Microsoft closes serious security vulnerability in Edge browsers
A critical vulnerability in Edge browsers allows the remote execution of malicious code. The latest patch fixes the problem.
(Image: Screenshot und Montage: heise online)
Microsoft has closed a critical security vulnerability. This vulnerability, classified as a zero-day vulnerability, made it possible to remotely execute malicious code in the Edge browser via manipulated HTML pages. In the worst-case scenario, this flaw could lead to data theft, malware installation or complete system takeover. "Zero-day" refers to acute vulnerabilities that must be closed immediately with a "zero-day" response time.
Triggering the update manually
To install the update, go to the "Help and feedback" menu item and select "About Microsoft Edge". The update will then be loaded automatically, and the current release number will be displayed. In the mobile network, the option "Download updates via clocked connections" may need to be activated. The release version should then be 128.0.2739.42 or newer, and the message "Microsoft Edge is up-to-date" should appear. On several PCs in the heise online editorial team, the update was not installed by manually calling up Windows Update, only the path via the browser itself was successful.
Videos by heise
Microsoft points out that the vulnerability cataloged as CVE-2024-7971 is being actively exploited and emphasizes the urgency of installing the latest update immediately.
(nie)
