Aggiornamento di sicurezza per Adobe Flash Player

Inserito da 13 Marzo, 2016 (0) Commenti

Si tratta di :ICT and Computer Security

SI TRATTA DI UNA NOTIZIA VERA
AGGIORNARE IMMEDIATAMENTE IL VOSTROI FLASH PLAYER

:: Descrizione del problema

Adobe ha rilasciato un aggiornamento del Flash Player
che risolve numerose vulnerabilita’ presenti nel software.
Tali difetti potrebbero consentire ad un aggressore
di prendere il controllo del sistema.

Maggiori dettagli sono disponibili nella segnalazione
ufficiale alla sezione “Riferimenti”.

:: Software interessato

adobe_flash_

Flash Player Desktop Runtime 20.0.0.306 e precedenti per Windows e Macintosh
Flash Player Extended Support Release 18.0.0.329 e precedenti per
Windows e Macintosh
Flash Player per Google Chrome 20.0.0.306 e precedenti per Windows,
Macintosh, Linux e ChromeOS
Flash Player per Microsoft Edge e Internet Explorer 11 20.0.0.306 e
precedenti per Windows 10
Flash Player per Internet Explorer 10 e 11 20.0.0.306 e precedenti per
Windows 8.0 e 8.1
Flash Player per Linux 11.2.202.569 e precedenti per Linux

AIR Desktop Runtime 20.0.0.260 e precedenti per Windows e Macintosh
AIR SDK 20.0.0.260 e precedenti per Windows, Macintosh, Android e iOS
AIR SDK & Compiler 20.0.0.260 e precedenti per Windows, Macintosh,
Android e iOS
AIR for Android 20.0.0.233 e precedenti per Android

Per verificare la versione di Flash Player installata
accedere alla seguente pagina

http://www.adobe.com/products/flash/about/

se si utilizzano piu’ browser effettuare il controllo
da ognuno di essi.

:: Impatto

Esecuzione remota di codice arbitrario
Accesso al sistema

:: Soluzioni

Aggiornare a Flash Player 21.0.0.182 per Windows
e Macintosh, Google Chrome, Microsoft Edge e Internet Explorer 11
Aggiornare a Flash Player Extended Support 18.0.0.333 per Windows e
Macintosh
Aggiornare a Flash Player 11.2.202.577 per Linux
Aggiornare a AIR 21.0.0.176

http://www.adobe.com/go/getflash

gli utenti Windows possono anche utilizzare la funzione auto-update
presente nel prodotto, quando proposta.

:: Riferimenti

Abobe Security Bulletin
https://helpx.adobe.com/security/products/flash-player/apsb16-08.html

Microsoft Security Advisory
https://technet.microsoft.com/library/security/MS16-036

MITRE-CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0960
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0961
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0962
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0963
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0986
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0987
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0988
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0989
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0990
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0991
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0992
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0993
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0994
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0995
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0996
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0997
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0998
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0999
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1001
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1002
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1005
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1010

Fonte: Garr

Categories : ICT and Computer Security Tags : , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

13 bollettini di sicurezza relativi a vulnerabilita’ Microsoft

Inserito da 20 Settembre, 2013 (0) Commenti

Si tratta di :Exploits,Sicurezza

Microsoft ha rilasciato 13 bollettini di sicurezza relativi
a vulnerabilita’ presenti nei sistemi operativi Windows
e in altre applicazioni

MS13-067 Vulnerabilita’ in Microsoft SharePoint Server
MS13-068 Vulnerabilita’ in Microsoft Outlook
MS13-069 Aggiornamento cumulativo Internet Explorer
MS13-070 Vulnerabilita’ in OLE
MS13-071 Vulnerabilita’ nel file dei temi di Windows
MS13-072 Vulnerabilita’ in Microsoft Office
MS13-073 Vulnerabilita’ di Microsoft Excel
MS13-074 Vulnerabilita’ in Microsoft Access
MS13-075 Vulnerabilita’ in Microsoft Office IME (cinese)
MS13-076 Vulnerabilita’ nei driver in modalita’ kernel
MS13-077 Vulnerabilita’ nella Gestione controllo servizi di Windows
MS13-078 Vulnerabilita’ in FrontPage
MS13-079 Vulnerabilita’ in Active Directory

Maggiori dettagli sono disponibili nella segnalazioni ufficiali
alla sezione “Riferimenti”.

:: Software interessato

Microsoft Windows (Internet Explorer)
Microsoft Outlook
Microsoft Office
Microsoft SharePoint Server
Microsoft FrontPage
Microsoft Active Directory

:: Impatto

Esecuzione di codice in modalita’ remota
Acquisizione di privilegi piu’ elevati
Denial of Service
Rivelazione e intercettazione di dati sensibili

:: Soluzioni

Installare manualmente le patch indicate nei bollettini Microsoft,
oppure utilizzare uno degli strumenti di aggiornamento come:
Aggiornamenti Automatici, Windows Update, Microsoft Update,
Windows Server Update Services, Systems Management Server.

:: Riferimenti

Riepilogo dei bollettini Microsoft sulla sicurezza – Settembre 2013
http://technet.microsoft.com/it-it/security/bulletin/ms13-sep

Bollettini Microsoft sulla sicurezza
http://technet.microsoft.com/it-it/security/bulletin/MS13-067
http://technet.microsoft.com/it-it/security/bulletin/MS13-068
http://technet.microsoft.com/it-it/security/bulletin/MS13-069
http://technet.microsoft.com/it-it/security/bulletin/MS13-070
http://technet.microsoft.com/it-it/security/bulletin/MS13-071
http://technet.microsoft.com/it-it/security/bulletin/MS13-072
http://technet.microsoft.com/it-it/security/bulletin/MS13-073
http://technet.microsoft.com/it-it/security/bulletin/MS13-074
http://technet.microsoft.com/it-it/security/bulletin/MS13-075
http://technet.microsoft.com/it-it/security/bulletin/MS13-076
http://technet.microsoft.com/it-it/security/bulletin/MS13-077
http://technet.microsoft.com/it-it/security/bulletin/MS13-078
http://technet.microsoft.com/it-it/security/bulletin/MS13-079

Microsoft Knowledge Base
http://support.microsoft.com/kb/2834052
http://support.microsoft.com/kb/2756473
http://support.microsoft.com/kb/2870699
http://support.microsoft.com/kb/2876217
http://support.microsoft.com/kb/2864063
http://support.microsoft.com/kb/2845537
http://support.microsoft.com/kb/2858300
http://support.microsoft.com/kb/2848637
http://support.microsoft.com/kb/2878687
http://support.microsoft.com/kb/2876315
http://support.microsoft.com/kb/2872339
http://support.microsoft.com/kb/2825621
http://support.microsoft.com/kb/2853587

Microsoft Update
http://windowsupdate.microsoft.com
https://www.update.microsoft.com/
http://support.microsoft.com/kb/294871

ISC SANS
http://isc.sans.edu/diary.html?storyid=16538

Mitre CVE
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0081
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0810
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1315
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1330
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1341
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1342
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1343
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1344
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3137
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3155
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3156
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3157
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3158
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3159
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3160
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3179
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3180
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3201
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3202
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3203
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3204
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3205
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3206
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3207
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3208
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3209
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3845
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3847
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3848
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3849
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3850
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3851
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3852
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3853
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3854
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3855
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3856
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3857
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3858
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3859
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3862
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3863
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3864
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3865
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3866
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3868
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3870

 

 

Categories : Exploits,Sicurezza Tags : , , , , , , , , , , , , , , , , , ,

Microsoft Updates for Multiple Vulnerabilities

Inserito da 13 Aprile, 2011 (0) Commenti

Si tratta di :ICT and Computer Security

Original release date: April 12, 2011
Last revised: —
Source: US-CERT

Systems Affected

* Microsoft Windows
* Microsoft Office
* Microsoft Internet Explorer
* Microsoft Visual Studio

Overview

There are multiple vulnerabilities in Microsoft Windows, Office,
Internet Explorer, and Visual Studio. Microsoft has released
updates to address these vulnerabilities.

Solution

Install updates

The updates to address these vulnerabilities are available on the
Microsoft Update site (requires Internet Explorer). We recommend
enabling Automatic Updates.

Description

The Microsoft Security Bulletin Summary for April 2011 describes
multiple vulnerabilities in Microsoft Windows, Office, Internet
Explorer, and Visual Studio. Microsoft has released updates to
address the vulnerabilities.

References

* Microsoft Security Bulletin Summary for April 2011 –
<http://www.microsoft.com/technet/security/bulletin/ms11-apr.mspx>

* Microsoft Update – <https://www.update.microsoft.com/>

* Microsoft Update Overview –
<http://www.microsoft.com/security/updates/mu.aspx>

Categories : ICT and Computer Security Tags : , , , , , , , , , , , , , , , , , , , , ,

attenzione : Vulnerabilita’ in Microsoft DirectShow, apri il video e sei fritto….

Inserito da 12 Febbraio, 2010 (0) Commenti

Si tratta di :Exploits

attenzione : Vulnerabilita’ in Microsoft DirectShow
****************************************************************** :: Descrizione del problema
Microsoft ha rilasciato un aggiornamento per risolvere una   vulnerabilita’ di tipo heap overflow presente in Microsoft DirectShow.
La vulnerabilita’ potrebbe consentire l’esecuzione remota di   codice arbitrario se l’utente apre un file AVI artefatto,   anche durante la navigazione sul web.
Software interessato
Windows 2000 SP4
Windows XP SP2
Windows XP SP3
Windows XP Pro x64 Edition SP2
Windows Vista   Windows Vista SP1
Windows Vista SP2
Windows Vista x64 Edition
Windows Vista x64 Edition SP1
Windows Vista x64 Edition SP2   Windows 7 (32-bit)   Windows 7 (x64)
Windows Server 2003 SP2
Windows Server 2003 x64 Edition SP2
Windows Server 2003 SP2 (Itanium)
Windows Server 2008 (32-bit)
Windows Server 2008 (32-bit) SP2
Windows Server 2008 (x64)
Windows Server 2008 (x64) SP2
Windows Server 2008 (Itanium)
Windows Server 2008 (Itanium) SP2
Windows Server 2008 R2 (x64)
Windows Server 2008 R2 (Itanium)

Impatto :
Esecuzione remota di codice arbitrario
Conquista del controllo sul sistema
:: Soluzioni
Installare manualmente la patch elencata nel bollettino Microsoft,   oppure utilizzare uno degli strumenti di aggiornamento come:   Aggiornamenti Automatici, Windows Update, Microsoft Update,   Windows Server Update Services, Systems Management Server.
:: Riferimenti
Microsoft Security Bulletin   http://www.microsoft.com/technet/security/Bulletin/MS10-013.mspx
Microsoft Knowledge Base
http://support.microsoft.com/kb/977935
Microsoft Update e Aggiornamenti Automatici
http://go.microsoft.com/fwlink/?LinkID=40747
https://www.update.microsoft.com/microsoftupdate/v6/   http://support.microsoft.com/kb/306525/
TippingPoint Zero Day Initiative
http://www.zerodayinitiative.com/advisories/ZDI-10-015/
Mitre’s CVE ID   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0250   Vupen Security   http://www.vupen.com/english/advisories/2010/0346
ISC SANS   http://isc.sans.org/diary.html?storyid=8197

Categories : Exploits Tags : , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,