CVE-2017-8599

Name of the Vulnerable Software and Affected Versions Microsoft Edge in Microsoft Windows versions prior to the fixed version

Description A security issue exists where Microsoft Edge fails to properly validate certain specially crafted documents, allowing an attacker to trick a user into loading a page with malicious content. This is due to the Edge Content Security Policy (CSP) failing to correctly apply the Same Origin Policy for HTML elements present in other browser windows.

Recommendations For Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, update to a version that includes the fix for this issue. For other affected versions, at the moment, there is no information about a newer version that contains a fix for this vulnerability.