{"id":24699,"date":"2022-06-01T12:50:35","date_gmt":"2022-06-01T10:50:35","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=24699"},"modified":"2022-06-02T18:32:14","modified_gmt":"2022-06-02T16:32:14","slug":"microsoft-edge-102-0-1245-30-schliet-schwachstellen","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2022\/06\/01\/microsoft-edge-102-0-1245-30-schliet-schwachstellen\/","title":{"rendered":"Microsoft Edge 102.0.1245.30 (security update, May 31, 2022)"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"margin: 0px 10px 0px 0px;\" title=\"Edge\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2020\/01\/Edge.jpg\" alt=\"Edge\" width=\"65\" height=\"67\" align=\"left\" border=\"0\" \/>[<a href=\"https:\/\/www.borncity.com\/blog\/2022\/06\/01\/microsoft-edge-102-0-1245-30-schliet-schwachstellen\/\" target=\"_blank\" rel=\"noopener\">German<\/a>]Microsoft has published a security advisory on May 31, 2022, to point out various closed vulnerabilities in the Chromium Edge browser. At the end of the month, Edge version 102.0.1245.30 was released to fix 24 vulnerabilities.<\/p>\n<p><!--more--><\/p>\n<h2>Edge 102.0.1245.30<\/h2>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/vg07.met.vgwort.de\/na\/c91eb2352e354c5b84c0979eb3c9fb49\" alt=\"\" width=\"1\" height=\"1\" \/>Edge 102.0.1245.30 (stable) is maintenance update, which according to the <a href=\"https:\/\/docs.microsoft.com\/en-us\/deployedge\/microsoft-edge-relnote-stable-channel\" target=\"_blank\" rel=\"noopener\">release notes<\/a>, closes (24) vulnerabilities in the Chromium base, but also fixes the following three, Edge-specific, vulnerabilities:<\/p>\n<ul>\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-26905\" target=\"_blank\" rel=\"noopener\">CVE-2022-26905<\/a>: Microsoft Edge (Chromium-based) Spoofing Vulnerability, Aggregate CVE Severity Rating: Low<\/li>\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-30127\" target=\"_blank\" rel=\"noopener\">CVE-2022-30127<\/a>: Microsoft Edge (Chromium-based) Elevation of Privilege, Aggregate CVE Severity Rating: Moderate<\/li>\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-30128\" target=\"_blank\" rel=\"noopener\">CVE-2022-30128<\/a>: Microsoft Edge (Chromium-based) Elevation of Privilege, Aggregate CVE Severity Rating: Moderate<\/li>\n<\/ul>\n<p>The following vulnerabilities were fixed in the Chromium part:<\/p>\n<pre>* CVE-2022-1853 \r\n* CVE-2022-1854 \r\n* CVE-2022-1855 \r\n* CVE-2022-1856 \r\n* CVE-2022-1857 \r\n* CVE-2022-1858 \r\n* CVE-2022-1859 \r\n* CVE-2022-1862 \r\n* CVE-2022-1863 \r\n* CVE-2022-1864 \r\n* CVE-2022-1865 \r\n* CVE-2022-1867 \r\n* CVE-2022-1868 \r\n* CVE-2022-1869 \r\n* CVE-2022-1870 \r\n* CVE-2022-1871 \r\n* CVE-2022-1872 \r\n* CVE-2022-1873 \r\n* CVE-2022-1874\r\n* CVE-2022-1875 \r\n* CVE-2022-1876<\/pre>\n<p>Furthermore, Edge developers have introduced the following new policies:<\/p>\n<ul>\n<li><a href=\"https:\/\/docs.microsoft.com\/en-us\/DeployEdge\/microsoft-edge-policies#allhttpauthschemesallowedfororigins\" target=\"_blank\" rel=\"noopener\">AllHttpAuthSchemesAllowedForOrigins<\/a> &#8211; List of origins that allow all HTTP authentication<\/li>\n<li><a href=\"https:\/\/docs.microsoft.com\/en-us\/DeployEdge\/microsoft-edge-policies#outlookhubmenuenabled\" target=\"_blank\" rel=\"noopener\">OutlookHubMenuEnabled<\/a> &#8211; Allow users to access the Outlook menu<\/li>\n<li><a href=\"https:\/\/docs.microsoft.com\/en-us\/DeployEdge\/microsoft-edge-policies#networkservicesandboxenabled\" target=\"_blank\" rel=\"noopener\">NetworkServiceSandboxEnabled<\/a> &#8211; Enable the network service sandbox<\/li>\n<li><a href=\"https:\/\/docs.microsoft.com\/en-us\/DeployEdge\/microsoft-edge-policies#useragentclienthintsgreaseupdateenabled\" target=\"_blank\" rel=\"noopener\">UserAgentClientHintsGREASEUpdateEnabled<\/a> &#8211; Control the User-Agent Client Hints GREASE Update feature<\/li>\n<\/ul>\n<p>The browser should be updated automatically, but can also be downloaded from the <a href=\"https:\/\/www.microsoft.com\/en-us\/edge\" target=\"_blank\" rel=\"noopener\">Edge site<\/a>.<\/p>\n<p><strong>Addendum:<\/strong> I received feedback from my German readers (see also the comment below), that Edge has PDF printing issues after upgrading to version 102. Currently only German readers are affected &#8211; didn't found international users who are reporting this. Therefore here is the link to my German follow up article\u00a0<a href=\"https:\/\/www.borncity.com\/blog\/2022\/06\/02\/microsoft-edge-102-0-1245-30-erzeugt-fehler-beim-pdf-drucken\/\" rel=\"bookmark noopener noreferrer\" data-wpel-link=\"internal\">Microsoft Edge 102.0.1245.30 erzeugt Fehler beim PDF-Drucken<\/a>. Will write an English article, if I receive reports from international users.<\/p>\n<blockquote><p>There are also reports, that the Edge update creates Access violations or did not open (see <a href=\"https:\/\/answers.microsoft.com\/en-us\/microsoftedge\/forum\/all\/edge-1020124530-update-not-opening-on-dell-windows\/e68a1ce3-6e64-4f71-ad4f-6754777175a8\" target=\"_blank\" rel=\"noopener\">here<\/a> and <a href=\"https:\/\/answers.microsoft.com\/en-us\/microsoftedge\/forum\/all\/edge\/1938827d-02ec-47dc-9f74-70b7c4772abd?LastReply=true#LastReply\" target=\"_blank\" rel=\"noopener\">here<\/a>).<\/p><\/blockquote>\n<p>I've <a href=\"https:\/\/answers.microsoft.com\/en-us\/microsoftedge\/forum\/all\/microsoft-edge-1020124530-pdf-printing-broken\/05047262-6ed8-485b-a3c1-159a6058d97e\" target=\"_blank\" rel=\"noopener\">created a thread<\/a> within teh english Edge Microsoft Answers forum. A Frensh administrator confirmed the issue too. And on\u00a0Twitter I got <a href=\"https:\/\/twitter.com\/AdriftFuriously\/status\/1532331337956397061\" target=\"_blank\" rel=\"noopener external noreferrer\" data-wpel-link=\"external\">this answer<\/a> on my article:<\/p>\n<blockquote><p><em>Well\u2026 my entire org can't print PDFs, now. Not like we don't avg 10-20,000 prints per damn day or anything (load tags on shipments)<\/em>\u00a0und auf Nachfrage kam die Umgebung:\u00a0<em>Windows 11 Enterprise 22000.708 Language is English (Regional: English).<\/em><\/p><\/blockquote>\n<p>If you are affected, post also your Windows 10\/11 Build in a comment.\u00a0On Twitter I got the <a href=\"https:\/\/twitter.com\/AdriftFuriously\/status\/1532347803460112386\" target=\"_blank\" rel=\"noopener external noreferrer\" data-wpel-link=\"external\">2nd answer<\/a> from the above admin:<\/p>\n<blockquote><p>Got a call from Microsoft support and they confirmed they know about this issue and the GPO setting is the \"fix\" for now and they are working on further mitigation and\/or a patch. This IS related to the PDF security fixes put in place on this build\u2026<\/p><\/blockquote>\n<p>The GPO settings are described within <a href=\"https:\/\/www.borncity.com\/blog\/2022\/06\/02\/microsoft-edge-102-0-1245-30-erzeugt-fehler-beim-pdf-drucken\/#comment-126870\" target=\"_blank\" rel=\"noopener\">this comment<\/a> in my German blog.<\/p>\n<blockquote><p>In our case, the GPO setting \"Microsoft Edge \/ Print \/ Print via system print dialog box\" had to be set to not configured, i.e. that the Edge print dialog box is displayed.<\/p><\/blockquote>\n","protected":false},"excerpt":{"rendered":"<p>[German]Microsoft has published a security advisory on May 31, 2022, to point out various closed vulnerabilities in the Chromium Edge browser. At the end of the month, Edge version 102.0.1245.30 was released to fix 24 vulnerabilities.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[872,580,1547,22],"tags":[320,69,195],"class_list":["post-24699","post","type-post","status-publish","format-standard","hentry","category-browser","category-security","category-software","category-update","tag-edge","tag-security","tag-update"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/24699","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=24699"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/24699\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=24699"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=24699"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=24699"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}