bounds write in V8

*Why is this Chrome CVE included in the Security Update Guide?* The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. *How can I see the version of the browser?* * In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window * Click on *Help and Feedback* * Click on *About Microsoft Edge*

CVE-2021-40448: Microsoft Accessibility Insights for Android Information Disclosure Vulnerability

*What type of information could be disclosed by this vulnerability?* The type of information that could be disclosed if an attacker successfully exploited this vulnerability is sensitive information.

CVE-2021-38661: HEVC Video Extensions Remote Code Execution Vulnerability

*How do I get the updated app?* The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see here for details. It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. *My system is in a disconnected environment; is it vulnerable?* Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations. *How can I check if the update is installed?* If your device manufacturer preinstalled this app, package versions *1.0.42091.0* and later contain this update. If you purchased this app from the Microsoft Store, package versions *1.0.42094.0* and later contain this update. You can check the package version in PowerShell: Get-AppxPackage -Name Microsoft.HEVCVideoExtension*

CVE-2021-38657: Microsoft Office Graphics Component Information Disclosure Vulnerability

*What type of information could be disclosed by this vulnerability?* The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.