[German]This smells like trouble for administrators in enterprise environments, where the Edge browser is usually used. A blog reader informed me that the Edge had updated to version 125.0.2535.67, although this is definitely not released in the WSUS.
Advertising
Edge 125.0.2535.67
A few days ago (May 24, 2024), Microsoft released Edge 125.0.2535.67 in the stable channel. Various bugs and performance issues were fixed in this update. For example, a browser crash that occurred when trying to select from a drop-down list with a large number of options was fixed
Microsoft has also integrated a fix for CVE-2024-5274 for Microsoft Edge Stable Channel (version 125.0.2535.67), which was reported as an exploit in the wild by the Chromium team. It is a type confusion bug in the V8 JavaScript engine of Chrome.
Microsoft also points out that the Microsoft Defender Application Guard (MDAG) extension is obsolete. As Application Guard is obsolete, there will be no migration to Edge Manifest V3. The corresponding extensions and the associated Windows Store app will no longer be available after May 2024. MDAG for Chrome and Firefox are affected. However, Microsoft provides information on how companies can secure the browser environment using AppLocker policies or the Microsoft Edge management service.
Update bypasses the WSUS!
Blog reader Joachim T. contacted us by email on May 28, 2024 and pointed out that the Edge had been updated to version 125.0.2535.67 bypassing the WSUS (see the following screenshot of the updates). The reader wrote:
Maybe interesting for the blog: Edge 125.0.2535.67 just installed on our clients automatically, without release on WSUS. It is not even available on WUS for release!
We manage Edge via WSUS without any problems so far. Released is 125.0.2535.51
Installed updates, click to zoom
Advertising
As proof, the reader also provided a screenshot of the WSUS, which shows that no Edge browser has been "approved" for delivery. Edge 125.0.2535.67 is not even listed in the WSUS.
Edge ii WSUS, click to zoom
The reader writes: "The last WSUS sync was today [28.5.2024] 12:14 (only two Security Intelligence Updates). There are no unapproved/failed or needed updates. Under unapproved/any it looks like this, so nothing interesting either".
Approved Updates im WSUS, click to zoom
Nevertheless, according to the reader, the Edge browser was suddenly updated to version 125.0.2535.67 on all Windows 10 Pro clients on May 28, 2028.
Edge update, click to zoom
Joachim writes: "We've never had this before and it could also be of interest to other admins." I don't know if this is true, but the Edge has the ability to get updates automatically bypassing the WSUS. Back in October 2020, someone asked in this Q&A post whether it is possible to deliver Edge updates exclusively via WSUS. The answer there is that Edge updates must be deactivated via GPO under Windows.
On May 29, 2024, the Edge update arrived on WSUS. And Joachim confirmed, that he hadn't blogged Edge update via internal update on it's clients via a GPO. This can be read in the discussions within the comments of my German blog post.
Advertising
