CVE-2017-8754

Name of the Vulnerable Software and Affected Versions Microsoft Edge in Microsoft Windows versions 10 Gold, 1511, 1607, 1703, and Windows Server 2016

Description A security feature bypass exists in Microsoft Edge due to the way the Edge Content Security Policy (CSP) validates certain specially crafted documents. This allows an attacker to trick a user into loading a page containing malicious content. To exploit this issue, an attacker must trick a user into either loading a page containing malicious content or visiting a malicious website.

Recommendations For Microsoft Edge in Microsoft Windows versions 10 Gold, 1511, 1607, 1703, and Windows Server 2016, consider restricting access to untrusted websites and be cautious when loading pages from unknown sources until a patch is available. As a temporary workaround, consider implementing additional security measures to minimize the risk of exploitation, such as enhancing user education on safe browsing practices. At the moment, there is no information about a newer version that contains a fix for this vulnerability.