[English]Microsoft hat am 16. Juli 2020 einen Sicherheitshinweis veröffentlicht, der auf das neue Sicherheitsupdate für den Chromium Edge Browser auf die Version 84.0.522.40 hinweist.
Anzeige
Ich hatte seit Tagen mit einem Sicherheitsupdate des Edge gerechnet, denn einmal hat Microsoft die angekündigte Pause (Microsoft pausiert neue Edge-Builds im Dev- und Beta-Kanal) bezüglich der Edge-Entwicklung die Tage beendet. Martin Geuß hatte im Artikel Microsoft Edge: Pause im Entwicklerkanal zu Ende, neue Preview veröffentlicht – ich selbst bringe hier nichts über Edge-Beta-Zeug. Zudem war die Tage ein Update des Chrome-Browsers freigegeben worden (siehe Chrome 84.0.4147.89 freigegeben).
Microsofts Sicherheitshinweis
Im Sicherheitshinweis vom 16. Juli 2020 gibt Microsoft lediglich folgende Informationen bekannt:
******************************************************************
Title: Microsoft Security Update Releases
Issued: July 16, 2020
******************************************************************
Summary: The following CVEs have undergone a major revision increment:
Anzeige
* ADV200002
* CVE-2020-1341
Revision Information:
=====================
* Microsoft Security Advisory ADV200002
– ADV200002 | Chromium Security Updates for Microsoft Edge based on Chromium
– Reason for Revision: Updated advisory to announce a new version of Microsoft Edge
(Chromium-based). Please see the table for more information.
– Originally posted: January 28, 2020
– Updated: July 16, 2020
– Version: 17.0
* CVE-2020-1341
– CVE-2020-1341 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
– Version: 1.0
– Reason for Revision: Information published.
– Originally posted: July 16, 2020
– Updated: N/A
– Aggregate CVE Severity Rating: Moderate
Unter ADV200002 gibt es dann die Information, dass der Microsoft Edge 84.0.522.40 auf dem Chromium-Browser 84.0.4147.89 basiert und ein kritisches Sicherheitsupdate darstellt. Es schließt folgende Schwachstellen:
CVE-2020-6510, CVE-2020-6511, CVE-2020-6512, CVE-2020-6513,
CVE-2020-6514, CVE-2020-6515, CVE-2020-6516, CVE-2020-6517,
CVE-2020-6518, CVE-2020-6519, CVE-2020-6520, CVE-2020-6522, CVE-2020-6523, CVE-2020-6524, CVE-2020-6525, CVE-2020-6526, CVE-2020-6527, CVE-2020-6528, CVE-2020-6529, CVE-2020-6530, CVE-2020-6531, CVE-2020-6533, CVE-2020-6534, CVE-2020-6535, CVE-2020-6536
Ein sofortiges Updaten wird aus Sicherheitsgründen empfohlen.
Was man noch wissen sollte
Microsoft hat die Pause genutzt, um viele Änderungen am neuen Edge vorzunehmen. Diese sind nachfolgend aufgeführt und in diesen Release Notes dokumentiert. Die Kollegen von deskmodder.de und drwindows.de haben aber in ihren Beiträgen einige deutschsprachige Hinweise auf Neuerungen und Änderungen gegeben, die auf den Release Notes basieren.
- This version of Microsoft Edge provides improved site list download times for Internet Explorer mode. We've reduced download delay for the Internet Explorer mode site list to 0 seconds (down from a 60-second wait) in the absence of a cached site list. We've also added group policy support for cases when Internet Explorer mode home page navigations need to be delayed until the site list is downloaded. For more information, see the DelayNavigationsForInitialSiteListDownload policy.
- Microsoft Edge now allows users to sign-into the browser when it's "run as administrator" on Windows 10. This will help customers running Microsoft Edge on Windows server or in remote-desktop and sandbox scenarios.
- Microsoft Edge now provides full mouse support when in full screen mode. Now you can use your mouse to access tabs, the address bar, and other items without having to exit full screen mode.
- Online purchase improvement. Add custom nicknames to saved debit or credit cards. Now you can distinguish and differentiate your credit cards when making online purchases. Nicknaming your debit or credit cards lets you choose the correct card when using autofill to select a payment method.
- TLS/1.0 and TLS/1.1 are disabled by default. To help discover impacted sites, you can set the edge://flags/#display-legacy-tls-warnings flag to cause Microsoft Edge to display a non-blocking "Not Secure" notice when loading pages that require legacy TLS protocols. The SSLVersionMin policy permits re-enabling of TLS/1.0 and TLS/1.1. This policy will remain available until at least Microsoft Edge version 88. For more information, see Site compatibility-impacting changes coming to Microsoft Edge.
- Collections improvements:
- A note capability is added that lets you add a note or comment to an item in a collection. Notes are grouped together and stay attached to an item even if you sort the items in a collection. To try this new feature, right-click on an item and select "Add note".
- You can change the background color of notes in collections. You can use color coding to help you organize information and increase productivity.
- There are noticeable performance improvements, which lets you export your collections to Excel in less time than in previous versions of Microsoft Edge.
- Additional Microsoft Edge API support:
- The Storage Access API. This API allows access to first-party storage in a third-party context when a user provides a direct intent to allow storage that would otherwise be blocked by the browser's current configuration.
As privacy is becoming increasingly important to users, requests for stricter browser defaults and user opt-in settings like blocking all third-party storage access are increasingly common. While these settings help improve privacy and block unwanted access by unknown or untrusted parties, they can have unwanted side effects such as blocking access to content the user may want to view (for example, social media and embedded media content.)
- The Native File System API, which means you can give sites permissions to edit files or folders via the Native File System API.
- The Storage Access API. This API allows access to first-party storage in a third-party context when a user provides a direct intent to allow storage that would otherwise be blocked by the browser's current configuration.
- PDF improvements:
- Read Aloud for PDF lets users listen to PDF content while carrying out other tasks that may be important for them. It also helps audio visual learners focus on reading the content, making learning easier.
- PDF file editing is improved. Now you can save an edit made to a PDF back to the file instead of saving a copy each time you edit the PDF.
- Microsoft Edge now enables Translation in the Immersive Reader. When a user opens the Immersive Reader view, they get the option to translate the page to their desired language.
- Several DevTools updates, including support for customizing keyboard shortcuts to match VS Code and viewing the DevTools in high contrast. For more details, see What's New In DevTools (Microsoft Edge 84).
Policy updates
Für Administratoren in Unternehmensumgebungen sind die Aktualisierungen der Gruppenrichtlinien relevant. Hier ein Kurzüberblick:
New policies
Seven new policies were added. Download the updated Administrative Templates from the Microsoft Edge Enterprise landing page. The following new policies were added.
- AppCacheForceEnabled – Allows the AppCache feature to be re-enabled, even if it's turned off by default.
- ApplicationGuardContainerProxy – Configure the settings for the Application Guard Container Proxy.
- DelayNavigationsForInitialSiteListDownload – Require that the Enterprise Mode Site List is available before tab navigation.
- WinHttpProxyResolverEnabled – Use the Windows proxy resolver.
- InternetExplorerIntegrationEnhancedHangDetection – Configure enhanced hang detection for Internet Explorer mode.
- NativeWindowOcclusionEnabled – Enable Hiding of Native Windows.
- NavigationDelayForInitialSiteListDownloadTimeout – Set a timeout for delay of tab navigation for the Enterprise Mode Site List.
Deprecated policies
- AllowSyncXHRInPageDismissal – Allow pages to send synchronous XHR requests during page dismissal.
- BuiltinCertificateVerifierEnabled – Determines whether the built-in certificate verifier will be used to verify server certificates.
- StricterMixedContentTreatmentEnabled – Enable stricter treatment for mixed content.
Obsoleted policy
ForceNetworkInProcess – Force networking code to run in the browser process.
Ähnliche Artikel:
Microsoft pausiert neue Edge-Builds im Dev- und Beta-Kanal
Microsoft Edge-Upgrade wird auf Firmen und Bildungseinrichtungen ausgeweitet
Anzeige
dann Wartungsupdate 84.0.522.44 am 23. Juli 2020
https://docs.microsoft.com/en-us/deployedge/microsoft-edge-relnote-stable-channel