Alert GCSA-15019 - Bollettino di Sicurezza Microsoft Aprile 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-15019
Data: 16 Aprile 2015
Titolo: Bollettino di Sicurezza Microsoft Aprile 2015
******************************************************************
:: Descrizione del problema
Microsoft ha rilasciato 11 bollettini di sicurezza relativi a
vulnerabilita' presenti nei sistemi operativi Windows e in altre
applicazioni:
MS15-032 - Cumulative Security Update for Internet Explorer (3038314)
MS15-033 - Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3048019)
MS15-034 - Vulnerability in HTTP.sys Could Allow Remote Code Execution (3042553)
MS15-035 - Vulnerability in Microsoft Graphics Component Could Allow Remote Code Execution (3046306)
MS15-036 - Vulnerabilities in Microsoft SharePoint Server Could Allow Elevation of Privilege (3052044)
MS15-037 - Vulnerability in Windows Task Scheduler Could Allow Elevation of Privilege (3046269)
MS15-038 - Vulnerabilities in Microsoft Windows Could Allow Elevation of Privilege (3049576)
MS15-039 - Vulnerability in XML Core Services Could Allow Security Feature Bypass (3046482)
MS15-040 - Vulnerability in Active Directory Federation Services Could Allow Information Disclosure (3045711)
MS15-041 - Vulnerability in .NET Framework Could Allow Information Disclosure (3048010)
MS15-042 - Vulnerability in Windows Hyper-V Could Allow Denial of Service (3047234)
E' inoltre stato rilasciato un nuovo Avviso di Sicurezza:
Update to Improve PKU2U Authentication (3045755)
e la revisione di un precedente Avviso di Sicurezza:
Vulnerability in SSL 3.0 Could Allow Information Disclosure (3009008)
Maggiori dettagli sono disponibili nella segnalazioni ufficiali alla
sezione "Riferimenti".
:: Software interessato
Sistemi operativi:
Windows Server 2003
Windows Vista
Windows Server 2008
Windows Server 2008 R2
Windows 7
Windows 8 and Windows 8.1
Windows Server 2012 and Windows Server 2012 R2
Windows RT and Windows RT 8.1
Microsoft Server Software:
Microsoft SharePoint Server 2013
Microsoft Office Suite:
Microsoft Office 2007
Microsoft Office 2010
Microsoft Office 2013 and Microsoft Office 2013 RT
Microsoft Office for Mac
Other Office Software
Microsoft Office Services e Web Apps:
Microsoft SharePoint Server 2010
Microsoft Office Web Apps 2010
Microsoft Office Web Apps 2013
:: Impatto
Esecuzione di codice in modalita' remota
Esposizione di informazioni di autenticazione e di sistema
Escalation di privilegi
Security bypass
Denial of service
:: Soluzioni
Installare manualmente le patch indicate nei bollettini Microsoft,
oppure utilizzare uno degli strumenti di aggiornamento come:
Aggiornamenti Automatici, Windows Update, Microsoft Update,
Windows Server Update Services, Systems Management Server.
:: Riferimenti
Riepilogo dei bollettini Microsoft sulla sicurezza, Aprile 2015
https://technet.microsoft.com/library/security/ms15-apr
MSRC April 2015 Updates
http://blogs.technet.com/b/msrc/archive/2015/04/14/april-2015-updates.aspx
Bollettini Microsoft sulla sicurezza
https://technet.microsoft.com/it-it/library/security/MS15-032
https://technet.microsoft.com/it-it/library/security/MS15-033
https://technet.microsoft.com/it-it/library/security/MS15-034
https://technet.microsoft.com/it-it/library/security/MS15-035
https://technet.microsoft.com/it-it/library/security/MS15-036
https://technet.microsoft.com/it-it/library/security/MS15-037
https://technet.microsoft.com/it-it/library/security/MS15-038
https://technet.microsoft.com/it-it/library/security/MS15-039
https://technet.microsoft.com/it-it/library/security/MS15-040
https://technet.microsoft.com/it-it/library/security/MS15-041
https://technet.microsoft.com/it-it/library/security/MS15-042
Microsoft Update
http://windowsupdate.microsoft.com
https://www.update.microsoft.com/
http://support.microsoft.com/kb/294871
Security Tracker
http://securitytracker.com/id/1032117
http://securitytracker.com/id/1032116
http://securitytracker.com/id/1032115
http://securitytracker.com/id/1032114
http://securitytracker.com/id/1032113
http://securitytracker.com/id/1032112
http://securitytracker.com/id/1032111
http://securitytracker.com/id/1032110
http://securitytracker.com/id/1032109
http://securitytracker.com/id/1032108
http://securitytracker.com/id/1032104
ISC SANS Diary
https://isc.sans.edu/diary.html?storyid=19577
https://isc.sans.edu/diary.html?storyid=19583
Mitre CVE
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1652
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1657
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1659
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1660
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1661
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1662
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1665
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1666
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1667
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1668
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1639
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1641
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1649
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1650
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1651
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1635
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1645
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1640
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1653
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0098
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1643
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1644
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1646
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1638
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1648
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1647
GARR CERT Newsletter subscribe/unsubscribe:
http://testcert.dir.garr.it/index.php/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAlUv3asACgkQwZxMk2USYELn6ACg0FbDDBCNPa2nwmcQuG5IutWb
cdwAn3DrzdNCkNOr73fc5iJm2Q8EbHU1
=WmvZ
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-15019
Data: 16 Aprile 2015
Titolo: Bollettino di Sicurezza Microsoft Aprile 2015
******************************************************************
:: Descrizione del problema
Microsoft ha rilasciato 11 bollettini di sicurezza relativi a
vulnerabilita' presenti nei sistemi operativi Windows e in altre
applicazioni:
MS15-032 - Cumulative Security Update for Internet Explorer (3038314)
MS15-033 - Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3048019)
MS15-034 - Vulnerability in HTTP.sys Could Allow Remote Code Execution (3042553)
MS15-035 - Vulnerability in Microsoft Graphics Component Could Allow Remote Code Execution (3046306)
MS15-036 - Vulnerabilities in Microsoft SharePoint Server Could Allow Elevation of Privilege (3052044)
MS15-037 - Vulnerability in Windows Task Scheduler Could Allow Elevation of Privilege (3046269)
MS15-038 - Vulnerabilities in Microsoft Windows Could Allow Elevation of Privilege (3049576)
MS15-039 - Vulnerability in XML Core Services Could Allow Security Feature Bypass (3046482)
MS15-040 - Vulnerability in Active Directory Federation Services Could Allow Information Disclosure (3045711)
MS15-041 - Vulnerability in .NET Framework Could Allow Information Disclosure (3048010)
MS15-042 - Vulnerability in Windows Hyper-V Could Allow Denial of Service (3047234)
E' inoltre stato rilasciato un nuovo Avviso di Sicurezza:
Update to Improve PKU2U Authentication (3045755)
e la revisione di un precedente Avviso di Sicurezza:
Vulnerability in SSL 3.0 Could Allow Information Disclosure (3009008)
Maggiori dettagli sono disponibili nella segnalazioni ufficiali alla
sezione "Riferimenti".
:: Software interessato
Sistemi operativi:
Windows Server 2003
Windows Vista
Windows Server 2008
Windows Server 2008 R2
Windows 7
Windows 8 and Windows 8.1
Windows Server 2012 and Windows Server 2012 R2
Windows RT and Windows RT 8.1
Microsoft Server Software:
Microsoft SharePoint Server 2013
Microsoft Office Suite:
Microsoft Office 2007
Microsoft Office 2010
Microsoft Office 2013 and Microsoft Office 2013 RT
Microsoft Office for Mac
Other Office Software
Microsoft Office Services e Web Apps:
Microsoft SharePoint Server 2010
Microsoft Office Web Apps 2010
Microsoft Office Web Apps 2013
:: Impatto
Esecuzione di codice in modalita' remota
Esposizione di informazioni di autenticazione e di sistema
Escalation di privilegi
Security bypass
Denial of service
:: Soluzioni
Installare manualmente le patch indicate nei bollettini Microsoft,
oppure utilizzare uno degli strumenti di aggiornamento come:
Aggiornamenti Automatici, Windows Update, Microsoft Update,
Windows Server Update Services, Systems Management Server.
:: Riferimenti
Riepilogo dei bollettini Microsoft sulla sicurezza, Aprile 2015
https://technet.microsoft.com/library/security/ms15-apr
MSRC April 2015 Updates
http://blogs.technet.com/b/msrc/archive/2015/04/14/april-2015-updates.aspx
Bollettini Microsoft sulla sicurezza
https://technet.microsoft.com/it-it/library/security/MS15-032
https://technet.microsoft.com/it-it/library/security/MS15-033
https://technet.microsoft.com/it-it/library/security/MS15-034
https://technet.microsoft.com/it-it/library/security/MS15-035
https://technet.microsoft.com/it-it/library/security/MS15-036
https://technet.microsoft.com/it-it/library/security/MS15-037
https://technet.microsoft.com/it-it/library/security/MS15-038
https://technet.microsoft.com/it-it/library/security/MS15-039
https://technet.microsoft.com/it-it/library/security/MS15-040
https://technet.microsoft.com/it-it/library/security/MS15-041
https://technet.microsoft.com/it-it/library/security/MS15-042
Microsoft Update
http://windowsupdate.microsoft.com
https://www.update.microsoft.com/
http://support.microsoft.com/kb/294871
Security Tracker
http://securitytracker.com/id/1032117
http://securitytracker.com/id/1032116
http://securitytracker.com/id/1032115
http://securitytracker.com/id/1032114
http://securitytracker.com/id/1032113
http://securitytracker.com/id/1032112
http://securitytracker.com/id/1032111
http://securitytracker.com/id/1032110
http://securitytracker.com/id/1032109
http://securitytracker.com/id/1032108
http://securitytracker.com/id/1032104
ISC SANS Diary
https://isc.sans.edu/diary.html?storyid=19577
https://isc.sans.edu/diary.html?storyid=19583
Mitre CVE
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1652
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1657
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1659
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1660
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1661
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1662
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1665
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1666
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1667
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1668
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1639
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1641
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1649
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1650
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1651
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1635
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1645
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1640
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1653
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0098
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1643
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1644
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1646
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1638
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1648
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1647
GARR CERT Newsletter subscribe/unsubscribe:
http://testcert.dir.garr.it/index.php/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAlUv3asACgkQwZxMk2USYELn6ACg0FbDDBCNPa2nwmcQuG5IutWb
cdwAn3DrzdNCkNOr73fc5iJm2Q8EbHU1
=WmvZ
-----END PGP SIGNATURE-----