Microsoft Edge 103.0.1264.44 fixes CVE-2022-33680 (June 30, 2022)

Edge[German]Microsoft has updated the Edge browser in the stable channel to version 103.0.1264.44 as of June 30, 2022. It is a maintenance update that fixes the Elevation of Privilege vulnerability CVE-2022-33680, which is rated as critical. And this build fixes group policy issues, some administrators are facing. But I got reports about a download bug.


Advertising

Microsofts hints

I have been alerted to this important update to the Microsoft Edge browser via email from Microsoft. This vulnerability could lead to a browser sandbox exploit.

********************************************
Title: Microsoft Security Update Releases
Issued: June 30, 2022
********************************************

Summary
=======

The following CVE has undergone a revision increment.
=============================================

* CVE-2022-33680

– CVE-2022-33680 | Microsoft Edge (Chromium-based) Elevation of Privilege
Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33680
– Version: 1.0
– Reason for Revision: Information published.
– Originally posted: June 30, 2022
– Updated: N/A
– Aggregate CVE Severity Rating: Important


Advertising

An attacker could host a specially crafted website designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. In all cases, however, an attacker would have no way to force a user to view the attacker-controlled content. Instead, the attacker would have to persuade the user to take an action, usually by sending an email or instant message, or by getting the user to open an attachment sent via email.

The release notes don't give any details about the update, but Edge 103.0.1264.44 is based on Chromium 103.0.5060.53, according to this page. The browser should update automatically, but can also be downloaded from the Edge site.

GPO issues fixed

I had addressed it only within my German blog post Edge Stable 103.0.1264.37 macht Gruppenrichtlinien kaputt (Chrome-Bug). Some administrator has reported, that the group policies in Edge no longer work properly for individual users. There is also a discussion within the Techcommunity at Microsoft. It was known from the Edge product manager, that Microsoft is working on a fix, but no release date was given. German blog reader Sascha Anders wrote here:

Since update 103.0.1264.44 (just started) no more problems. Seems to be fixed.

Within the Techcommunity thread Eric Lawrence (product manager at Microsoft) writes:

Yes, the fix is checked in and awaiting the next respin/release (103.0.1264.44).

Can others confirm this?

A download bug

Addendum: Feedback from my German readers shows, that Edge has a bug described within the article Microsoft Edge 103.0.1264.44 download bug: .crdownload files remains.

Similar articles
Microsoft Edge 102.0.1245.30 has issues with PDF printing
Edge 102.0.1245.30 ff.: "Hardware enforced stack protection" prevents startup
Edge Stable 103.0.1264.37 macht Gruppenrichtlinien kaputt (Chrome-Bug)
Microsoft Edge 103.0.1264.44 fixes CVE-2022-33680 (June 30, 2022)


Cookies helps to fund this blog: Cookie settings
Advertising


This entry was posted in browser, Security, Software, Update and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published.