Alert GCSA-10065 - Vulnerabilita' in Microsoft Windows Kernel-Mode
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-10065
Data : 10 Giugno 2010
Titolo : Vulnerabilita' in Microsoft Windows Kernel-Mode Drivers
(MS10-032)
******************************************************************
:: Descrizione del problema
Microsoft ha rilasciato un aggiornamento di sicurezza che risolve
alcune vulnerabilita' nei driver del kernel di Microsoft, che possono
consentire l'escalation di privilegi se un utente visualizza
contenuti formati da certi font TruType appositamente predisposti.
:: Software interessato
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 2
Microsoft Windows XP Service Pack 3
Microsoft Windows XP Professional x64 Edition Service Pack 2
Microsoft Windows Server 2003 Service Pack 2
Microsoft Windows Server 2003 x64 Edition Service Pack 2
Microsoft Windows Server 2003 SP2 (Itanium)
Microsoft Windows Vista
Microsoft Windows Vista Service Pack 1
Microsoft Windows Vista Service Pack 2
Microsoft Windows Vista x64 Edition
Microsoft Windows Vista x64 Edition Service Pack 1
Microsoft Windows Vista x64 Edition Service Pack 2
Microsoft Windows Server 2008 (32-bit)
Microsoft Windows Server 2008 (32-bit) Service Pack 2
Microsoft Windows Server 2008 (x64)
Microsoft Windows Server 2008 (x64) Service Pack 2
Microsoft Windows Server 2008 (Itanium)
Microsoft Windows Server 2008 (Itanium) Service Pack 2
Microsoft WIndows 7 (32-bit)
Microsoft WIndows 7 (x64)
Microsoft Windows Server 2008 R2 x64
Microsoft Windows Server 2008 R2 Itanium
:: Impatto
Escalation di privilegi
:: Soluzioni
Installare manualmente la patch elencata nel bollettino Microsoft,
oppure utilizzare uno degli strumenti di aggiornamento come:
Aggiornamenti Automatici, Windows Update, Microsoft Update,
Windows Server Update Services.
:: Riferimenti
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/Bulletin/ms10-032.mspx
VUPEN
http://www.vupen.com/english/advisories/2010/1389
Secunia
http://secunia.com/advisories/39655/
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0484
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0485
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1255
-----BEGIN PGP SIGNATURE-----
iQCVAwUBTBDauvOB+SpikaiRAQJo5gQAhYUxonqHwqkpYGIPpxCBbUtX5x7udvqZ
nYTxCwD1wewjz+s/eu3EoL3ySK2zYeO8zPH8o1uU9aaah4FK72jsfQ49DuSxhecF
0mEo3GemUIWeS+xLc6egO8yhlxcO0CWfLemVUjm5iixr04Sddrg8M8FpxmWjI8Pl
NIJUEcCf3tg=
=Ie0e
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-10065
Data : 10 Giugno 2010
Titolo : Vulnerabilita' in Microsoft Windows Kernel-Mode Drivers
(MS10-032)
******************************************************************
:: Descrizione del problema
Microsoft ha rilasciato un aggiornamento di sicurezza che risolve
alcune vulnerabilita' nei driver del kernel di Microsoft, che possono
consentire l'escalation di privilegi se un utente visualizza
contenuti formati da certi font TruType appositamente predisposti.
:: Software interessato
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 2
Microsoft Windows XP Service Pack 3
Microsoft Windows XP Professional x64 Edition Service Pack 2
Microsoft Windows Server 2003 Service Pack 2
Microsoft Windows Server 2003 x64 Edition Service Pack 2
Microsoft Windows Server 2003 SP2 (Itanium)
Microsoft Windows Vista
Microsoft Windows Vista Service Pack 1
Microsoft Windows Vista Service Pack 2
Microsoft Windows Vista x64 Edition
Microsoft Windows Vista x64 Edition Service Pack 1
Microsoft Windows Vista x64 Edition Service Pack 2
Microsoft Windows Server 2008 (32-bit)
Microsoft Windows Server 2008 (32-bit) Service Pack 2
Microsoft Windows Server 2008 (x64)
Microsoft Windows Server 2008 (x64) Service Pack 2
Microsoft Windows Server 2008 (Itanium)
Microsoft Windows Server 2008 (Itanium) Service Pack 2
Microsoft WIndows 7 (32-bit)
Microsoft WIndows 7 (x64)
Microsoft Windows Server 2008 R2 x64
Microsoft Windows Server 2008 R2 Itanium
:: Impatto
Escalation di privilegi
:: Soluzioni
Installare manualmente la patch elencata nel bollettino Microsoft,
oppure utilizzare uno degli strumenti di aggiornamento come:
Aggiornamenti Automatici, Windows Update, Microsoft Update,
Windows Server Update Services.
:: Riferimenti
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/Bulletin/ms10-032.mspx
VUPEN
http://www.vupen.com/english/advisories/2010/1389
Secunia
http://secunia.com/advisories/39655/
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0484
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0485
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1255
-----BEGIN PGP SIGNATURE-----
iQCVAwUBTBDauvOB+SpikaiRAQJo5gQAhYUxonqHwqkpYGIPpxCBbUtX5x7udvqZ
nYTxCwD1wewjz+s/eu3EoL3ySK2zYeO8zPH8o1uU9aaah4FK72jsfQ49DuSxhecF
0mEo3GemUIWeS+xLc6egO8yhlxcO0CWfLemVUjm5iixr04Sddrg8M8FpxmWjI8Pl
NIJUEcCf3tg=
=Ie0e
-----END PGP SIGNATURE-----