Microsoft CVE-2017-8555:
Description
A vulnerability exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents. An attacker could use this vulnerability to trick a user into loading a web page with malicious content. To exploit the vulnerability, an attacker must either trick a user into loading a web page or visit a website. The web page could also be injected into a compromised website or ad network. The security update addresses the vulnerability by correcting how the CSP validates documents.
Solution(s)
- msft-kb4022725-06b477db-a2d9-4ada-a693-acd91267e8b4
- msft-kb4022725-3a4111b7-7238-4b2d-b744-9537b1c6cdfc
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center