Alert GCSA-13050 - Bollettino di Sicurezza Microsoft Novembre 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-13050
Data : 13 Novembre 2013
Titolo : Bollettino di Sicurezza Microsoft Novembre 2013
******************************************************************
:: Descrizione del problema
Microsoft ha rilasciato 8 bollettini di sicurezza relativi
a vulnerabilita' presenti nei sistemi operativi Windows
e in altre applicazioni:
MS13-088 Aggiornamento cumulativo per la protezione di Internet Explorer (2888505)
MS13-089 Vulnerabilita' nell'interfaccia GDI (Graphics Device Interface) di Windows (2876331)
MS13-090 Aggiornamento cumulativo per la protezione dei kill bit ActiveX (2900986)
MS13-091 Vulnerabilita' in Microsoft Office (2885093)
MS13-092 Vulnerabilita' in Hyper-V (2893986)
MS13-093 Vulnerabilita' nel driver di funzioni ausiliario di Windows (2875783)
MS13-094 Vulnerabilita' in Microsoft Outlook (2894514)
MS13-095 Vulnerabilita' legata alle firme digitali (2868626)
Maggiori dettagli sono disponibili nella segnalazioni ufficiali
alla sezione "Riferimenti".
:: Software interessato
Microsoft Windows (GDI+, ActiveX, HyperV)
Microsoft Internet Explorer
Microsoft Office (Word)
Microsoft Outlook
:: Impatto
Esecuzione di codice in modalita' remota
Acquisizione di privilegi piu' elevati
Intercettazione di informazioni personali
Attacchi di tipo Denial of Service
:: Soluzioni
Installare manualmente le patch indicate nei bollettini Microsoft,
oppure utilizzare uno degli strumenti di aggiornamento come:
Aggiornamenti Automatici, Windows Update, Microsoft Update,
Windows Server Update Services, Systems Management Server.
:: Riferimenti
Riepilogo dei bollettini Microsoft sulla sicurezza - Novembre 2013
http://technet.microsoft.com/it-it/security/bulletin/ms13-nov
Bollettini Microsoft sulla sicurezza
http://technet.microsoft.com/it-it/security/bulletin/MS13-088
http://technet.microsoft.com/it-it/security/bulletin/MS13-089
http://technet.microsoft.com/it-it/security/bulletin/MS13-090
http://technet.microsoft.com/it-it/security/bulletin/MS13-091
http://technet.microsoft.com/it-it/security/bulletin/MS13-092
http://technet.microsoft.com/it-it/security/bulletin/MS13-093
http://technet.microsoft.com/it-it/security/bulletin/MS13-094
http://technet.microsoft.com/it-it/security/bulletin/MS13-095
Microsoft Knowledge Base
http://support.microsoft.com/kb/2888505
http://support.microsoft.com/kb/2876331
http://support.microsoft.com/kb/2900986
http://support.microsoft.com/kb/2885093
http://support.microsoft.com/kb/2893986
http://support.microsoft.com/kb/2875783
http://support.microsoft.com/kb/2894514
http://support.microsoft.com/kb/2868626
Microsoft Security Response Center
http://blogs.technet.com/b/msrc/archive/2013/11/11/activex-control-issue-being-addressed-in-update-tuesday.aspx
Microsoft Update
http://windowsupdate.microsoft.com
https://www.update.microsoft.com/
http://support.microsoft.com/kb/294871
Mitre CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3891
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3908
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3909
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3910
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3911
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3912
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3914
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3915
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3916
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3917
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3940
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3918
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0082
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1324
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1325
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3898
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3887
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3905
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3869
SANS ISC Diary
http://isc.sans.edu/diary.html?storyid=17003
http://isc.sans.edu/diary.html?storyid=16985
GARR CERT Newsletter subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iD8DBQFSg5UAwZxMk2USYEIRAuPJAJ4++B9X7z9DHFLvjnSEzMP5yLEn4wCfZ0dv
jP+dH4bKM3pYf54+DXLsqy0=
=7stn
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-13050
Data : 13 Novembre 2013
Titolo : Bollettino di Sicurezza Microsoft Novembre 2013
******************************************************************
:: Descrizione del problema
Microsoft ha rilasciato 8 bollettini di sicurezza relativi
a vulnerabilita' presenti nei sistemi operativi Windows
e in altre applicazioni:
MS13-088 Aggiornamento cumulativo per la protezione di Internet Explorer (2888505)
MS13-089 Vulnerabilita' nell'interfaccia GDI (Graphics Device Interface) di Windows (2876331)
MS13-090 Aggiornamento cumulativo per la protezione dei kill bit ActiveX (2900986)
MS13-091 Vulnerabilita' in Microsoft Office (2885093)
MS13-092 Vulnerabilita' in Hyper-V (2893986)
MS13-093 Vulnerabilita' nel driver di funzioni ausiliario di Windows (2875783)
MS13-094 Vulnerabilita' in Microsoft Outlook (2894514)
MS13-095 Vulnerabilita' legata alle firme digitali (2868626)
Maggiori dettagli sono disponibili nella segnalazioni ufficiali
alla sezione "Riferimenti".
:: Software interessato
Microsoft Windows (GDI+, ActiveX, HyperV)
Microsoft Internet Explorer
Microsoft Office (Word)
Microsoft Outlook
:: Impatto
Esecuzione di codice in modalita' remota
Acquisizione di privilegi piu' elevati
Intercettazione di informazioni personali
Attacchi di tipo Denial of Service
:: Soluzioni
Installare manualmente le patch indicate nei bollettini Microsoft,
oppure utilizzare uno degli strumenti di aggiornamento come:
Aggiornamenti Automatici, Windows Update, Microsoft Update,
Windows Server Update Services, Systems Management Server.
:: Riferimenti
Riepilogo dei bollettini Microsoft sulla sicurezza - Novembre 2013
http://technet.microsoft.com/it-it/security/bulletin/ms13-nov
Bollettini Microsoft sulla sicurezza
http://technet.microsoft.com/it-it/security/bulletin/MS13-088
http://technet.microsoft.com/it-it/security/bulletin/MS13-089
http://technet.microsoft.com/it-it/security/bulletin/MS13-090
http://technet.microsoft.com/it-it/security/bulletin/MS13-091
http://technet.microsoft.com/it-it/security/bulletin/MS13-092
http://technet.microsoft.com/it-it/security/bulletin/MS13-093
http://technet.microsoft.com/it-it/security/bulletin/MS13-094
http://technet.microsoft.com/it-it/security/bulletin/MS13-095
Microsoft Knowledge Base
http://support.microsoft.com/kb/2888505
http://support.microsoft.com/kb/2876331
http://support.microsoft.com/kb/2900986
http://support.microsoft.com/kb/2885093
http://support.microsoft.com/kb/2893986
http://support.microsoft.com/kb/2875783
http://support.microsoft.com/kb/2894514
http://support.microsoft.com/kb/2868626
Microsoft Security Response Center
http://blogs.technet.com/b/msrc/archive/2013/11/11/activex-control-issue-being-addressed-in-update-tuesday.aspx
Microsoft Update
http://windowsupdate.microsoft.com
https://www.update.microsoft.com/
http://support.microsoft.com/kb/294871
Mitre CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3891
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3908
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3909
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3910
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3911
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3912
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3914
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3915
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3916
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3917
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3940
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3918
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0082
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1324
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1325
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3898
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3887
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3905
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3869
SANS ISC Diary
http://isc.sans.edu/diary.html?storyid=17003
http://isc.sans.edu/diary.html?storyid=16985
GARR CERT Newsletter subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iD8DBQFSg5UAwZxMk2USYEIRAuPJAJ4++B9X7z9DHFLvjnSEzMP5yLEn4wCfZ0dv
jP+dH4bKM3pYf54+DXLsqy0=
=7stn
-----END PGP SIGNATURE-----