Sicurezza

Heartbleed + OpenSSL = Cambiare tutte le password ai siti vulnerabili.

Inserito da 24 April, 2014 (0) Commenti

Si tratta di :Exploits,Sicurezza

heartbleed-285x343Alcuni ricercatori hanno scoperto in versioni recenti di  OpenSSL delle vulnerabilità critiche. OpenSSL è una tecnologia che è usata da milioni di sitiweb per criptare le comunicazioni con gli utenti internet. Tale tecnologia sta alla base per garantire la riservatezza dei nostri dati e di ciò che inviamo attraverso diversi siti internet e persino app.

Il problema diventa serio e non è stato risolto del tutto…

soluzione temporanea ma rapida  :
Heartbleed + OpenSSL = Cambiare tutte le password ai siti vulnerabili.

Sono passati circa 10 giorni dal primo allarme e il problema non sembra esser risolto, è un vero problema, infatti sono stati diffusi semplici exploits che consentono a chiunque di  poter rubare username e password dai siti vulnerabili. E’ posssibile rubare anche le chiavi usate dai siti per criptare  e decriptare dati sensibili.

Il bug Heartbleed consente a chiunque su Internet per leggere la memoria dei sistemi protetti dalle versioni vulnerabili del software OpenSSL.Questo compromette le chiavi segrete utilizzate per identificare i fornitori di servizi e per crittografare il traffico, i nomi e le password degli utenti e il contenuto effettivo. Ciò consente agli aggressori di intercettare le comunicazioni, e rubare i dati direttamente dai servizi attivi con gli utenti e di impersonare servizi e utenti.

Un advisory emesso da CERT della Carnegie Mellon University rileva che la vulnerabilità è presente in  siti con versioni di OpenSSL dalla 1.0.1 fino a lla 1.0.1f. Secondo Netcraft, società che controlla la tecnologia utilizzata da vari siti web, più di mezzo milione di siti sono attualmente vulnerabili. Persiono Yahoo.com, e - ironia della sorte - il sito di openssl.org. Ma l’elenco dei siti web vulnerabili è molto vasto sono infetti  i primi 1.000 siti più popolari in base alla società di web ranking Alexa.

Siete curiosi volete sapere se un sito è vulnerabile ?

inserite l’indirizzo dels sito web qui https://filippo.io/Heartbleed/

Categories : Exploits,Sicurezza Tags : , , , , , , ,

Individuata vulnerabilità in alcuni router Netgear

Inserito da 27 October, 2013 (0) Commenti

Si tratta di :Sicurezza

netgearOcchio ai vostri router altrimenti qualcuno potrebbe divertirsi alle vostre spalle…
è una notizia vera !!! ATTENZIONE…

Zachary Cutlip, ricercatore della società di sicurezza informatica Tactical Network Solutions, ha individuato vulnerabilità nei router Netgear wireless e in alcuni NAS di Netgear che potrebbe mettere a rischio attacco remoto gli utenti e compromettere la sicurezza delle loro connessioni.  L’ultima revisione hardware dei Dual-Band Gigabit Router wireless N600, noto come WNDR3700v4, ha varie vulnerabilità che permettono a un attacker di bypassare il meccanismo di autenticazione verso l’interfaccia web del router. “Portandosi all’indirizzo  http://<indirizzo router>/BRS_02_genieHelp.html

è possibile bypassare la pagina di autenticazione e attivare l’interfaccia di amministrazione” spiega Cutlip in un post sul suo blog, “ma non solo, il meccanismo di autenticazione rimane disabilitato al riavvio e naturalmente se l’amministrazione attiva funzionalità di amministrazione in remoto, è possibile eseguire l’accesso dalla dannata internet”.

Una vulnerabilità simile è stata individuata da ricercatori di Independent Security Evaluators (ISE) ad aprile di quest’anno su un router modello Netgear CENTRIA (WNDR4700); in questo caso, l’URL che permette di bypassare il meccanismo di autenticazione era

http://[indirizzio IP del oruter]/BRS_03B_haveBackupFile_fileRestore.html

Netgear ha risolto la vulnerabilità con il firmware  NDR4700 1.0.0.52 rilasciato a luglio. La società non ha evidentemente verificato la presenza della stessa vulnerabilità su altri dispositivi.

Il firmware più aggiornato per il modello NDR3700v4 è la versione 1.0.1.42; Cutlip ha eseguito i test sui router con il firmware versione 1.0.1.32 ma i primi test su quello più nuovo confermano che la vulnerabilità è ancora presente.

Vulnerabilità su questi e altri dispositivi non sono una novità. Ad aprile di quest’anno, Craig Young, ricercatore esperto di sicurezza di Tripwire, ha individuato vulnerabilità critiche nell’interfaccia web di gestione dei NAS della serie ReadyNAS di Netgear, inclusa una che permette di autenticarsi e ottenere completo accesso come root. Il produttore è stato avvisato e un firmware aggiornato è stato rilasciato.

 

 

Categories : Sicurezza Tags : , , , , , , , ,

13 bollettini di sicurezza relativi a vulnerabilita’ Microsoft

Inserito da 20 September, 2013 (0) Commenti

Si tratta di :Exploits,Sicurezza

Microsoft ha rilasciato 13 bollettini di sicurezza relativi
a vulnerabilita’ presenti nei sistemi operativi Windows
e in altre applicazioni

MS13-067 Vulnerabilita’ in Microsoft SharePoint Server
MS13-068 Vulnerabilita’ in Microsoft Outlook
MS13-069 Aggiornamento cumulativo Internet Explorer
MS13-070 Vulnerabilita’ in OLE
MS13-071 Vulnerabilita’ nel file dei temi di Windows
MS13-072 Vulnerabilita’ in Microsoft Office
MS13-073 Vulnerabilita’ di Microsoft Excel
MS13-074 Vulnerabilita’ in Microsoft Access
MS13-075 Vulnerabilita’ in Microsoft Office IME (cinese)
MS13-076 Vulnerabilita’ nei driver in modalita’ kernel
MS13-077 Vulnerabilita’ nella Gestione controllo servizi di Windows
MS13-078 Vulnerabilita’ in FrontPage
MS13-079 Vulnerabilita’ in Active Directory

Maggiori dettagli sono disponibili nella segnalazioni ufficiali
alla sezione “Riferimenti”.

:: Software interessato

Microsoft Windows (Internet Explorer)
Microsoft Outlook
Microsoft Office
Microsoft SharePoint Server
Microsoft FrontPage
Microsoft Active Directory

:: Impatto

Esecuzione di codice in modalita’ remota
Acquisizione di privilegi piu’ elevati
Denial of Service
Rivelazione e intercettazione di dati sensibili

:: Soluzioni

Installare manualmente le patch indicate nei bollettini Microsoft,
oppure utilizzare uno degli strumenti di aggiornamento come:
Aggiornamenti Automatici, Windows Update, Microsoft Update,
Windows Server Update Services, Systems Management Server.

:: Riferimenti

Riepilogo dei bollettini Microsoft sulla sicurezza – Settembre 2013
http://technet.microsoft.com/it-it/security/bulletin/ms13-sep

Bollettini Microsoft sulla sicurezza
http://technet.microsoft.com/it-it/security/bulletin/MS13-067
http://technet.microsoft.com/it-it/security/bulletin/MS13-068
http://technet.microsoft.com/it-it/security/bulletin/MS13-069
http://technet.microsoft.com/it-it/security/bulletin/MS13-070
http://technet.microsoft.com/it-it/security/bulletin/MS13-071
http://technet.microsoft.com/it-it/security/bulletin/MS13-072
http://technet.microsoft.com/it-it/security/bulletin/MS13-073
http://technet.microsoft.com/it-it/security/bulletin/MS13-074
http://technet.microsoft.com/it-it/security/bulletin/MS13-075
http://technet.microsoft.com/it-it/security/bulletin/MS13-076
http://technet.microsoft.com/it-it/security/bulletin/MS13-077
http://technet.microsoft.com/it-it/security/bulletin/MS13-078
http://technet.microsoft.com/it-it/security/bulletin/MS13-079

Microsoft Knowledge Base
http://support.microsoft.com/kb/2834052
http://support.microsoft.com/kb/2756473
http://support.microsoft.com/kb/2870699
http://support.microsoft.com/kb/2876217
http://support.microsoft.com/kb/2864063
http://support.microsoft.com/kb/2845537
http://support.microsoft.com/kb/2858300
http://support.microsoft.com/kb/2848637
http://support.microsoft.com/kb/2878687
http://support.microsoft.com/kb/2876315
http://support.microsoft.com/kb/2872339
http://support.microsoft.com/kb/2825621
http://support.microsoft.com/kb/2853587

Microsoft Update
http://windowsupdate.microsoft.com
https://www.update.microsoft.com/
http://support.microsoft.com/kb/294871

ISC SANS
http://isc.sans.edu/diary.html?storyid=16538

Mitre CVE
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0081
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0810
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1315
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1330
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1341
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1342
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1343
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1344
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3137
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3155
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3156
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3157
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3158
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3159
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3160
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3179
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3180
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3201
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3202
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3203
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3204
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3205
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3206
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3207
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3208
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3209
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3845
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3847
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3848
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3849
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3850
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3851
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3852
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3853
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3854
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3855
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3856
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3857
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3858
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3859
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3862
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3863
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3864
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3865
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3866
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3868
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3870

 

 

Categories : Exploits,Sicurezza Tags : , , , , , , , , , , , , , , , , , ,

5 bollettini di sicurezza relativi a vulnerabilita’ presenti nei sistemi operativi Windows

Inserito da 15 June, 2013 (0) Commenti

Si tratta di :Sicurezza

: Descrizione del problema

Microsoft ha rilasciato 5 bollettini di sicurezza relativi
a vulnerabilita’ presenti nei sistemi operativi Windows
e in altre applicazioni:

MS13-047 Aggiornamento cumulativo per la protezione di Internet Explorer (2838727)
MS13-048 Vulnerabilita’ in Windows Kernel (2839229)
MS13-049 Vulnerabilita’ nel Driver Kernel-Mode (2845690)
MS13-050 Vulnerabilita’ nei Componenti Print Spooler di Windows (2839894)
MS13-051 Vulnerabilita’ in Microsoft Office (2839571)

Maggiori dettagli sono disponibili nella segnalazioni ufficiali
alla sezione “Riferimenti”.

:: Software interessato

Microsoft Windows
Microsoft Internet Explorer
Microsoft Office

:: Impatto

Esposizione di informazioni sensibili
Attacco di tipo Denial of Service
Acquisizione di privilegi piu’ elevati
Esecuzione di codice in modalita’ remota

:: Soluzioni

Installare manualmente le patch indicate nei bollettini Microsoft,
oppure utilizzare uno degli strumenti di aggiornamento come:
Aggiornamenti Automatici, Windows Update, Microsoft Update,
Windows Server Update Services, Systems Management Server.

:: Riferimenti

Riepilogo dei bollettini Microsoft sulla sicurezza – Giugno 2013
http://technet.microsoft.com/it-it/security/bulletin/ms13-jun

Bollettini Microsoft sulla sicurezza
http://technet.microsoft.com/it-it/security/bulletin/MS13-047
http://technet.microsoft.com/it-it/security/bulletin/MS13-048
http://technet.microsoft.com/it-it/security/bulletin/MS13-049
http://technet.microsoft.com/it-it/security/bulletin/MS13-050
http://technet.microsoft.com/it-it/security/bulletin/MS13-051

Microsoft Knowledge Base
http://support.microsoft.com/kb/2838727
http://support.microsoft.com/kb/2839229
http://support.microsoft.com/kb/2845690
http://support.microsoft.com/kb/2839894
http://support.microsoft.com/kb/2839571

Microsoft Update
http://windowsupdate.microsoft.com
https://www.update.microsoft.com/
http://support.microsoft.com/kb/294871

Mitre CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3110
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3111
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3112
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3113
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3114
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3115
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3116
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3117
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3118
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3119
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3120
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3121
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3122
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3123
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3124
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3125
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3139
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3141
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3142
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3136
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3138
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1339
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1331

SANS ISC Diary
http://isc.sans.edu/diary.html?storyid=15977&rss

Categories : Sicurezza Tags : , , , , , , , , , ,

Important Security Update: Reset Your Drupal.org Password

Inserito da 30 May, 2013 (0) Commenti

Si tratta di :Exploits,Sicurezza

The Drupal.org Security Team and Infrastructure Team has discovered unauthorized access to account information on Drupal.org and groups.drupal.org.

This access was accomplished via third-party software installed on the Drupal.org server infrastructure, and was not the result of a vulnerability within Drupal itself. This notice applies specifically to user account data stored on Drupal.org and groups.drupal.org, and not to sites running Drupal generally.

Information exposed includes usernames, email addresses, and country information, as well as hashed passwords. However, we are still investigating the incident and may learn about other types of information compromised, in which case we will notify you accordingly. As a precautionary measure, we’ve reset all Drupal.org account holder passwords and are requiring users to reset their passwords at their next login attempt. A user password can be changed at any time by taking the following steps.

  1. Go to https://drupal.org/user/password
  2. Enter your username or email address.
  3. Check your email and follow the link to enter a new password.
    • It can take up to 15 minutes for the password reset email to arrive. If you do not receive the e-mail within 15 minutes, make sure to check your spam folder as well.

All Drupal.org passwords are both hashed and salted, although some older passwords on some subsites were not salted.

See below recommendations on additional measure that you can take to protect your personal information.

What happened?

Unauthorized access was made via third-party software installed on the Drupal.org server infrastructure, and was not the result of a vulnerability within Drupal itself. We have worked with the vendor to confirm it is a known vulnerability and has been publicly disclosed. We are still investigating and will share more detail when it is appropriate. Upon discovering the files during a security audit, we shut down the association.drupal.org website to mitigate any possible ongoing security issues related to the files. The Drupal Security Team then began forensic evaluations and discovered that user account information had been accessed via this vulnerability.

The suspicious files may have exposed profile information like username, email address, hashed password, and country. In addition to resetting your password on Drupal.org, we are also recommending a number of measures (below) for further protection of your information, including, among others, changing or resetting passwords on other sites where you may use similar passwords.

What are we doing about it?

We take security very seriously on Drupal.org. As attacks on high-profile sites (regardless of the software they are running) are common, we strive to continuously improve the security of all Drupal.org sites.

To that end, we have taken the following steps to secure the Drupal.org infrastructure:

  • Staff at the OSU Open Source Lab (where Drupal.org is hosted) and the Drupal.org infrastructure teams rebuilt production, staging, and development webheads and GRSEC secure kernels were added to most servers
  • We are scanning and have not found any additional malicious or dangerous files and we are making scanning a routine job in our process
  • There are many subsites on Drupal.org including older sites for specific events. We created static archives of those sites.

We would also like to acknowledge that we are conducting an investigation into the incident, and we may not be able to immediately answer all of the questions you may have. However, we are committed to transparency and will report to the community once we have an investigation report.

If you find that any reason to believe that your information has been accessed by someone other than yourself, please contact the Drupal Association immediately by sending an email to password@association.drupal.org. We regret this occurred and want to assure you we are working hard to improve security.

Thank you,
Holly Ross
Drupal Association Executive Director

FAQ

What happened?

The Drupal.org Security Team and Infrastructure Team has identified unauthorized access to user information on Drupal.org and groups.drupal.org, which occured via third-party software installed on the Drupal.org server infrastructure.

What information of mine was exposed?

The information includes username, email address, hashed passwords, and country for some users. However, we are still investigating the incident and may learn about other types of information compromised, in which case we will notify you accordingly.

Was my credit card information exposed?

We do not store credit card information on our site and have uncovered no evidence that card numbers may have been intercepted. However, we are still investigating the incident and may learn about other types of information compromised, in which case we will notify you accordingly.

Were projects or hosted drupal.org code altered?

We have no evidence to suggest that an unauthorized user modified Drupal core or any contributed projects or packages on Drupal.org. Software distributed on Drupal.org is open source and bundled from publicly accessible repositories with log histories and access controls.

Does this affect my own Drupal site?

This notice applies specifically to user account data stored on Drupal.org and groups.drupal.org, and not to sites running Drupal generally. However, we recommend that you follow best practices and follow any security notices from Drupal.org or third party integrations to keep your site safe. Resources include the following sites:

How did the access happen?

Unauthorized access was made via third-party software installed on the Drupal.org server infrastructure, and was not the result of a vulnerability within Drupal itself. We have worked with the vendor to confirm it is a known vulnerability and has been publicly disclosed. We are still investigating and will share more detail when it is appropriate.

What has been done to prevent this type of unauthorized access in the future?

There have been several infrastructure and application changes including:

  • Open Source Lab, the group that hosts the servers for Drupal and infrastructure teams rebuilt production, staging, and development webheads
  • GRSEC secure kernels were added to most servers
  • An anti-virus scanner was run over file servers, and run routinely to detect malicious files being uploaded to the Drupal.org servers.
  • We hardened our Apache web server configurations
  • We made static archives of any site that has been end-of-lifed and will not be updated in the future
  • Sites that were no longer going to receive feature or content updates were converted to static copies to minimize maintenance.
  • We removed old passwords on sub-sites and non-production installations

Do you have any information about the identity of the person or group who did this?

At this point there is no information to share.

What is the security team doing to investigate the unauthorized access?

We have a forensics team made up of both Drupal Association staff and trusted community volunteers who are security experts working on the issue around the clock.

How is my Drupal.org password protected?

Passwords on Drupal.org are stored in a hashed format. Currently, passwords are both hashed and salted using multiple rounds of hashing (based on PHPass). Passwords on some subsites were not salted.

Who maintains the Drupal.org site?

The Drupal Association is responsible for maintaining the site, with the assistance of many trusted Drupal community volunteers.

What else can I do to protect myself?

First, we recommend as a precaution that you change or reset passwords on other sites where you may use similar passwords, even though all passwords on Drupal.org are salted and hashed. Some older passwords on some subsites were not salted. To make your password more secure:

  • Do not use passwords that are simple words or phrases
  • Never use the same password on multiple sites or services
  • Use different types of characters in your password (uppercase letters, lowercase letters, numbers, and symbols).

Second, be cautious if you receive e-mails asking for your personal information and be on the lookout for unwanted spam. It is not our practice to request personal information by e-mail. Also, beware of emails that threaten to close your account if you do not take the “immediate action” of providing personal information.

Although we do not store credit card information, as a precaution we recommend you closely monitor your financial accounts if you made a transaction on association.drupal.org or if you use a password with your fianancial institution that is similar to your Drupal.org password. If you see unauthorized activity (in the U.S.), we also suggest that you submit a complaint with the Federal Trade Commission (“FTC”) by calling 1-877-ID-THEFT (1-877-438-4338).

Based on the results of the investigation into this incident, we may update the FAQs and may recommend additional measures for protecting your personal information.

Source: https://drupal.org/news/130529SecurityUpdate

Categories : Exploits,Sicurezza Tags : , , , , , , , , ,

Vulnerabilita’ 0-day in Microsoft XML Core Services

Inserito da 19 June, 2012 (0) Commenti

Si tratta di :Exploits,Sicurezza

:: Descrizione:
E’ stata riportata una vulnerabilita’ in Microsoft XML Core Services, che potrebbe essere sfruttata da malintenzionati per compromettere un sistema che ne sia affetto.
La vulnerabilita’ e’ causata da un errore durante il tentativo di accesso ad un oggetto in memoria che non e’ stato inizializzato.

Lo sfruttamento permette l’esecuzione di codice arbitrario, ad esempio, inducendo l’utente a visualizzare pagine web malevole in Internet Explorer.

La vulnerabilita’ e’ riportata come 0-day e risulta essere attivamente sfruttata.

:: Software interessato:

Microsoft Office 2003 Professional Edition
Microsoft Office 2003 Small Business Edition
Microsoft Office 2003 Standard Edition
Microsoft Office 2003 Student and Teacher Edition
Microsoft Office 2007
Microsoft XML Core Services (MSXML) versioni dalla 3.x alla 6.X

:: Impatto:

Accesso remoto al sistema
Esecuzione di codice arbitrario

:: Soluzioni:

Applicare il Fix it rilasciato da Microsoft:
http://support.microsoft.com/kb/2719615

:: Riferimenti:

Microsoft:
http://technet.microsoft.com/en-us/security/advisory/2719615

Secunia:
http://secunia.com/advisories/49456/

Mitre CVE ID:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1889

Categories : Exploits,Sicurezza Tags : , , , , , , , , , , ,