Alert GCSA-14040 - Bollettino di Sicurezza Microsoft Novembre2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-14040
Data: 12 Novembre 2014
Titolo: Bollettino di Sicurezza Microsoft Novembre 2014
******************************************************************
:: Descrizione del problema
Microsoft ha rilasciato 8 bollettini di sicurezza relativi
a vulnerabilita' presenti nei sistemi operativi Windows
e in altre applicazioni:
MS14-064 Vulnerabilita' in Windows OLE (3011443)
MS14-065 Aggiornamento cumulativo per Internet Explorer (3003057)
MS14-066 Vulnerabilita' in Schannel (2992611)
MS14-067 Vulnerabilita' in XML Core Services (2993958)
MS14-069 Vulnerabilita' in Microsoft Office (3009710)
MS14-070 Vulnerabilita' in TCP/IP (2989935)
MS14-071 Vulnerabilita' in Windows Audio Service (3005607)
MS14-072 Vulnerabilita' in .NET Framework (3005210)
MS14-073 Vulnerabilita' in Microsoft SharePoint Foundation (3000431)
MS14-074 Vulnerabilita' in Remote Desktop Protocol (3003743)
MS14-076 Vulnerabilita' in Internet Information Services (IIS) (2982998)
MS14-077 Vulnerabilita' in Active Directory Federation Services (3003381)
MS14-078 Vulnerabilita' in IME (Japanese) (2992719)
MS14-079 Vulnerabilita' in Kernel Mode Driver (3002885)
Maggiori dettagli sono disponibili nella segnalazioni ufficiali
alla sezione "Riferimenti".
:: Software interessato
Internet Explorer
Microsoft Windows
Microsoft .NET Framework
Strumenti per gli sviluppatori Microsoft
Microsoft Office
Microsoft Office Services
Microsoft Office Web Apps
Microsoft Word Viewer
Microsoft SharePoint Server 2010
:: Impatto
Security Bypass
Information Disclosure
Esecuzione di codice in modalita' remota
Acquisizione di privilegi piu' elevati
Denial of Service
:: Soluzioni
Installare manualmente le patch indicate nei bollettini Microsoft,
oppure utilizzare uno degli strumenti di aggiornamento come:
Aggiornamenti Automatici, Windows Update, Microsoft Update,
Windows Server Update Services, Systems Management Server.
:: Riferimenti
Riepilogo dei bollettini Microsoft sulla sicurezza, novembre2014
https://technet.microsoft.com/it-it/library/security/ms14-nov
MSRC November 2014 Updates
http://blogs.technet.com/b/msrc/archive/2014/11/14/november-2014-updates.aspx
Bollettini Microsoft sulla sicurezza
https://technet.microsoft.com/it-it/library/security/ms14-064
https://technet.microsoft.com/it-it/library/security/MS14-065
https://technet.microsoft.com/it-it/library/security/MS14-066
https://technet.microsoft.com/it-it/library/security/MS14-067
https://technet.microsoft.com/it-it/library/security/MS14-069
https://technet.microsoft.com/it-it/library/security/MS14-070
https://technet.microsoft.com/it-it/library/security/MS14-071
https://technet.microsoft.com/it-it/library/security/MS14-072
https://technet.microsoft.com/it-it/library/security/MS14-073
https://technet.microsoft.com/it-it/library/security/MS14-074
https://technet.microsoft.com/it-it/library/security/MS14-076
https://technet.microsoft.com/it-it/library/security/MS14-077
https://technet.microsoft.com/it-it/library/security/MS14-078
https://technet.microsoft.com/it-it/library/security/MS14-079
Microsoft Update
http://windowsupdate.microsoft.com
https://www.update.microsoft.com/
http://support.microsoft.com/kb/294871
Mitre CVE
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6332
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4076
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4077
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4078
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4116
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4118
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4143
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4149
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6317
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6318
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6321
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6322
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6323
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6331
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6333
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6334
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6335
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6337
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6339
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6340
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6341
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6342
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6343
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6344
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6345
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6346
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6347
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6348
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6349
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6350
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6351
SANS ISC Diary
https://isc.sans.edu/diary/Microsoft+November+2014+Patch+Tuesday/18941
GARR CERT Newsletter subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAlRjUI0ACgkQwZxMk2USYELiHACcCU2v3njuaGDqRskAWmPYkuK+
RSAAoKzxQi6qlP1PPTdxTnHwtzdrR2XB
=Br6D
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-14040
Data: 12 Novembre 2014
Titolo: Bollettino di Sicurezza Microsoft Novembre 2014
******************************************************************
:: Descrizione del problema
Microsoft ha rilasciato 8 bollettini di sicurezza relativi
a vulnerabilita' presenti nei sistemi operativi Windows
e in altre applicazioni:
MS14-064 Vulnerabilita' in Windows OLE (3011443)
MS14-065 Aggiornamento cumulativo per Internet Explorer (3003057)
MS14-066 Vulnerabilita' in Schannel (2992611)
MS14-067 Vulnerabilita' in XML Core Services (2993958)
MS14-069 Vulnerabilita' in Microsoft Office (3009710)
MS14-070 Vulnerabilita' in TCP/IP (2989935)
MS14-071 Vulnerabilita' in Windows Audio Service (3005607)
MS14-072 Vulnerabilita' in .NET Framework (3005210)
MS14-073 Vulnerabilita' in Microsoft SharePoint Foundation (3000431)
MS14-074 Vulnerabilita' in Remote Desktop Protocol (3003743)
MS14-076 Vulnerabilita' in Internet Information Services (IIS) (2982998)
MS14-077 Vulnerabilita' in Active Directory Federation Services (3003381)
MS14-078 Vulnerabilita' in IME (Japanese) (2992719)
MS14-079 Vulnerabilita' in Kernel Mode Driver (3002885)
Maggiori dettagli sono disponibili nella segnalazioni ufficiali
alla sezione "Riferimenti".
:: Software interessato
Internet Explorer
Microsoft Windows
Microsoft .NET Framework
Strumenti per gli sviluppatori Microsoft
Microsoft Office
Microsoft Office Services
Microsoft Office Web Apps
Microsoft Word Viewer
Microsoft SharePoint Server 2010
:: Impatto
Security Bypass
Information Disclosure
Esecuzione di codice in modalita' remota
Acquisizione di privilegi piu' elevati
Denial of Service
:: Soluzioni
Installare manualmente le patch indicate nei bollettini Microsoft,
oppure utilizzare uno degli strumenti di aggiornamento come:
Aggiornamenti Automatici, Windows Update, Microsoft Update,
Windows Server Update Services, Systems Management Server.
:: Riferimenti
Riepilogo dei bollettini Microsoft sulla sicurezza, novembre2014
https://technet.microsoft.com/it-it/library/security/ms14-nov
MSRC November 2014 Updates
http://blogs.technet.com/b/msrc/archive/2014/11/14/november-2014-updates.aspx
Bollettini Microsoft sulla sicurezza
https://technet.microsoft.com/it-it/library/security/ms14-064
https://technet.microsoft.com/it-it/library/security/MS14-065
https://technet.microsoft.com/it-it/library/security/MS14-066
https://technet.microsoft.com/it-it/library/security/MS14-067
https://technet.microsoft.com/it-it/library/security/MS14-069
https://technet.microsoft.com/it-it/library/security/MS14-070
https://technet.microsoft.com/it-it/library/security/MS14-071
https://technet.microsoft.com/it-it/library/security/MS14-072
https://technet.microsoft.com/it-it/library/security/MS14-073
https://technet.microsoft.com/it-it/library/security/MS14-074
https://technet.microsoft.com/it-it/library/security/MS14-076
https://technet.microsoft.com/it-it/library/security/MS14-077
https://technet.microsoft.com/it-it/library/security/MS14-078
https://technet.microsoft.com/it-it/library/security/MS14-079
Microsoft Update
http://windowsupdate.microsoft.com
https://www.update.microsoft.com/
http://support.microsoft.com/kb/294871
Mitre CVE
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6332
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4076
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4077
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4078
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4116
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4118
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4143
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4149
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6317
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6318
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6321
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6322
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6323
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6331
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6333
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6334
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6335
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6337
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6339
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6340
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6341
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6342
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6343
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6344
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6345
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6346
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6347
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6348
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6349
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6350
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6351
SANS ISC Diary
https://isc.sans.edu/diary/Microsoft+November+2014+Patch+Tuesday/18941
GARR CERT Newsletter subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAlRjUI0ACgkQwZxMk2USYELiHACcCU2v3njuaGDqRskAWmPYkuK+
RSAAoKzxQi6qlP1PPTdxTnHwtzdrR2XB
=Br6D
-----END PGP SIGNATURE-----