Alert GCSA-25048 - Vulnerabilita' in Microsoft Edge
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
******************************************************************
Alert ID: GCSA-25048
Data: 7 Aprile 2025
Titolo: Vulnerabilita' in Microsoft Edge
******************************************************************
:: Descrizione del problema
Sono state identificate vulnerabilita' multiple in Microsoft Edge
che potrebbero essere sfruttate da un attaccante remoto per
innescare spoofing, condizioni di Denial of Service, rivelare informazioni sensibili
ed eseguire codice arbitrario su un sistema che sia affetto.
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
Microsoft Edge versioni precedenti alla 135.0.3179.54
Microsoft Edge (IOS) versioni priori alla 132.0.2957.118
:: Impatto
Remote Code Execution
Denial of Service
Information Disclosure
Spoofing
:: Soluzioni
Aggiornare il software all'ultima versione disponibile
L'aggiornamento avviene in modo automatico.
E' possibile verificare la versione attualmente in uso
scegliendo dal menu "Impostazioni e altro"
(icona 3 punti verticali in alto a dx) la voce
Guida e feedback -> Informazioni su Microsoft Edge
:: Riferimenti
Security Update Guide
https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#april-3-2025
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-25001
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29796
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-25000
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29815
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-3066
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-3067
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-3068
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-3069
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-3070
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-3071
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-3072
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-3073
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-3074
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3066
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3067
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3068
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3069
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3070
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3071
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3072
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3073
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3074
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-25000
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-25001
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29796
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29815
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iGsEAREIACsWIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCZ/OJBw0cY2VydEBnYXJy
Lml0AAoJEMGcTJNlEmBCUqsAnRk/NJZhjiGrnZcluUEK7WlT4NF/AKCJqgq8VU2s
5oas48P+RjSeP7MusQ==
=2ikK
-----END PGP SIGNATURE-----
Hash: SHA256
******************************************************************
Alert ID: GCSA-25048
Data: 7 Aprile 2025
Titolo: Vulnerabilita' in Microsoft Edge
******************************************************************
:: Descrizione del problema
Sono state identificate vulnerabilita' multiple in Microsoft Edge
che potrebbero essere sfruttate da un attaccante remoto per
innescare spoofing, condizioni di Denial of Service, rivelare informazioni sensibili
ed eseguire codice arbitrario su un sistema che sia affetto.
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
Microsoft Edge versioni precedenti alla 135.0.3179.54
Microsoft Edge (IOS) versioni priori alla 132.0.2957.118
:: Impatto
Remote Code Execution
Denial of Service
Information Disclosure
Spoofing
:: Soluzioni
Aggiornare il software all'ultima versione disponibile
L'aggiornamento avviene in modo automatico.
E' possibile verificare la versione attualmente in uso
scegliendo dal menu "Impostazioni e altro"
(icona 3 punti verticali in alto a dx) la voce
Guida e feedback -> Informazioni su Microsoft Edge
:: Riferimenti
Security Update Guide
https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#april-3-2025
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-25001
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29796
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-25000
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29815
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-3066
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-3067
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-3068
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-3069
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-3070
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-3071
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-3072
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-3073
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-3074
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3066
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3067
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3068
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3069
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3070
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3071
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3072
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3073
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3074
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-25000
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-25001
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29796
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29815
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iGsEAREIACsWIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCZ/OJBw0cY2VydEBnYXJy
Lml0AAoJEMGcTJNlEmBCUqsAnRk/NJZhjiGrnZcluUEK7WlT4NF/AKCJqgq8VU2s
5oas48P+RjSeP7MusQ==
=2ikK
-----END PGP SIGNATURE-----