Alert GCSA-24109 - Aggiornamento di sicurezza per Microsoft Edge


******************************************************************

Alert ID: GCSA-24109
Data: 23 Agosto 2024
Titolo: Aggiornamento di sicurezza per Microsoft Edge

******************************************************************

:: Descrizione del problema

Microsoft ha rilasciato una nuova versione del browser Edge,
con la quale risolve alcune vulnerabilita' che potrebbero essere sfruttate
da un attaccante remoto per rivelare informazioni riservate, oltrepassare
restrizioni di sicurezza, innescare condizioni di Denial of Service
ed eseguire codice arbitrario su un sistema che ne sia affetto.

Nota:
La vulnerabilita' CVE-2024-7971 e' attualmente in corso di sfruttamento.
Questa vulnerabilita' e' dovuta ad un problema nel motore JavaScript di
Chrome V8 e puo' portare all'esecuzione remota di codice sul dispositivo target.

Maggiori dettagli sono disponibili alla sezione "Riferimenti".


:: Software / Tecnologie interessate

Microsoft Edge (Stable) versioni precedenti alla 128.0.2739.42


:: Impatto

Remote Code Execution
Denial of Service
Information Disclosure
Security Restriction Bypass


:: Soluzioni

Aggiornare il software all'ultima versione disponibile

L'aggiornamento avviene in modo automatico.
E' possibile verificare la versione attualmente in uso
scegliendo dal menu "Impostazioni e altro"
(icona 3 punti verticali in alto a dx) la voce
Guida e feedback -> Informazioni su Microsoft Edge


:: Riferimenti

Security Update Guide
https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#august-22-2024
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38207
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38209
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38210
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-41879
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7964
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7965
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7966
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7967
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7968
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7969
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7971
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7972
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7973
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7974
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7975
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7976
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7977
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7978
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7979
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7980
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7981
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-8033
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-8034
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-8035

Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7964
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7965
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7966
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7967
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7968
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7969
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7971
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7972
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7973
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7974
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7975
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7976
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7977
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7978
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7979
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7980
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7981
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8033
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8034
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8035
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38207
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38209
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38210
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41879





GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----

iGsEAREIACsWIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCZshCGQ0cY2VydEBnYXJy
Lml0AAoJEMGcTJNlEmBCsD8An2D9XPHyBLCU31Vt0l3vspkXhTZZAJwJdG7DsqYB
WZQJTsi1NIMelagiJQ==
=H1IN
-----END PGP SIGNATURE-----