13 bollettini di sicurezza relativi a vulnerabilita’ Microsoft

Inserito da 20 Settembre, 2013 (0) Commenti

Si tratta di :Exploits,Sicurezza

Microsoft ha rilasciato 13 bollettini di sicurezza relativi
a vulnerabilita’ presenti nei sistemi operativi Windows
e in altre applicazioni

MS13-067 Vulnerabilita’ in Microsoft SharePoint Server
MS13-068 Vulnerabilita’ in Microsoft Outlook
MS13-069 Aggiornamento cumulativo Internet Explorer
MS13-070 Vulnerabilita’ in OLE
MS13-071 Vulnerabilita’ nel file dei temi di Windows
MS13-072 Vulnerabilita’ in Microsoft Office
MS13-073 Vulnerabilita’ di Microsoft Excel
MS13-074 Vulnerabilita’ in Microsoft Access
MS13-075 Vulnerabilita’ in Microsoft Office IME (cinese)
MS13-076 Vulnerabilita’ nei driver in modalita’ kernel
MS13-077 Vulnerabilita’ nella Gestione controllo servizi di Windows
MS13-078 Vulnerabilita’ in FrontPage
MS13-079 Vulnerabilita’ in Active Directory

Maggiori dettagli sono disponibili nella segnalazioni ufficiali
alla sezione “Riferimenti”.

:: Software interessato

Microsoft Windows (Internet Explorer)
Microsoft Outlook
Microsoft Office
Microsoft SharePoint Server
Microsoft FrontPage
Microsoft Active Directory

:: Impatto

Esecuzione di codice in modalita’ remota
Acquisizione di privilegi piu’ elevati
Denial of Service
Rivelazione e intercettazione di dati sensibili

:: Soluzioni

Installare manualmente le patch indicate nei bollettini Microsoft,
oppure utilizzare uno degli strumenti di aggiornamento come:
Aggiornamenti Automatici, Windows Update, Microsoft Update,
Windows Server Update Services, Systems Management Server.

:: Riferimenti

Riepilogo dei bollettini Microsoft sulla sicurezza – Settembre 2013
http://technet.microsoft.com/it-it/security/bulletin/ms13-sep

Bollettini Microsoft sulla sicurezza
http://technet.microsoft.com/it-it/security/bulletin/MS13-067
http://technet.microsoft.com/it-it/security/bulletin/MS13-068
http://technet.microsoft.com/it-it/security/bulletin/MS13-069
http://technet.microsoft.com/it-it/security/bulletin/MS13-070
http://technet.microsoft.com/it-it/security/bulletin/MS13-071
http://technet.microsoft.com/it-it/security/bulletin/MS13-072
http://technet.microsoft.com/it-it/security/bulletin/MS13-073
http://technet.microsoft.com/it-it/security/bulletin/MS13-074
http://technet.microsoft.com/it-it/security/bulletin/MS13-075
http://technet.microsoft.com/it-it/security/bulletin/MS13-076
http://technet.microsoft.com/it-it/security/bulletin/MS13-077
http://technet.microsoft.com/it-it/security/bulletin/MS13-078
http://technet.microsoft.com/it-it/security/bulletin/MS13-079

Microsoft Knowledge Base
http://support.microsoft.com/kb/2834052
http://support.microsoft.com/kb/2756473
http://support.microsoft.com/kb/2870699
http://support.microsoft.com/kb/2876217
http://support.microsoft.com/kb/2864063
http://support.microsoft.com/kb/2845537
http://support.microsoft.com/kb/2858300
http://support.microsoft.com/kb/2848637
http://support.microsoft.com/kb/2878687
http://support.microsoft.com/kb/2876315
http://support.microsoft.com/kb/2872339
http://support.microsoft.com/kb/2825621
http://support.microsoft.com/kb/2853587

Microsoft Update
http://windowsupdate.microsoft.com
https://www.update.microsoft.com/
http://support.microsoft.com/kb/294871

ISC SANS
http://isc.sans.edu/diary.html?storyid=16538

Mitre CVE
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0081
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0810
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1315
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1330
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1341
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1342
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1343
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1344
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3137
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3155
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3156
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3157
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3158
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3159
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3160
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3179
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3180
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3201
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3202
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3203
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3204
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3205
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3206
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3207
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3208
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3209
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3845
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3847
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3848
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3849
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3850
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3851
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3852
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3853
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3854
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3855
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3856
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3857
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3858
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3859
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3862
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3863
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3864
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3865
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3866
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3868
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3870

 

 

Categories : Exploits,Sicurezza Tags : , , , , , , , , , , , , , , , , , ,

Vulnerabilita’ in Microsoft Windows Shell (2286198)

Inserito da 3 Agosto, 2010 (0) Commenti

Si tratta di :Exploits

: Descrizione del problema

Microsoft ha rilasciato un aggiornamento per risolvere
una vulnerabilita’ presente nelle funzionalita’
Windows Shell.

La vulnerabilita’ potrebbe consentire l’esecuzione di codice
arbitrario da remoto, se l’utente visualizza una icona di un
collegamento malevolo appositamente predisposto.

Un attaccante che riesta a sfruttare questa vulnerabilita’ puo’
ottenere gli stessi privilegi dell’utente locale. Se gli utenti sono
configurati per avere non tutti i privilegi sul sistema, la
vulnerabilita’ puo’ avere minor impatto che se l’utente operasse con i
privilegi di amministratore.

:: Software interessato

Windows XP SP3
Windows XP Pro x64 Edition SP2
Windows Server 2003 SP2
Windows Server 2003 x64 Edition SP2
Windows Server 2003 con SP2 per sistemi Itanium
Windows Vista SP1
Windows Vista SP2
Windows Vista x64 SP1
Windows Vista x64 SP2
Windows Server 2008 32bit
Windows Server 2008 32bit SP2
Windows Server 2008 x64
Windows Server 2008 x64 SP2
Windows Server 2008 per Itanium
Windows Server 2008 per Itanium SP2
Windows 7 32bit
Windows 7 x64
Windows Server 2008 R2 x64
Windows Server 2008 R2 per Itanium

:: Impatto

Esecuzione remota di codice arbitrario
Conquista del controllo sul sistema
Denial of service

:: Soluzioni

Installare manualmente la patch elencata nel bollettino Microsoft,
oppure utilizzare uno degli strumenti di aggiornamento come:
Aggiornamenti Automatici, Windows Update, Microsoft Update,
Windows Server Update Services, Systems Management Server.

:: Riferimenti

Microsoft Security Bulletin
http://www.microsoft.com/technet/security/bulletin/ms10-046.mspx

Microsoft Knowledge Base
http://support.microsoft.com/kb/2286198

Mitre’s CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2568

Categories : Exploits Tags : , , , , , , , , , , , , , , , ,