Alert GCSA-18047 - Microsoft Security Update giugno 2018
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-18047
Data: 13 giugno 2018
Titolo: Microsoft Security Update giugno 2018
******************************************************************
:: Descrizione del problema
Microsoft ha rilasciato 50 aggiornamenti mirati a risolvere
numerose vulnerabilita' (11 considerate critiche, e 39 importanti)
presenti nei sistemi operativi Windows e in vari software applicativi.
Maggiori dettagli sono disponibili nella segnalazione ufficiale
alla sezione "Riferimenti".
:: Software interessato
ChakraCore
Microsoft Edge
Internet Explorer 9
Internet Explorer 11
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1703 for 32-bit Systems
Windows 10 Version 1703 for x64-based Systems
Windows 10 version 1709 for 32-bit Systems
Windows 10 version 1709 for x64-based Systems
Windows 10 Version 1803 for 32-bit Systems
Windows 10 Version 1803 for x64-based Systems
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server, version 1709 (Server Core Installation)
Windows Server, version 1803 (Server Core Installation)
Excel Services installed on Microsoft SharePoint Enterprise
Server 2013 Service Pack 1
Microsoft Excel 2010 Service Pack 2 (32-bit editions)
Microsoft Excel 2010 Service Pack 2 (64-bit editions)
Microsoft Excel 2013 RT Service Pack 1
Microsoft Excel 2013 Service Pack 1 (32-bit editions)
Microsoft Excel 2013 Service Pack 1 (64-bit editions)
Microsoft Excel 2016 (32-bit edition)
Microsoft Excel 2016 (64-bit edition)
Microsoft Excel Viewer
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft Office 2013 RT Service Pack 1
Microsoft Office 2013 Service Pack 1 (32-bit editions)
Microsoft Office 2013 Service Pack 1 (64-bit editions)
Microsoft Office 2016 (32-bit edition)
Microsoft Office 2016 (64-bit edition)
Microsoft Office 2016 Click-to-Run (C2R) for 32-bit editions
Microsoft Office 2016 Click-to-Run (C2R) for 64-bit editions
Microsoft Office Compatibility Pack Service Pack 3
Microsoft Office Web Apps Server 2010 Service Pack 2
Microsoft Office Web Apps Server 2013 Service Pack 1
Microsoft Outlook 2010 Service Pack 2 (32-bit editions)
Microsoft Outlook 2010 Service Pack 2 (64-bit editions)
Microsoft Outlook 2013 RT Service Pack 1
Microsoft Outlook 2013 Service Pack 1 (32-bit editions)
Microsoft Outlook 2013 Service Pack 1 (64-bit editions)
Microsoft Outlook 2016 (32-bit edition)
Microsoft Outlook 2016 (64-bit edition)
Microsoft Project Server 2010 Service Pack 2
Microsoft Publisher 2010 Service Pack 2 (32-bit editions)
Microsoft Publisher 2010 Service Pack 2 (64-bit editions)
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Foundation 2013 Service Pack 1
Word Automation Services installed on Microsoft SharePoint Server 2010 Service Pack 2
Word Automation Services installed on Microsoft SharePoint Server 2013 Service Pack 1
Office Online Server 2016
Internet Explorer 10
:: Impatto
Varie possibilita', locali e remote, per sfruttare alcune delle vulnerabilita'
e ottenere l'accesso al sistema con i privilegi di utenti locali, o di
eventuali servizi di sistema (per es, http.sys).
:: Soluzioni
Per default l'installazione degli aggiornamenti avviene in maniera automatica.
Microsoft Security Update Guide
https://portal.msrc.microsoft.com/en-us/security-guidance/
Gli aggiornamenti sono disponibili anche tramite il catalogo
di Microsoft Update
https://www.catalog.update.microsoft.com/Home.aspx
:: Riferimenti
Microsoft June 2018 Security Updates
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/7d4489d6-573f-e811-a96f-000d3a33c573
Microsoft Security update deployment information
https://support.microsoft.com/en-in/help/20180612/security-update-deployment-details
Microsoft Security Update Summary
https://portal.msrc.microsoft.com/en-us/security-guidance/summary
Microsoft SUS e WSUS
https://support.microsoft.com/en-us/help/894199/software-update-services-and-windows-server-update-services-changes-in
US-CERT
https://www.us-cert.gov/ncas/current-activity/2018/06/12/Microsoft-Releases-June-2018-Security-Updates
DARKReading
https://www.darkreading.com/microsoft-fixes-11-critical-39-important-vulns/d/d-id/1332033
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iF0EARECAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCWyDtDwAKCRDBnEyTZRJg
Qse9AJ9P/4UlvBJaiPhqtc+xyEqOsGJMWgCgg8UTQab/ile2OhP91h2I/GTouQk=
=EsA3
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-18047
Data: 13 giugno 2018
Titolo: Microsoft Security Update giugno 2018
******************************************************************
:: Descrizione del problema
Microsoft ha rilasciato 50 aggiornamenti mirati a risolvere
numerose vulnerabilita' (11 considerate critiche, e 39 importanti)
presenti nei sistemi operativi Windows e in vari software applicativi.
Maggiori dettagli sono disponibili nella segnalazione ufficiale
alla sezione "Riferimenti".
:: Software interessato
ChakraCore
Microsoft Edge
Internet Explorer 9
Internet Explorer 11
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1703 for 32-bit Systems
Windows 10 Version 1703 for x64-based Systems
Windows 10 version 1709 for 32-bit Systems
Windows 10 version 1709 for x64-based Systems
Windows 10 Version 1803 for 32-bit Systems
Windows 10 Version 1803 for x64-based Systems
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server, version 1709 (Server Core Installation)
Windows Server, version 1803 (Server Core Installation)
Excel Services installed on Microsoft SharePoint Enterprise
Server 2013 Service Pack 1
Microsoft Excel 2010 Service Pack 2 (32-bit editions)
Microsoft Excel 2010 Service Pack 2 (64-bit editions)
Microsoft Excel 2013 RT Service Pack 1
Microsoft Excel 2013 Service Pack 1 (32-bit editions)
Microsoft Excel 2013 Service Pack 1 (64-bit editions)
Microsoft Excel 2016 (32-bit edition)
Microsoft Excel 2016 (64-bit edition)
Microsoft Excel Viewer
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft Office 2013 RT Service Pack 1
Microsoft Office 2013 Service Pack 1 (32-bit editions)
Microsoft Office 2013 Service Pack 1 (64-bit editions)
Microsoft Office 2016 (32-bit edition)
Microsoft Office 2016 (64-bit edition)
Microsoft Office 2016 Click-to-Run (C2R) for 32-bit editions
Microsoft Office 2016 Click-to-Run (C2R) for 64-bit editions
Microsoft Office Compatibility Pack Service Pack 3
Microsoft Office Web Apps Server 2010 Service Pack 2
Microsoft Office Web Apps Server 2013 Service Pack 1
Microsoft Outlook 2010 Service Pack 2 (32-bit editions)
Microsoft Outlook 2010 Service Pack 2 (64-bit editions)
Microsoft Outlook 2013 RT Service Pack 1
Microsoft Outlook 2013 Service Pack 1 (32-bit editions)
Microsoft Outlook 2013 Service Pack 1 (64-bit editions)
Microsoft Outlook 2016 (32-bit edition)
Microsoft Outlook 2016 (64-bit edition)
Microsoft Project Server 2010 Service Pack 2
Microsoft Publisher 2010 Service Pack 2 (32-bit editions)
Microsoft Publisher 2010 Service Pack 2 (64-bit editions)
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Foundation 2013 Service Pack 1
Word Automation Services installed on Microsoft SharePoint Server 2010 Service Pack 2
Word Automation Services installed on Microsoft SharePoint Server 2013 Service Pack 1
Office Online Server 2016
Internet Explorer 10
:: Impatto
Varie possibilita', locali e remote, per sfruttare alcune delle vulnerabilita'
e ottenere l'accesso al sistema con i privilegi di utenti locali, o di
eventuali servizi di sistema (per es, http.sys).
:: Soluzioni
Per default l'installazione degli aggiornamenti avviene in maniera automatica.
Microsoft Security Update Guide
https://portal.msrc.microsoft.com/en-us/security-guidance/
Gli aggiornamenti sono disponibili anche tramite il catalogo
di Microsoft Update
https://www.catalog.update.microsoft.com/Home.aspx
:: Riferimenti
Microsoft June 2018 Security Updates
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/7d4489d6-573f-e811-a96f-000d3a33c573
Microsoft Security update deployment information
https://support.microsoft.com/en-in/help/20180612/security-update-deployment-details
Microsoft Security Update Summary
https://portal.msrc.microsoft.com/en-us/security-guidance/summary
Microsoft SUS e WSUS
https://support.microsoft.com/en-us/help/894199/software-update-services-and-windows-server-update-services-changes-in
US-CERT
https://www.us-cert.gov/ncas/current-activity/2018/06/12/Microsoft-Releases-June-2018-Security-Updates
DARKReading
https://www.darkreading.com/microsoft-fixes-11-critical-39-important-vulns/d/d-id/1332033
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iF0EARECAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCWyDtDwAKCRDBnEyTZRJg
Qse9AJ9P/4UlvBJaiPhqtc+xyEqOsGJMWgCgg8UTQab/ile2OhP91h2I/GTouQk=
=EsA3
-----END PGP SIGNATURE-----