Alert GCSA-23004 - Vulnerabilita' in Microsoft Edge
******************************************************************
******************************************************************
Alert ID: GCSA-23004
Data: 13 Gennaio 2023
Titolo: Vulnerabilita' in Microsoft Edge
******************************************************************
:: Descrizione del problema
Sono state identificate vulnerabilita' multiple in Microsoft Edge
che potrebbero essere sfruttate da un attaccante remoto per
ottenere privilegi piu' elevati, eseguire codice arbitrario,
rivelare informazioni riservate ed oltrepassare restrizioni di sicurezza
su un sistema che ne sia affetto.
Il Proof of Concept (PoC) per lo sfruttamento della vulnerabilita'
CVE-2023-21775 e' disponibile in rete.
Maggiori dettagli sono disponibili alla sezione "Riferimenti".
:: Software interessato
Microsoft Edge versioni precedenti alla 109.0.1518.49
:: Impatto
Remote Code Execution
Denial of Service
Information Disclosure
Security Restriction Bypass
Elevation of Privilege
:: Soluzioni
Aggiornare il software alla versione 109.0.1518.49
:: Riferimenti
Microsoft Security Updates
https://msrc.microsoft.com/update-guide/vulnerability/
Mitre CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0129
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0130
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0131
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0132
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0133
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0134
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0135
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0136
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0138
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0139
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0140
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0141
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21775
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21796
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iD8DBQFjwWPVwZxMk2USYEIRCG1TAKDSIA8wuN82d8PxhcJ7zBiUfOk5UgCeLxap
p+PXZvD593o1rucAJHuo3BE=
=vSmF
-----END PGP SIGNATURE-----
******************************************************************
Alert ID: GCSA-23004
Data: 13 Gennaio 2023
Titolo: Vulnerabilita' in Microsoft Edge
******************************************************************
:: Descrizione del problema
Sono state identificate vulnerabilita' multiple in Microsoft Edge
che potrebbero essere sfruttate da un attaccante remoto per
ottenere privilegi piu' elevati, eseguire codice arbitrario,
rivelare informazioni riservate ed oltrepassare restrizioni di sicurezza
su un sistema che ne sia affetto.
Il Proof of Concept (PoC) per lo sfruttamento della vulnerabilita'
CVE-2023-21775 e' disponibile in rete.
Maggiori dettagli sono disponibili alla sezione "Riferimenti".
:: Software interessato
Microsoft Edge versioni precedenti alla 109.0.1518.49
:: Impatto
Remote Code Execution
Denial of Service
Information Disclosure
Security Restriction Bypass
Elevation of Privilege
:: Soluzioni
Aggiornare il software alla versione 109.0.1518.49
:: Riferimenti
Microsoft Security Updates
https://msrc.microsoft.com/update-guide/vulnerability/
Mitre CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0129
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0130
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0131
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0132
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0133
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0134
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0135
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0136
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0138
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0139
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0140
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0141
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21775
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21796
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iD8DBQFjwWPVwZxMk2USYEIRCG1TAKDSIA8wuN82d8PxhcJ7zBiUfOk5UgCeLxap
p+PXZvD593o1rucAJHuo3BE=
=vSmF
-----END PGP SIGNATURE-----