#microsoft

*What is the version information for this release?* Microsoft Edge Version Date Released Based on Chromium Version 93.0.961.52 9/16/2021 93.0.4577.82

Last updated on October 5, 2021: See revision history located at the end of the post for changes. On September 14, 2021, Microsoft released fixes for three Elevation of Privilege (EoP) vulnerabilities and one unauthenticated Remote Code Execution (RCE) vulnerability in the Open Management Infrastructure (OMI) framework: CVE-2021-38645, CVE-2021-38649, CVE-2021-38648, and CVE-2021-38647, respectively.

Microsoft Excel Remote Code Execution Vulnerability

Microsoft MSHTML Remote Code Execution Vulnerability

*Is the Preview Pane an attack vector for this vulnerability?* No, the Preview Pane is not an attack vector.

*Why is this Chrome CVE included in the Security Update Guide?* The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. *How can I see the version of the browser?* * In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window * Click on *Help and Feedback* * Click on *About Microsoft Edge*

*What type of information could be disclosed by this vulnerability?* The type of information that could be disclosed if an attacker successfully exploited this vulnerability is sensitive information.

*How do I get the updated app?* The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see here for details. It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. *My system is in a disconnected environment; is it vulnerable?* Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations. *How can I check if the update is installed?* If your device manufacturer preinstalled this app, package versions *1.0.42091.0* and later contain this update. If you purchased this app from the Microsoft Store, package versions *1.0.42094.0* and later contain this update. You can check the package version in PowerShell: Get-AppxPackage -Name Microsoft.HEVCVideoExtension*

*Is the Preview Pane an attack vector for this vulnerability?* No, the Preview Pane is not an attack vector.

*Is the Preview Pane an attack vector for this vulnerability?* No, the Preview Pane is not an attack vector.