Bulletin ID:
Severity:
Description:
Severity Rating: Critical
Revision Note: V1.1 (December 16, 2015): Revised the vulnerability description for CVE-2015-6161 to more accurately describe the ASLR Bypass. This is an informational change only. Customers who have already successfully installed security update 3116869 or 3116900 do not need to take any action.
Summary: This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.