Microsoft is aware and has released patches associated with the two Open-Source Software security vulnerabilities, CVE-2023-4863 and CVE-2023-5217. Through our investigation, we found that these affect a subset of our products and as of today, we have addressed them in our products as outlined below: 

CVE-2023-4863

• Microsoft Edge 

• Microsoft Teams for Desktop 

• Skype for Desktop 

• Webp Image Extensions (Released on Windows and updates through Microsoft Store) 

CVE-2023-5217

• Microsoft Edge 

 Additional updates will be documented in the MSRC Security Update Guide CVE-2023-4863 and CVE-2023-5217 accordingly. You can register for the security notifications mailer to be alerted when updates are available, and when content changes are made to the CVEs. See Microsoft Technical Security Notifications and Coming Soon: New Security Update Guide Notification System.  

References 

• Visit the Security Update Guide for information about CVE-2023-4863 and CVE-2023-5217