Alert GCSA-25017 - Vulnerabilita' in Microsoft Edge
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
******************************************************************
Alert ID: GCSA-25017
Data: 7 Febbraio 2025
Titolo: Vulnerabilita' in Microsoft Edge
******************************************************************
:: Descrizione del problema
Sono state identificate vulnerabilita' multiple in Microsoft Edge
che potrebbero essere sfruttate da un attaccante remoto per rivelare informazioni sensibili,
innescare condizioni di Denial of Service, spoofing ed eseguire codice arbitrario su un sistema che sia affetto.
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
Microsoft Edge Stable Channel versioni precedenti alla 133.0.3065.51
:: Impatto
Denial of Service
Remote Code Execution
Information Disclosure
Spoofing
:: Soluzioni
Aggiornare il software all'ultima versione disponibile
L'aggiornamento avviene in modo automatico.
E' possibile verificare la versione attualmente in uso
scegliendo dal menu "Impostazioni e altro"
(icona 3 punti verticali in alto a dx) la voce
Guida e feedback -> Informazioni su Microsoft Edge
:: Riferimenti
Security Update Guide
https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security#february-6-2025
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21404
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21342
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21267
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21279
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21253
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21283
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21408
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-0444
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-0445
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-0451
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0444
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0445
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0451
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21253
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21267
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21279
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21283
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21342
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21404
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21408
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iGsEAREIACsWIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCZ6W8pg0cY2VydEBnYXJy
Lml0AAoJEMGcTJNlEmBCtGUAn1mx68D+//Sn0t7iqBOTrvdhxrbfAJ92wNixHkjJ
cwbC54snxGvZTtUi7Q==
=FvVl
-----END PGP SIGNATURE-----
Hash: SHA256
******************************************************************
Alert ID: GCSA-25017
Data: 7 Febbraio 2025
Titolo: Vulnerabilita' in Microsoft Edge
******************************************************************
:: Descrizione del problema
Sono state identificate vulnerabilita' multiple in Microsoft Edge
che potrebbero essere sfruttate da un attaccante remoto per rivelare informazioni sensibili,
innescare condizioni di Denial of Service, spoofing ed eseguire codice arbitrario su un sistema che sia affetto.
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
Microsoft Edge Stable Channel versioni precedenti alla 133.0.3065.51
:: Impatto
Denial of Service
Remote Code Execution
Information Disclosure
Spoofing
:: Soluzioni
Aggiornare il software all'ultima versione disponibile
L'aggiornamento avviene in modo automatico.
E' possibile verificare la versione attualmente in uso
scegliendo dal menu "Impostazioni e altro"
(icona 3 punti verticali in alto a dx) la voce
Guida e feedback -> Informazioni su Microsoft Edge
:: Riferimenti
Security Update Guide
https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security#february-6-2025
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21404
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21342
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21267
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21279
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21253
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21283
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21408
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-0444
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-0445
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-0451
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0444
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0445
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0451
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21253
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21267
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21279
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21283
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21342
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21404
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21408
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iGsEAREIACsWIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCZ6W8pg0cY2VydEBnYXJy
Lml0AAoJEMGcTJNlEmBCtGUAn1mx68D+//Sn0t7iqBOTrvdhxrbfAJ92wNixHkjJ
cwbC54snxGvZTtUi7Q==
=FvVl
-----END PGP SIGNATURE-----