CVE-2017-8661

Name of the Vulnerable Software and Affected Versions Microsoft Edge versions 10.0.14393.0 through 10.0.15063.0 Microsoft Edge in Windows 10 1607, 1703, and Windows Server 2016

Description A remote code execution issue exists due to the way Microsoft scripting engines handle objects in memory, potentially allowing an attacker to execute arbitrary code in the context of the current user. This could be achieved by corrupting memory, and if the current user has administrative rights, an attacker could take control of the affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Edge in Windows 10 1607, update to a version that fixes the memory corruption issue. For Microsoft Edge in Windows 10 1703, apply the necessary patch to resolve the scripting engine vulnerability. For Microsoft Edge in Windows Server 2016, ensure that all security updates are applied to prevent exploitation of the vulnerability. As a temporary workaround, consider restricting access to sensitive data and limiting user privileges to minimize the risk of exploitation until a patch is available.