Описание
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Microsoft Edge Elevation Service exposes a privileged COM interface that inadequately validates the privileges of the calling process. A standard (non‑administrator) local user can invoke the IElevatorEdge interface method LaunchUpdateCmdElevatedAndWait, causing the service to execute privileged update commands as LocalSystem.
This allows a non‑administrator to enable or disable Windows Virtualization‑Based Security (VBS) by modifying protected system registry keys under HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard. Disabling VBS weakens critical platform protections such as Credential Guard, Hypervisor‑protected Code Integrity (HVCI), and the Secure Kernel, resulting in a security feature bypass.
FAQ
What kind of security feature could be bypassed by successfully exploiting this vulnerability?
An authenticated local attacker can disable or enable Windows VBS without administrative privileges, resulting in bypass of platform security hardening. This does not grant direct code execution as another user but weakens system security guarantees, enabling follow‑on attacks.
What is the version information for this release?
| Microsoft Edge Version | Date Released | Based on Chromium Version |
|---|---|---|
| 144.0.3719.82 | 01/16/2026 | 144.0.7559.60 |
According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H) and integrity (I:H). What does that mean for this vulnerability?
Virtualization-Based Security (VBS) safeguards credentials by isolating them within a secure environment. Disabling VBS reduces this isolation, compromising both confidentiality and integrity. It also weakens essential platform protections such as Credential Guard, Hypervisor-Protected Code Integrity (HVCI), and the Secure Kernel, resulting in a security feature bypass.
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
EPSS
Связанные уязвимости
Microsoft Edge Elevation Service exposes a privileged COM interface that inadequately validates the privileges of the calling process. A standard (non‑administrator) local user can invoke the IElevatorEdge interface method LaunchUpdateCmdElevatedAndWait, causing the service to execute privileged update commands as LocalSystem. This allows a non‑administrator to enable or disable Windows Virtualization‑Based Security (VBS) by modifying protected system registry keys under HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard. Disabling VBS weakens critical platform protections such as Credential Guard, Hypervisor‑protected Code Integrity (HVCI), and the Secure Kernel, resulting in a security feature bypass.
Microsoft Edge Elevation Service exposes a privileged COM interface that inadequately validates the privileges of the calling process. A standard (non‑administrator) local user can invoke the IElevatorEdge interface method LaunchUpdateCmdElevatedAndWait, causing the service to execute privileged update commands as LocalSystem. This allows a non‑administrator to enable or disable Windows Virtualization‑Based Security (VBS) by modifying protected system registry keys under HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard. Disabling VBS weakens critical platform protections such as Credential Guard, Hypervisor‑protected Code Integrity (HVCI), and the Secure Kernel, resulting in a security feature bypass.
Уязвимость метода LaunchUpdateCmdElevatedAndWait привилегированного COM-интерфейса IElevatorEdge браузера Microsoft Edge, позволяющая нарушителю обойти существующие ограничения безопасности
EPSS