Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability [CVE-2020-1341]

CVE Number – CVE-2020-1341

An elevation of privilege vulnerability exists in Microsoft Edge (Chromium-based) when DLL files are allowed to download without prompting additional warning to the user. An attacker who successfully exploited this vulnerability could drop the DLL files on the users Download folder (or equivalent) and gain elevated privileges.

To exploit the vulnerability, the user must browse to a malicious website that is design to download a DLL file and click on the page to being the process. In an email attack scenario, an attacker could send an email message in an attempt to convince the user to go to the malicious site.

The vulnerability by itself does not allow arbitrary code to run. However, this vulnerability could be used in conjunction with one or more vulnerabilities (for example a remote code execution vulnerability and another elevation of privilege vulnerability) to take advantage of the elevated privileges when running.

The security update addresses the vulnerability by introducing additional security measures on Microsoft Edge (Chromium-based) and prompting a user warning before completing a DLL file download.

The version that contains the update is 84.0.522.40

Duncan Newell

Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: