Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2019-1054: Microsoft Edge Security Feature Bypass Vulnerability

Free InsightVM Trial No Credit Card Necessary
Watch Demo See how it all works
Back to Search

Microsoft CVE-2019-1054: Microsoft Edge Security Feature Bypass Vulnerability



A security feature bypass vulnerability exists in Edge that allows for bypassing Mark of the Web Tagging (MOTW). Failing to set the MOTW means that a large number of Microsoft security technologies are bypassed. In a web-based attack scenario, an attacker could host a malicious website that is designed to exploit the security feature bypass. Alternatively, in an email or instant message attack scenario, the attacker could send the targeted user a specially crafted .url file that is designed to exploit the bypass. Additionally, compromised websites or websites that accept or host user-provided content could contain specially crafted content to exploit the security feature bypass. However, in all cases an attacker would have no way to force a user to view attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could entice a user to either click a link that directs the user to the attacker's site or send a malicious attachment. The security update addresses the security feature bypass by correcting how Edge handles MOTW tagging.


  • msft-kb4503267-1ed66fe1-79ac-4316-ab77-6f14315a2aaf
  • msft-kb4503267-9d442aa2-8250-4bce-a4cb-d5c0f0e940c3
  • msft-kb4503267-c5eebe52-ca4d-435a-9122-9e6143e4e7fa
  • msft-kb4503279-1204481c-d6d9-4c85-a4ce-3394d21dbb3a
  • msft-kb4503279-61eca38b-d713-45c7-83f9-a6f464c36d69
  • msft-kb4503284-294f4f95-b414-4c9f-b121-fb9eb6d57e4a
  • msft-kb4503284-a98b0e9f-7387-4ed3-a9eb-7e5edade968e
  • msft-kb4503286-40e9fcd2-99a5-4cb8-8219-492e2687796d
  • msft-kb4503286-dc868304-9b1c-482e-829c-8015cac2e793
  • msft-kb4503286-df22198b-20a3-4076-af48-0176479b97fa
  • msft-kb4503293-2083e5ad-d14b-4478-994d-a194131bb073
  • msft-kb4503293-c51e9c8d-8757-49bd-a65f-c1fa9ebc2c6e
  • msft-kb4503293-c6d3d33b-8eca-4003-9755-d7eb5e197ac7
  • msft-kb4503327-0268db13-0ba0-4fd0-9d07-e1c8985542d0
  • msft-kb4503327-664d546e-67b3-43f1-b1f9-4e240a41b6a5
  • msft-kb4503327-83c78a12-db5c-4f4d-ae53-c4db34e6f925

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center