MS Windows Wormable Vulnerability, Out-of-Band Patch Released (MS08-067)
Threat Type: Malicious Web Site / Malicious Code
Websense® Security LabsTM has received reports of exploits circulating in the wild that take advantage of a serious Windows vulnerability. Microsoft just released an out-of-band patch to address this just hours ago (see MS08-067).
The remote code execution vulnerability is found in netapi32.dll, and carries a severity rating of “Critical” by Microsoft, affecting even fully patched Windows machines. This vulnerability (CVE-2008-4250) allows malicious hackers to write a worm (self-propagating malicious code without need for any user interaction), by crafting a special RPC request. A successful exploitation would result in the complete control of victim machine.
To date, we have seen attacks installing a Trojan (Gimmiv) upon successful exploitation. At the time of this alert, only 25% of 36 anti-virus vendors could detect this malicious code. Blocking TCP ports 139 and 445 at the firewall is only a partial solution because most desktops have file/printer sharing turned on. The out-of-band patch release by Microsoft testifies to the severity of this vulnerability and the urgency for an immediate fix.
Websense is monitoring the development of this attack, and has classified the corresponding Web sites and malicious code that the exploit downloads.
More information:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4250
http://blogs.technet.com/mmpc/archive/2008/10/23/get-protected-now.aspx
http://blogs.technet.com/swi/archive/2008/10/23/More-detail-about-MS08-067.aspx
http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
Vulnerabilita’ in Microsoft Windows Kernel (954211)
Descrizione del problema
Questo aggiornamento di sicurezza risolve tre vulnerabilita’
relative al Microsoft Kernel.
Le vulnerabilita’ consentono ad un attaccante locale di ottenere
il controllo completo del sistema.
:: Software e Sistemi affetti
Microsoft Windows 2000 SP4
Microsoft Windows XP SP2
Microsoft Windows XP SP3
Microsoft Windows XP Professional x64
Microsoft Windows XP Professional x64 SP2
Microsoft Windows Server 2003 SP1
Microsoft Windows Server 2003 SP2
Microsoft Windows Server 2003 x64
Microsoft Windows Server 2003 x64 SP2
Microsoft Windows Server 2003 per Itanium SP1
Microsoft Windows Server 2003 per Itanium SP2
Microsoft Windows Vista
Microsoft Windows Vista SP1
Microsoft Windows Vista x64
Microsoft Windows Vista x64 SP1
Microsoft Windows Server 2008 per sistemi 32-bit
Microsoft Windows Server 2008 per sistemi x64
Microsoft Windows Server 2008 per sistemi Itanium
:: Impatto
Esecuzione di codice arbritario con privilegi superiori
:: Soluzioni
Applicare la patch segnalata nel bollettino Microsoft MS08-061
http://www.microsoft.com/technet/security/Bulletin/MS08-061.mspx
:: Riferimenti
Microsoft Security Bulletin MS08-061
http://www.microsoft.com/technet/security/Bulletin/MS08-061.mspx
FrSirt:
http://www.frsirt.com/english/advisories/2008/2812
Secunia:
http://secunia.com/advisories/32247/
SecurityFocus:
http://www.securityfocus.com/bid/31653
CVE Mitre:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2250
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2251
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2252
Vulnerabilita’ in Microsoft Active Directory (957280)
Descrizione del problema
Questo aggiornamento di sicurezza risolve una vulnerabilita’
nell’implementazione di Active Directory su Microsoft Windows
2000 Server.
La vulnerabilita’ consente da remoto esecuzione di codice
arbitrario se un attaccante ottiene accesso ad una rete affetta.
Questa vulnerabilita’ interessa soltanto i server Microsoft Windows
2000 configurati come domain controller.
:: Software e Sistemi affetti
Microsoft Windows 2000 Server Service Pack 4
:: Impatto
Esecuzione di codice arbritario
:: Soluzioni
Applicare la patch segnalata nel bollettino Microsoft MS08-060
http://www.microsoft.com/technet/security/Bulletin/MS08-060.mspx
:: Riferimenti
Microsoft Security Bulletin MS08-060
http://www.microsoft.com/technet/security/Bulletin/MS08-060.mspx
FrSirt:
http://www.frsirt.com/english/advisories/2008/2821
Secunia:
http://secunia.com/advisories/32242/
SecurityFocus:
http://www.securityfocus.com/bid/31609
CVE Mitre:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4023
Aggiornamento cumulativo per Internet Explorer (956390)
Descrizione del problema
Questo aggiornamento di sicurezza risolve sei vulnerabilita’
relative a Microsoft Internet Explorer.
Queste vulnerabilita’ consentono l’intercettazione e la disseminazione
di informazioni oppure l’esecuzione remota di codice arbitrario dopo
aver indotto un utente a visitare siti web malevoli.
Gli account utente configurati con meno privilegi sul sistema
potrebbero essere meno affetti rispetto ad utenti con privilegi di
amministratore.
:: Software e Sistemi affetti
Software:
Microsoft Internet Explorer 5.01 su Microsoft Windows 2000 SP4
Microsoft Internet Explorer 6 SP1 su Microsoft Windows 2000 SP4
Microsoft Internet Explorer 6 su Microsoft Windows XP SP2
Microsoft Internet Explorer 6 su Microsoft Windows XP SP3
Microsoft Internet Explorer 6 su Microsoft XP Professional x64
Microsoft Internet Explorer 6 su Microsoft XP Professional x64 SP2
Microsoft Internet Explorer 6 su Microsoft Windows Server 2003 SP1
Microsoft Internet Explorer 6 su Microsoft Windows Server 2003 SP2
Microsoft Internet Explorer 6 su Microsoft Windows Server 2003 x64
Microsoft Internet Explorer 6 su Microsoft Windows Server 2003 x64 SP2
Microsoft Internet Explorer 7 su Microsoft Windows XP SP2
Microsoft Internet Explorer 7 su Microsoft Windows XP SP3
Microsoft Internet Explorer 7 si Microsoft Windows XP Professional x64
Microsoft Internet Explorer 7 su Microsoft Windows Server 2003 SP1
Microsoft Internet Explorer 7 su Microsoft Windows Server 2003 SP2
Microsoft Internet Explorer 7 su Microsoft Windows Server 2003 x64
Microsoft Internet Explorer 7 su Microsoft Windows Server 2003 x64 SP2
Microsoft Internet Explorer 7 su Microsoft Windows Vista SP0 SP1
Microsoft Internet Explorer 7 su Microsoft Windows Vista x64 SP1
Microsoft Internet Explorer 7 su Microsoft Windows Server 2008
:: Impatto
Accesso ad informazioni sensibili
Accesso al sistema
Esecuzione remota di codice arbritario
:: Soluzioni
Applicare la patch segnalata nel bollettino Microsoft MS08-058
http://www.microsoft.com/technet/security/bulletin/ms08-058.mspx
:: Riferimenti
Microsoft Security Bulletin MS08-058
http://www.microsoft.com/technet/security/bulletin/ms08-058.mspx
FrSirt:
http://www.frsirt.com/english/advisories/2008/2809
SecurityFocus:
http://www.securityfocus.com/bid/29960
CVE Mitre:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2947
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3472
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3473
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3474
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3475
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3476
Alert GCSA-08099 – MS08-059 Vulnerabilita’ in Microsoft Host
Descrizione del problema
Questo aggiornamento di sicurezza risolve una vulnerabilita’
relativa a Microsoft Host Integration Server.
La vulnerabilita’ consente l’esecuzione remota di codice arbitrario
se un attaccante invia su una macchina affetta richieste RPC
appositamente forgiate.
:: Software e Sistemi affetti
Microsoft Host Integration Server 2000 SP2
Microsoft Host Integration Server 2000 Administrator Client
Microsoft Host Integration Server 2004 (Server)
Microsoft Host Integration Server 2004 SP1 (Server)
Microsoft Host Integration Server 2004 (Client)
Microsoft Host Integration Server 2004 SP1 (Client)
Microsoft Host Integration Server 2006 per sistemi 32-bit
Microsoft Host Integration Server 2006 per sistemi x64
:: Impatto
Esecuzione remota di codice arbritario
:: Soluzioni
Applicare la patch segnalata nel bollettino Microsoft MS08-059
http://www.microsoft.com/technet/security/Bulletin/MS08-059.mspx
:: Riferimenti
Microsoft Security Bulletin MS08-059
http://www.microsoft.com/technet/security/Bulletin/MS08-059.mspx
FrSirt:
http://www.frsirt.com/english/advisories/2008/2810
Secunia:
http://secunia.com/advisories/32233/
SecurityFocus:
http://www.securityfocus.com/bid/31620
CVE Mitre:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3466
Vulnerabilita’ in Microsoft Excel (956416)
Descrizione del problema
Questo aggiornamento di sicurezza risolve tre vulnerabilita’
relative a Microsoft Office Excel.
Le vulnerabilita’ consentono l’esecuzione remota di codice arbitrario
se un attaccante apre file di Excel appositamente predisposti.
Un attaccante che sia riuscito a sfruttare queste vulnerabilita’
potrebbe ottenere il controllo completo del sistema.
:: Software e Sistemi affetti
Microsoft Office 2000 SP3
Microsoft Office XP SP3
Microsoft Office 2003 SP2
Microsoft Office 2003 SP3
2007 Microsoft Office System
2007 Microsoft Office System SP1
Microsoft Office Excel Viewer
Microsoft Office Excel Viewer 2003
Microsoft Office Excel Viewer 2003 SP3
Microsoft Office Compatibility Pack
Microsoft Office Compatibility Pack SP1
Microsoft Office SharePoint Server 2007
Microsoft Office SharePoint Server 2007 SP1
Microsoft Office SharePoint Server 2007 x64
Microsoft Office SharePoint Server 2007 x64 SP1
Microsoft Office 2004 per Mac
Microsoft Office 2008 per Mac
Open XML File Format Converter per Mac
:: Impatto
Esecuzione remota di codice arbritario
:: Soluzioni
Applicare la patch segnalata nel bollettino Microsoft MS08-057
http://www.microsoft.com/technet/security/bulletin/ms08-057.mspx
:: Riferimenti
Microsoft Security Bulletin MS08-057
http://www.microsoft.com/technet/security/bulletin/ms08-059.mspx
FrSirt:
http://www.frsirt.com/english/advisories/2008/2808
Secunia:
http://secunia.com/advisories/32211/
SecurityFocus:
http://www.securityfocus.com/bid/31705
CVE Mitre:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3477
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3471
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4019
-
