{"id":16585,"date":"2020-11-05T01:58:37","date_gmt":"2020-11-05T00:58:37","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=16585"},"modified":"2020-11-05T08:29:49","modified_gmt":"2020-11-05T07:29:49","slug":"sicherheitsupdate-edge-86-0-622-63-verffentlicht","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2020\/11\/05\/sicherheitsupdate-edge-86-0-622-63-verffentlicht\/","title":{"rendered":"Security Update Edge 86.0.622.63 released"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"margin: 0px 10px 0px 0px;\" title=\"Edge\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2020\/01\/Edge.jpg\" alt=\"Edge\" width=\"65\" height=\"67\" align=\"left\" border=\"0\" \/>[<a href=\"https:\/\/www.borncity.com\/blog\/2020\/11\/05\/sicherheitsupdate-edge-86-0-622-63-verffentlicht\/\" target=\"_blank\" rel=\"noopener noreferrer\">German<\/a>]On November 4, 2020, Microsoft published a security advisory that refers to a security update of the Edge Browser. The browser must have been updated, but no information can be retrieved. Here is some information about this. <strong>Addendum:<\/strong> Details added.<\/p>\n<p><!--more--><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/vg06.met.vgwort.de\/na\/4bfa866dece34a1f8455f33f516815a5\" alt=\"\" width=\"1\" height=\"1\" \/>As a preliminary note a reference to my blog post\u00a0 <a href=\"https:\/\/borncity.com\/win\/2020\/11\/04\/sicherheitsupdate-edge-86-0-622-61-verffentlicht\/\">Edge 86.0.622.61 released<\/a> published a few hours ago. There I had noted that it was unclear whether the vulnerabilities described by me on November 2, 2020 in the blog post <a href=\"https:\/\/borncity.com\/win\/2020\/11\/03\/kritisches-sicherheitsupdate-auf-google-chrome-86-0-4240-183\/\">Critical security update to Google Chrome 86.0.4240.183<\/a> had been closed. Checking for details was not possible, because Microsoft has a large scale disruption of their websites (see <a href=\"https:\/\/borncity.com\/win\/2020\/11\/04\/microsoft-com-war-gestrt\/\">microsoft.com was down<\/a>), which is still ongoing at the moment. So I can't retrieve the page\u00a0 <a href=\"https:\/\/portal.msrc.microsoft.com\/en-us\/security-guidance\/advisory\/ADV200002\">ADV200002<\/a>.<\/p>\n<h2>Microsoft Security Advisory Nov. 4, 2020<\/h2>\n<p>I have just received the following security advisory from Microsoft by mail, which refers to the Edge security update.<\/p>\n<pre>****************************************************************\r\nTitle: Microsoft Security Advisory Notification\r\nIssued: November 4, 2020\r\n****************************************************************\r\n\r\nSecurity Advisories Released or Updated on November 4, 2020\r\n================================================================\r\n\r\n* Microsoft Security Advisory ADV200002\r\n\r\n - <a href=\"https:\/\/portal.msrc.microsoft.com\/en-us\/security-guidance\/advisory\/ADV200002\">ADV200002<\/a>| Chromium Security Updates for Microsoft Edge based on Chromium\r\n - Reason for Revision: Updated advisory to announce a new version of Microsoft Edge \r\n   (Chromium-based). Please see the table for more information.\r\n - Originally posted: January 28, 2020\r\n - Updated: November 4, 2020\r\n - Version: 26.0<\/pre>\n<p>However, the security notice does not contain any details and the information page cannot be displayed.<\/p>\n<h2>Edge 86.0.622.63 released<\/h2>\n<p>The comments of the German readers <a href=\"https:\/\/www.borncity.com\/blog\/2020\/11\/04\/sicherheitsupdate-edge-86-0-622-61-verffentlicht\/#comment-96796\" target=\"_blank\" rel=\"noopener noreferrer\">here<\/a> indicate that Microsoft Edge Version 86.0.622.63 must have been released on November 4, 2020. Regarding the fixed vulnerabilities\u00a0 I refer to the blog post <a href=\"https:\/\/borncity.com\/win\/2020\/11\/03\/kritisches-sicherheitsupdate-auf-google-chrome-86-0-4240-183\/\">Critical security update to Google Chrome 86.0.4240.183<\/a>.<\/p>\n<p>Addendum: The update addresses the <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2020-16009\" target=\"_blank\" rel=\"noopener noreferrer external\" data-linktype=\"external\" data-wpel-link=\"external\">CVE-2020-16009<\/a> vulnerability reported and actively exploited by the Chromium team. The site <a href=\"https:\/\/portal.msrc.microsoft.com\/en-us\/security-guidance\/advisory\/ADV200002\" target=\"_blank\" rel=\"noopener noreferrer external\" data-wpel-link=\"external\">ADV200002<\/a> works again and says, Edge 86.0.622.63 released on November 4, 2020 is based on Google Chrome 86.0.4240.183, as suspected above. The security update, rated High, addresses the following vulnerabilities:<\/p>\n<blockquote><p><a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2020-16004\" target=\"_blank\" rel=\"noopener noreferrer external\" data-wpel-link=\"external\">CVE-2020-16004<\/a>,\u00a0<a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2020-16005\" target=\"_blank\" rel=\"noopener noreferrer external\" data-wpel-link=\"external\">CVE-2020-16005<\/a>,\u00a0<a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2020-16006\" target=\"_blank\" rel=\"noopener noreferrer external\" data-wpel-link=\"external\">CVE-2020-16006<\/a>,\u00a0<a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2020-16007\" target=\"_blank\" rel=\"noopener noreferrer external\" data-wpel-link=\"external\">CVE-2020-16007<\/a>,\u00a0<a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2020-16008\" target=\"_blank\" rel=\"noopener noreferrer external\" data-wpel-link=\"external\">CVE-2020-16008<\/a>,\u00a0<a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2020-16009\" target=\"_blank\" rel=\"noopener noreferrer external\" data-wpel-link=\"external\">CVE-2020-16009<\/a>\u00a0*,\u00a0<a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2020-16011\" target=\"_blank\" rel=\"noopener noreferrer external\" data-wpel-link=\"external\">CVE-2020-16011<\/a><\/p><\/blockquote>\n","protected":false},"excerpt":{"rendered":"<p>[German]On November 4, 2020, Microsoft published a security advisory that refers to a security update of the Edge Browser. The browser must have been updated, but no information can be retrieved. Here is some information about this. Addendum: Details added.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[872,580,22],"tags":[320,195],"class_list":["post-16585","post","type-post","status-publish","format-standard","hentry","category-browser","category-security","category-update","tag-edge","tag-update"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/16585","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=16585"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/16585\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=16585"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=16585"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=16585"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}