Microsoft is aware and has released patches associated with the two Open-Source Software security vulnerabilities, CVE-2023-4863 and CVE-2023-5217. Through our investigation, we found that these affect a subset of our products and as of today, we have addressed them in our products as outlined below:
CVE-2023-4863
Microsoft Edge
Microsoft Teams for Desktop
Skype for Desktop
Webp Image Extensions (Released on Windows and updates through Microsoft Store)
CVE-2023-5217
Additional updates will be documented in the MSRC Security Update Guide CVE-2023-4863 and CVE-2023-5217 accordingly. You can register for the security notifications mailer to be alerted when updates are available, and when content changes are made to the CVEs. See Microsoft Technical Security Notifications and Coming Soon: New Security Update Guide Notification System.
References