How To Fix The Windows Vulnerability For Chakra?

The Microsoft advisory for CVE-2021-42279 has been modified to include Microsoft.ChakraCore as an affected product, and the resolution is recommended to install Windows security updates released on or after August 8, 2023. The vulnerability is related to memory corruption due to an out-of-bounds write. Microsoft has offered patches for multiple zero-day vulnerabilities surrounding Microsoft Exchange products this year, including CVE-2021-42321, a Remote Code. The attack vector is more severe, and the more remote an attacker can be, the more severe the attack complexity.

The Chakra scripting engine in Microsoft Edge allows remote code execution due to how it handles objects in memory. Microsoft has released patches addressing a critical memory corruption vulnerability in the Chakra JScript scripting engine, which impacts Windows RT, Windows 7, Windows 8, and Windows. The Remediation Level of a vulnerability is an important factor for prioritization, and the typical vulnerability is unpatched when initially published. Workarounds include using Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.

A remote code execution vulnerability exists in the way the Chakra scripting engine handles objects in memory in Microsoft Edge, aka “Chakra Scripting”. The update to the Chakra Core project can be found on Microsoft’s GitHub, while other updates are included in Microsoft’s Security Only. Rapid7’s VulnDB is a curated repository of vetted computer software exploits and exploitable vulnerabilities, and Snyk scans for vulnerabilities and provides fixes for free.