Alert GCSA-15031 - Bollettino di Sicurezza Microsoft Agosto 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-15031
Data: 13 Agosto 2015
Titolo: Bollettino di Sicurezza Microsoft Agosto 2015
******************************************************************
:: Descrizione del problema
Microsoft ha rilasciato 14 bollettini di sicurezza relativi a
vulnerabilita' presenti nei sistemi operativi Windows e in altre
applicazioni:
MS15-079 - Cumulative Security Update for Internet Explorer (3082442)
MS15-080 - Vulnerabilities in Microsoft Graphics Component Could Allow
Remote Code Execution (3078662)
MS15-081 - Vulnerabilities in Microsoft Office Could Allow Remote Code
Execution (3080790)
MS15-082 - Vulnerabilities in RDP Could Allow Remote Code Execution
(3080348)
MS15-083 - Vulnerability in Server Message Block Could Allow Remote Code
Execution (3073921)
MS15-084 - Vulnerabilities in XML Core Services Could Allow Information
Disclosure (3080129)
MS15-085 - Vulnerability in Mount Manager Could Allow Elevation of
Privilege (3082487)
MS15-086 - Vulnerability in System Center Operations Manager Could Allow
Elevation of Privilege (3075158)
MS15-087 - Vulnerability in UDDI Services Could Allow Elevation of
Privilege (3082459)
MS15-088 - Unsafe Command Line Parameter Passing Could Allow Information
Disclosure (3082458)
MS15-089 - Vulnerability in WebDAV Could Allow Information Disclosure
(3076949)
MS15-090 - Vulnerabilities in Microsoft Windows Could Allow Elevation of
Privilege (3060716)
MS15-091 - Cumulative Security Update for Microsoft Edge (3084525)
MS15-092 - Vulnerabilities in .NET Framework Could Allow Elevation of
Privilege (3086251)
Maggiori dettagli sono disponibili nella segnalazioni ufficiali alla
sezione "Riferimenti".
:: Software interessato
Sistemi operativi:
Windows Vista
Windows Server 2008
Windows Server 2008 R2
Windows 7
Windows 8 and Windows 8.1
Windows Server 2012
Windows Server 2012 R2
Windows RT and Windows RT 8.1
Windows 10
Microsoft Server Software:
Microsoft System Center 2012 Operations Manager
Microsoft System Center 2012 Operations Manager R2
Microsoft BizTalk Server
Microsoft Office Suite:
Microsoft Office 2007
Microsoft Office 2010
Microsoft Office 2013
Microsoft Office 2013 RT
Microsoft Office for Mac
Other Office Software
Microsoft Office Services e Web Apps:
Microsoft SharePoint Server 2010
Microsoft SharePoint Server 2013
Microsoft Office Web Apps 2010
Microsoft Office Web Apps 2013
Microsoft Communications Platforms and Software:
Microsoft Live Meeting 2007
Microsoft Lync 2010
Microsoft Lync 2013
Microsoft Developer Tools and Software:
Microsoft Silverlight
:: Impatto
Esecuzione di codice in modalita' remota
Escalation di privilegi
Information Disclosure
:: Soluzioni
Installare manualmente le patch indicate nei bollettini Microsoft,
oppure utilizzare uno degli strumenti di aggiornamento come:
Aggiornamenti Automatici, Windows Update, Microsoft Update,
Windows Server Update Services, Systems Management Server.
:: Riferimenti
Riepilogo dei bollettini Microsoft sulla sicurezza, Agosto 2015
https://technet.microsoft.com/library/security/ms15-aug
Bollettini Microsoft sulla sicurezza
https://technet.microsoft.com/it-it/library/security/MS15-079
https://technet.microsoft.com/it-it/library/security/MS15-080
https://technet.microsoft.com/it-it/library/security/MS15-081
https://technet.microsoft.com/it-it/library/security/MS15-082
https://technet.microsoft.com/it-it/library/security/MS15-083
https://technet.microsoft.com/it-it/library/security/MS15-084
https://technet.microsoft.com/it-it/library/security/MS15-085
https://technet.microsoft.com/it-it/library/security/MS15-086
https://technet.microsoft.com/it-it/library/security/MS15-087
https://technet.microsoft.com/it-it/library/security/MS15-088
https://technet.microsoft.com/it-it/library/security/MS15-089
https://technet.microsoft.com/it-it/library/security/MS15-090
https://technet.microsoft.com/it-it/library/security/MS15-091
https://technet.microsoft.com/it-it/library/security/MS15-092
Microsoft Update
http://windowsupdate.microsoft.com
https://www.update.microsoft.com/
http://support.microsoft.com/kb/294871
Security Tracker
http://www.securitytracker.com/id/1033237
http://www.securitytracker.com/id/1033238
http://www.securitytracker.com/id/1033239
http://www.securitytracker.com/id/1033241
http://www.securitytracker.com/id/1033242
http://www.securitytracker.com/id/1033243
http://www.securitytracker.com/id/1033244
http://www.securitytracker.com/id/1033245
http://www.securitytracker.com/id/1033246
http://www.securitytracker.com/id/1033248
http://www.securitytracker.com/id/1033249
http://www.securitytracker.com/id/1033251
ISC SANS Diary
https://isc.sans.edu/forums/diary/August+2015+Microsoft+Patch+Tuesday/20023/
Mitre CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1642
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1769
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2420
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2423
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2428
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2429
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2430
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2431
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2432
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2433
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2434
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2435
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2440
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2441
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2442
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2443
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2444
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2445
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2446
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2447
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2448
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2449
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2450
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2451
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2452
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2453
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2454
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2455
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2456
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2458
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2459
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2460
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2461
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2462
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2463
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2464
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2465
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2466
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2467
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2468
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2469
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2470
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2471
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2472
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2473
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2474
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2475
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2477
GARR CERT Newsletter subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAlXNmKwACgkQwZxMk2USYELKCwCfZa6/QEZKdqIbQG+fDduQb77R
+jIAoL5B9EEgBdo/zkb1l3EysKrPJPi0
=hNa2
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-15031
Data: 13 Agosto 2015
Titolo: Bollettino di Sicurezza Microsoft Agosto 2015
******************************************************************
:: Descrizione del problema
Microsoft ha rilasciato 14 bollettini di sicurezza relativi a
vulnerabilita' presenti nei sistemi operativi Windows e in altre
applicazioni:
MS15-079 - Cumulative Security Update for Internet Explorer (3082442)
MS15-080 - Vulnerabilities in Microsoft Graphics Component Could Allow
Remote Code Execution (3078662)
MS15-081 - Vulnerabilities in Microsoft Office Could Allow Remote Code
Execution (3080790)
MS15-082 - Vulnerabilities in RDP Could Allow Remote Code Execution
(3080348)
MS15-083 - Vulnerability in Server Message Block Could Allow Remote Code
Execution (3073921)
MS15-084 - Vulnerabilities in XML Core Services Could Allow Information
Disclosure (3080129)
MS15-085 - Vulnerability in Mount Manager Could Allow Elevation of
Privilege (3082487)
MS15-086 - Vulnerability in System Center Operations Manager Could Allow
Elevation of Privilege (3075158)
MS15-087 - Vulnerability in UDDI Services Could Allow Elevation of
Privilege (3082459)
MS15-088 - Unsafe Command Line Parameter Passing Could Allow Information
Disclosure (3082458)
MS15-089 - Vulnerability in WebDAV Could Allow Information Disclosure
(3076949)
MS15-090 - Vulnerabilities in Microsoft Windows Could Allow Elevation of
Privilege (3060716)
MS15-091 - Cumulative Security Update for Microsoft Edge (3084525)
MS15-092 - Vulnerabilities in .NET Framework Could Allow Elevation of
Privilege (3086251)
Maggiori dettagli sono disponibili nella segnalazioni ufficiali alla
sezione "Riferimenti".
:: Software interessato
Sistemi operativi:
Windows Vista
Windows Server 2008
Windows Server 2008 R2
Windows 7
Windows 8 and Windows 8.1
Windows Server 2012
Windows Server 2012 R2
Windows RT and Windows RT 8.1
Windows 10
Microsoft Server Software:
Microsoft System Center 2012 Operations Manager
Microsoft System Center 2012 Operations Manager R2
Microsoft BizTalk Server
Microsoft Office Suite:
Microsoft Office 2007
Microsoft Office 2010
Microsoft Office 2013
Microsoft Office 2013 RT
Microsoft Office for Mac
Other Office Software
Microsoft Office Services e Web Apps:
Microsoft SharePoint Server 2010
Microsoft SharePoint Server 2013
Microsoft Office Web Apps 2010
Microsoft Office Web Apps 2013
Microsoft Communications Platforms and Software:
Microsoft Live Meeting 2007
Microsoft Lync 2010
Microsoft Lync 2013
Microsoft Developer Tools and Software:
Microsoft Silverlight
:: Impatto
Esecuzione di codice in modalita' remota
Escalation di privilegi
Information Disclosure
:: Soluzioni
Installare manualmente le patch indicate nei bollettini Microsoft,
oppure utilizzare uno degli strumenti di aggiornamento come:
Aggiornamenti Automatici, Windows Update, Microsoft Update,
Windows Server Update Services, Systems Management Server.
:: Riferimenti
Riepilogo dei bollettini Microsoft sulla sicurezza, Agosto 2015
https://technet.microsoft.com/library/security/ms15-aug
Bollettini Microsoft sulla sicurezza
https://technet.microsoft.com/it-it/library/security/MS15-079
https://technet.microsoft.com/it-it/library/security/MS15-080
https://technet.microsoft.com/it-it/library/security/MS15-081
https://technet.microsoft.com/it-it/library/security/MS15-082
https://technet.microsoft.com/it-it/library/security/MS15-083
https://technet.microsoft.com/it-it/library/security/MS15-084
https://technet.microsoft.com/it-it/library/security/MS15-085
https://technet.microsoft.com/it-it/library/security/MS15-086
https://technet.microsoft.com/it-it/library/security/MS15-087
https://technet.microsoft.com/it-it/library/security/MS15-088
https://technet.microsoft.com/it-it/library/security/MS15-089
https://technet.microsoft.com/it-it/library/security/MS15-090
https://technet.microsoft.com/it-it/library/security/MS15-091
https://technet.microsoft.com/it-it/library/security/MS15-092
Microsoft Update
http://windowsupdate.microsoft.com
https://www.update.microsoft.com/
http://support.microsoft.com/kb/294871
Security Tracker
http://www.securitytracker.com/id/1033237
http://www.securitytracker.com/id/1033238
http://www.securitytracker.com/id/1033239
http://www.securitytracker.com/id/1033241
http://www.securitytracker.com/id/1033242
http://www.securitytracker.com/id/1033243
http://www.securitytracker.com/id/1033244
http://www.securitytracker.com/id/1033245
http://www.securitytracker.com/id/1033246
http://www.securitytracker.com/id/1033248
http://www.securitytracker.com/id/1033249
http://www.securitytracker.com/id/1033251
ISC SANS Diary
https://isc.sans.edu/forums/diary/August+2015+Microsoft+Patch+Tuesday/20023/
Mitre CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1642
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1769
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2420
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2423
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2428
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2429
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2430
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2431
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2432
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2433
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2434
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2435
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2440
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2441
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2442
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2443
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2444
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2445
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2446
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2447
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2448
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2449
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2450
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2451
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2452
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2453
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2454
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2455
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2456
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2458
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2459
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2460
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2461
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2462
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2463
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2464
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2465
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2466
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2467
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2468
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2469
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2470
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2471
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2472
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2473
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2474
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2475
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2477
GARR CERT Newsletter subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAlXNmKwACgkQwZxMk2USYELKCwCfZa6/QEZKdqIbQG+fDduQb77R
+jIAoL5B9EEgBdo/zkb1l3EysKrPJPi0
=hNa2
-----END PGP SIGNATURE-----