Alert GCSA-23071 - Aggiornamento di sicurezza per Microsoft Edge
******************************************************************
Alert ID: GCSA-23071
Data: 05 Giugno 2023
Titolo: Aggiornamento di sicurezza per Microsoft Edge
******************************************************************
:: Descrizione del problema
Microsoft ha rilasciato una nuova versione del browser Edge,
con la quale risolve varie vulnerabilita'.
Maggiori dettagli sono disponibili alla sezione "Riferimenti".
:: Software interessato
Microsoft Edge versioni precedenti alla 114.0.1823.37
:: Impatto
Esecuzione remota di codice arbitrario (RCE)
Bypass delle restrizioni di sicurezza (SRB)
Acquisizione di privilegi piu' elevati (EoP)
Denial of Service (DoS)
Manipolazione di dati (DM)
:: Soluzioni
Aggiornare il software alla versione 114.0.1823.37
L'aggiornamento avviene in modo automatico.
E' possibile verificare la versione attualmente in uso
scegliendo dal menu "Impostazioni e altro"
(icona 3 punti verticali in alto a dx) la voce
Guida e feedback -> Informazioni su Microsoft Edge
:: Riferimenti
Microsoft Edge Security Updates - Release notes
https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security#june-2-2023
Security Update Guide
https://msrc.microsoft.com/update-guide/vulnerability/
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2929
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2930
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2931
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2932
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2933
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2934
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29345
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2935
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2936
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2937
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2938
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2939
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2940
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2941
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33143
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iD8DBQFkfbK7wZxMk2USYEIRCAFgAKDaqOUfCL1VHwK7MvWMs9mhl42jLgCfQ/uE
Glu3UrDxrR/0z9pae484Kyc=
=pMR3
-----END PGP SIGNATURE-----
Alert ID: GCSA-23071
Data: 05 Giugno 2023
Titolo: Aggiornamento di sicurezza per Microsoft Edge
******************************************************************
:: Descrizione del problema
Microsoft ha rilasciato una nuova versione del browser Edge,
con la quale risolve varie vulnerabilita'.
Maggiori dettagli sono disponibili alla sezione "Riferimenti".
:: Software interessato
Microsoft Edge versioni precedenti alla 114.0.1823.37
:: Impatto
Esecuzione remota di codice arbitrario (RCE)
Bypass delle restrizioni di sicurezza (SRB)
Acquisizione di privilegi piu' elevati (EoP)
Denial of Service (DoS)
Manipolazione di dati (DM)
:: Soluzioni
Aggiornare il software alla versione 114.0.1823.37
L'aggiornamento avviene in modo automatico.
E' possibile verificare la versione attualmente in uso
scegliendo dal menu "Impostazioni e altro"
(icona 3 punti verticali in alto a dx) la voce
Guida e feedback -> Informazioni su Microsoft Edge
:: Riferimenti
Microsoft Edge Security Updates - Release notes
https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security#june-2-2023
Security Update Guide
https://msrc.microsoft.com/update-guide/vulnerability/
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2929
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2930
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2931
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2932
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2933
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2934
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29345
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2935
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2936
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2937
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2938
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2939
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2940
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2941
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33143
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iD8DBQFkfbK7wZxMk2USYEIRCAFgAKDaqOUfCL1VHwK7MvWMs9mhl42jLgCfQ/uE
Glu3UrDxrR/0z9pae484Kyc=
=pMR3
-----END PGP SIGNATURE-----