Source
Microsoft Security Response Center
**Why is this Chrome CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. **How can I see the version of the browser?** 1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window 2. Click on **Help and Feedback** 3. Click on **About Microsoft Edge**
**Why is this Chrome CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. **How can I see the version of the browser?** 1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window 2. Click on **Help and Feedback** 3. Click on **About Microsoft Edge**
**Why is this Chrome CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. **How can I see the version of the browser?** 1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window 2. Click on **Help and Feedback** 3. Click on **About Microsoft Edge**
**What Security Feature could be bypassed by this vulnerability?** An attacker who successfully exploited this vulnerability could bypass Kerberos protection used by Defender Credential Guard.
**What privileges could an attacker gain?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
**According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?** Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.
**According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?** Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.
**According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?** Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.
**According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?** Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.
**What version of Azure Sphere has the update that protects from this vulnerability?** All versions of Azure Sphere that are 22.07 and higher are protected from this vulnerability. **How do I ensure my Azure Sphere device has the update?** If your device is new or has not been connected to the internet for a while, connect the device to a secure, private local network with internet access and allow the device to automatically update itself. If the device is already online, verify that the operating system version 21.07 has been installed using the Azure Sphere CLI command: azsphere device show-os-version If the device is connected to the internet and does not yet have the latest update, check the update status with the following Azure Sphere CLI command: azsphere device show-deployment-status **Azure Sphere is running on IoT devices in my environment. How do I know if any of those devices are affected by this vulnerability?** An IoT device that is running Azure Sphere and is ...