Alert GCSA-15022 - Bollettino di Sicurezza Microsoft Luglio 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-15022
Data: 15 Luglio 2015
Titolo: Bollettino di Sicurezza Microsoft Luglio 2015
******************************************************************
:: Descrizione del problema
Microsoft ha rilasciato 14 bollettini di sicurezza relativi a
vulnerabilita' presenti nei sistemi operativi Windows e in altre
applicazioni:
MS15-058 - Vulnerabilities in SQL Server Could Allow Remote Code
Execution (3065718)
MS15-065 - Security Update for Internet Explorer (3076321)
MS15-066 - Vulnerability in VBScript Scripting Engine Could Allow Remote
Code Execution (3072604)
MS15-067 - Vulnerability in RDP Could Allow Remote Code Execution (3073094)
MS15-068 - Vulnerabilities in Windows Hyper-V Could Allow Remote Code
Execution (3072000)
MS15-069 - Vulnerabilities in Windows Could Allow Remote Code Execution
(3072631)
MS15-070 - Vulnerabilities in Microsoft Office Could Allow Remote Code
Execution (3072620)
MS15-071 - Vulnerability in Netlogon Could Allow Elevation of Privilege
(3068457)
MS15-072 - Vulnerability in Windows Graphics Component Could Allow
Elevation of Privilege (3069392)
MS15-073 - Vulnerability in Windows Kernel-Mode Driver Could Allow
Elevation of Privilege (3070102)
MS15-074 - Vulnerability in Windows Installer Service Could Allow
Elevation of Privilege (3072630)
MS15-075 - Vulnerabilities in OLE Could Allow Elevation of Privilege
(3072633)
MS15-076 - Vulnerability in Windows Remote Procedure Call Could Allow
Elevation of Privilege (3067505)
MS15-077 - Vulnerability in ATM Font Driver Could Allow Elevation of
Privilege (3077657)
Maggiori dettagli sono disponibili nella segnalazioni ufficiali alla
sezione "Riferimenti".
:: Software interessato
Sistemi operativi:
Windows Server 2003
Windows Vista
Windows Server 2008
Windows Server 2008 R2
Windows 7
Windows 8 and Windows 8.1
Windows Server 2012 and Windows Server 2012 R2
Windows RT and Windows RT 8.1
Microsoft SQL Server:
Microsoft SQL Server 2008 Service Pack 3 e 4
Microsoft SQL Server 2008 R2 Service Pack 2 e 3
Microsoft SQL Server 2012 Service Pack 1 e 2
Microsoft SQL Server 2014
Microsoft Office Suite:
Microsoft Office 2007
Microsoft Office 2010
Microsoft Office 2013 and Microsoft Office 2013 RT
Microsoft Office for Mac
Other Office Software
Microsoft Office Services e Web Apps:
Microsoft SharePoint Server 2007
Microsoft SharePoint Server 2010
Microsoft SharePoint Server 2013
:: Impatto
Esecuzione di codice in modalita' remota
Escalation di privilegi
:: Soluzioni
Installare manualmente le patch indicate nei bollettini Microsoft,
oppure utilizzare uno degli strumenti di aggiornamento come:
Aggiornamenti Automatici, Windows Update, Microsoft Update,
Windows Server Update Services, Systems Management Server.
:: Riferimenti
Riepilogo dei bollettini Microsoft sulla sicurezza, Aprile 2015
https://technet.microsoft.com/library/security/ms15-jul
Bollettini Microsoft sulla sicurezza
https://technet.microsoft.com/it-it/library/security/MS15-058
https://technet.microsoft.com/it-it/library/security/MS15-065
https://technet.microsoft.com/it-it/library/security/MS15-066
https://technet.microsoft.com/it-it/library/security/MS15-067
https://technet.microsoft.com/it-it/library/security/MS15-068
https://technet.microsoft.com/it-it/library/security/MS15-069
https://technet.microsoft.com/it-it/library/security/MS15-070
https://technet.microsoft.com/it-it/library/security/MS15-071
https://technet.microsoft.com/it-it/library/security/MS15-072
https://technet.microsoft.com/it-it/library/security/MS15-073
https://technet.microsoft.com/it-it/library/security/MS15-074
https://technet.microsoft.com/it-it/library/security/MS15-075
https://technet.microsoft.com/it-it/library/security/MS15-076
https://technet.microsoft.com/it-it/library/security/MS15-077
Microsoft Update
http://windowsupdate.microsoft.com
https://www.update.microsoft.com/
http://support.microsoft.com/kb/294871
Security Tracker
http://www.securitytracker.com/id/1032893
http://www.securitytracker.com/id/1032894
http://www.securitytracker.com/id/1032895
http://www.securitytracker.com/id/1032896
http://www.securitytracker.com/id/1032897
http://www.securitytracker.com/id/1032898
http://www.securitytracker.com/id/1032899
http://www.securitytracker.com/id/1032900
http://www.securitytracker.com/id/1032901
http://www.securitytracker.com/id/1032902
http://www.securitytracker.com/id/1032904
http://www.securitytracker.com/id/1032905
http://www.securitytracker.com/id/1032906
http://www.securitytracker.com/id/1032907
http://www.securitytracker.com/id/1032908
ISC SANS Diary
https://isc.sans.edu/forums/diary/July+2015+Microsoft+Patch+Tuesday/19919/
Mitre CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1729
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1733
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1738
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1761
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1762
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1763
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1767
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2361
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2362
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2363
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2364
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2365
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2366
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2367
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2368
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2369
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2370
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2371
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2372
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2373
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2374
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2375
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2376
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2377
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2378
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2379
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2380
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2381
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2382
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2383
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2384
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2385
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2387
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2388
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2390
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2391
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2397
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2398
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2401
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2402
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2403
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2404
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2406
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2408
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2410
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2411
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2412
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2413
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2414
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2415
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2416
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2417
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2418
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2419
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2421
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2422
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2424
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2425
GARR CERT Newsletter subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAlWnUBkACgkQwZxMk2USYEK4OACgiAqPodcMiidDSSxj0QEK/IJx
rycAn3LCpHk9pyA/N2amv/XFfxPgbeyv
=0/J8
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-15022
Data: 15 Luglio 2015
Titolo: Bollettino di Sicurezza Microsoft Luglio 2015
******************************************************************
:: Descrizione del problema
Microsoft ha rilasciato 14 bollettini di sicurezza relativi a
vulnerabilita' presenti nei sistemi operativi Windows e in altre
applicazioni:
MS15-058 - Vulnerabilities in SQL Server Could Allow Remote Code
Execution (3065718)
MS15-065 - Security Update for Internet Explorer (3076321)
MS15-066 - Vulnerability in VBScript Scripting Engine Could Allow Remote
Code Execution (3072604)
MS15-067 - Vulnerability in RDP Could Allow Remote Code Execution (3073094)
MS15-068 - Vulnerabilities in Windows Hyper-V Could Allow Remote Code
Execution (3072000)
MS15-069 - Vulnerabilities in Windows Could Allow Remote Code Execution
(3072631)
MS15-070 - Vulnerabilities in Microsoft Office Could Allow Remote Code
Execution (3072620)
MS15-071 - Vulnerability in Netlogon Could Allow Elevation of Privilege
(3068457)
MS15-072 - Vulnerability in Windows Graphics Component Could Allow
Elevation of Privilege (3069392)
MS15-073 - Vulnerability in Windows Kernel-Mode Driver Could Allow
Elevation of Privilege (3070102)
MS15-074 - Vulnerability in Windows Installer Service Could Allow
Elevation of Privilege (3072630)
MS15-075 - Vulnerabilities in OLE Could Allow Elevation of Privilege
(3072633)
MS15-076 - Vulnerability in Windows Remote Procedure Call Could Allow
Elevation of Privilege (3067505)
MS15-077 - Vulnerability in ATM Font Driver Could Allow Elevation of
Privilege (3077657)
Maggiori dettagli sono disponibili nella segnalazioni ufficiali alla
sezione "Riferimenti".
:: Software interessato
Sistemi operativi:
Windows Server 2003
Windows Vista
Windows Server 2008
Windows Server 2008 R2
Windows 7
Windows 8 and Windows 8.1
Windows Server 2012 and Windows Server 2012 R2
Windows RT and Windows RT 8.1
Microsoft SQL Server:
Microsoft SQL Server 2008 Service Pack 3 e 4
Microsoft SQL Server 2008 R2 Service Pack 2 e 3
Microsoft SQL Server 2012 Service Pack 1 e 2
Microsoft SQL Server 2014
Microsoft Office Suite:
Microsoft Office 2007
Microsoft Office 2010
Microsoft Office 2013 and Microsoft Office 2013 RT
Microsoft Office for Mac
Other Office Software
Microsoft Office Services e Web Apps:
Microsoft SharePoint Server 2007
Microsoft SharePoint Server 2010
Microsoft SharePoint Server 2013
:: Impatto
Esecuzione di codice in modalita' remota
Escalation di privilegi
:: Soluzioni
Installare manualmente le patch indicate nei bollettini Microsoft,
oppure utilizzare uno degli strumenti di aggiornamento come:
Aggiornamenti Automatici, Windows Update, Microsoft Update,
Windows Server Update Services, Systems Management Server.
:: Riferimenti
Riepilogo dei bollettini Microsoft sulla sicurezza, Aprile 2015
https://technet.microsoft.com/library/security/ms15-jul
Bollettini Microsoft sulla sicurezza
https://technet.microsoft.com/it-it/library/security/MS15-058
https://technet.microsoft.com/it-it/library/security/MS15-065
https://technet.microsoft.com/it-it/library/security/MS15-066
https://technet.microsoft.com/it-it/library/security/MS15-067
https://technet.microsoft.com/it-it/library/security/MS15-068
https://technet.microsoft.com/it-it/library/security/MS15-069
https://technet.microsoft.com/it-it/library/security/MS15-070
https://technet.microsoft.com/it-it/library/security/MS15-071
https://technet.microsoft.com/it-it/library/security/MS15-072
https://technet.microsoft.com/it-it/library/security/MS15-073
https://technet.microsoft.com/it-it/library/security/MS15-074
https://technet.microsoft.com/it-it/library/security/MS15-075
https://technet.microsoft.com/it-it/library/security/MS15-076
https://technet.microsoft.com/it-it/library/security/MS15-077
Microsoft Update
http://windowsupdate.microsoft.com
https://www.update.microsoft.com/
http://support.microsoft.com/kb/294871
Security Tracker
http://www.securitytracker.com/id/1032893
http://www.securitytracker.com/id/1032894
http://www.securitytracker.com/id/1032895
http://www.securitytracker.com/id/1032896
http://www.securitytracker.com/id/1032897
http://www.securitytracker.com/id/1032898
http://www.securitytracker.com/id/1032899
http://www.securitytracker.com/id/1032900
http://www.securitytracker.com/id/1032901
http://www.securitytracker.com/id/1032902
http://www.securitytracker.com/id/1032904
http://www.securitytracker.com/id/1032905
http://www.securitytracker.com/id/1032906
http://www.securitytracker.com/id/1032907
http://www.securitytracker.com/id/1032908
ISC SANS Diary
https://isc.sans.edu/forums/diary/July+2015+Microsoft+Patch+Tuesday/19919/
Mitre CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1729
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1733
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1738
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1761
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1762
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1763
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1767
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2361
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2362
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2363
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2364
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2365
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2366
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2367
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2368
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2369
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2370
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2371
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2372
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2373
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2374
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2375
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2376
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2377
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2378
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2379
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2380
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2381
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2382
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2383
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2384
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2385
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2387
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2388
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2390
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2391
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2397
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2398
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2401
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2402
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2403
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2404
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2406
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2408
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2410
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2411
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2412
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2413
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2414
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2415
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2416
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2417
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2418
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2419
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2421
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2422
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2424
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2425
GARR CERT Newsletter subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAlWnUBkACgkQwZxMk2USYEK4OACgiAqPodcMiidDSSxj0QEK/IJx
rycAn3LCpHk9pyA/N2amv/XFfxPgbeyv
=0/J8
-----END PGP SIGNATURE-----