Microsoft delivers emergency update for Edge vulnerability out of turn
Google had patched the gap in the latest Chrome update, and there are indications of active exploits. Redmond is now following suit.
(Image: Microsoft / Montage heise online)
Microsoft is providing an update outside the usual monthly patchday routine that closes critical vulnerabilities in the Windows Edge browser. The reason for the rush: one of these vulnerabilities (CVE-2024-7971, high risk) is already being actively exploited.
Google had already fixed it in Chrome with an update on Wednesday; Microsoft is now following suit with its Chrome-based Edge. Microsoft's Edge update also fixes five other vulnerabilities.
Videos by heise
According to the credits in Google's update announcement, Microsoft's Threat Intelligence Center (MSTIC) and the Microsoft Security Response Center (MSRC) reported the vulnerability and the attacks already taking place on Monday, August 19. Despite this, Microsoft has not provided any further information on who is being attacked or how to detect such attacks that have already taken place. This is a problem because installing the patch does not remove backdoors or other malware.
Even without this detailed information, all Windows users should, of course, install the Edge update as soon as possible.
(ju)
