Microsoft patches a privileged escalation vulnerability in Edge

Microsoft patches a privilege escalation vulnerability in Edge

Microsoft has issued an out-of-band patch for a privileged escalation vulnerability in Microsoft Edge (Chromium-based).

Microsoft said the elevation of privilege vulnerability CVE-2020-1195 exists in Edge when the Feedback extension improperly validates input.

“An attacker who successfully exploited this vulnerability could write files to arbitrary locations and gain elevated privileges,” Microsoft warned in the advisory.

Furthermore, Microsoft said an attacker could exploit this vulnerability in conjunction with other vulnerabilities, such as remote code execution, to take advantage of the elevated privileges while running.

The latest Edge update 83.0.478.37 addresses this vulnerability.

Related Articles