Alert GCSA-24061 - Aggiornamento di sicurezza per Microsoft Edge
******************************************************************
Alert ID: GCSA-24061
Data: 19 Aprile 2024
Titolo: Aggiornamento di sicurezza per Microsoft Edge
******************************************************************
:: Descrizione del problema
Microsoft ha rilasciato una nuova versione del browser Edge,
con la quale risolve alcune vulnerabilita' che potrebbero essere sfruttate
da un attaccante remoto per rivelare informazioni sensibili, oltrepassare
restrizioni di sicurezza, innescare condizioni di Denial of Service,
eseguire codice arbitrario su un sistema che ne sia affetto.
Maggiori dettagli sono disponibili alla sezione "Riferimenti".
:: Software / Tecnologie interessate
Microsoft Edge (Stable) versioni precedenti alla 124.0.2478.51
:: Impatto
Remote Code Execution
Security Restriction Bypass
Information Disclosure
Denial of Service
:: Soluzioni
Aggiornare il software all'ultima versione disponibile
L'aggiornamento avviene in modo automatico.
E' possibile verificare la versione attualmente in uso
scegliendo dal menu "Impostazioni e altro"
(icona 3 punti verticali in alto a dx) la voce
Guida e feedback -> Informazioni su Microsoft Edge
:: Riferimenti
Security Update Guide
https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#april-18-2024
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3914
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3847
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3846
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3845
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3844
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3843
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3841
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3840
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3839
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3838
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3837
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3834
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3833
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3832
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29986
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29987
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3832
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3833
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3834
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3837
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3838
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3839
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3840
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3841
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3843
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3844
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3845
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3846
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3847
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3914
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29986
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29987
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iGsEAREIACsWIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCZiIkrg0cY2VydEBnYXJy
Lml0AAoJEMGcTJNlEmBCuAoAoJyNrUeUtW7opol9+7kgn46zKnwLAKCaPOK4mIeB
eLI8gu4ulcb+Hl7MnQ==
=YZK/
-----END PGP SIGNATURE-----
Alert ID: GCSA-24061
Data: 19 Aprile 2024
Titolo: Aggiornamento di sicurezza per Microsoft Edge
******************************************************************
:: Descrizione del problema
Microsoft ha rilasciato una nuova versione del browser Edge,
con la quale risolve alcune vulnerabilita' che potrebbero essere sfruttate
da un attaccante remoto per rivelare informazioni sensibili, oltrepassare
restrizioni di sicurezza, innescare condizioni di Denial of Service,
eseguire codice arbitrario su un sistema che ne sia affetto.
Maggiori dettagli sono disponibili alla sezione "Riferimenti".
:: Software / Tecnologie interessate
Microsoft Edge (Stable) versioni precedenti alla 124.0.2478.51
:: Impatto
Remote Code Execution
Security Restriction Bypass
Information Disclosure
Denial of Service
:: Soluzioni
Aggiornare il software all'ultima versione disponibile
L'aggiornamento avviene in modo automatico.
E' possibile verificare la versione attualmente in uso
scegliendo dal menu "Impostazioni e altro"
(icona 3 punti verticali in alto a dx) la voce
Guida e feedback -> Informazioni su Microsoft Edge
:: Riferimenti
Security Update Guide
https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#april-18-2024
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3914
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3847
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3846
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3845
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3844
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3843
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3841
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3840
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3839
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3838
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3837
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3834
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3833
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3832
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29986
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29987
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3832
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3833
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3834
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3837
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3838
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3839
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3840
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3841
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3843
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3844
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3845
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3846
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3847
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3914
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29986
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29987
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iGsEAREIACsWIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCZiIkrg0cY2VydEBnYXJy
Lml0AAoJEMGcTJNlEmBCuAoAoJyNrUeUtW7opol9+7kgn46zKnwLAKCaPOK4mIeB
eLI8gu4ulcb+Hl7MnQ==
=YZK/
-----END PGP SIGNATURE-----