Alert GCSA-10071 - Vulnerabilita' in Microsoft .NET Framework
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-10071
Data : 10 Giugno 2010
Titolo : Vulnerabilita' in Microsoft .NET Framework (MS10-041)
******************************************************************
:: Descrizione del problema
Microsoft ha rilasciato un aggiornamento di sicurezza che risolve
una vulnerabilita' in Microsoft .NET Framework, che puo' consentire
la manomissione di contenuti XML firmati senza essere rilevata dal sistema.
:: Software interessato
Microsoft .NET Framework 1.0 Service Pack 3
Microsoft .NET Framework 1.1 Service Pack 1
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5 Service Pack 1
Microsoft .NET Framework 3.5.1
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 2
Microsoft Windows XP Service Pack 3
Microsoft Windows XP Professional x64 Edition Service Pack 2
Microsoft Windows Server 2003 Service Pack 2
Microsoft Windows Server 2003 x64 Edition Service Pack 2
Microsoft Windows Server 2003 SP2 (Itanium)
Microsoft Windows Vista
Microsoft Windows Vista Service Pack 1
Microsoft Windows Vista Service Pack 2
Microsoft Windows Vista x64 Edition
Microsoft Windows Vista x64 Edition Service Pack 1
Microsoft Windows Vista x64 Edition Service Pack 2
Microsoft Windows Server 2008 (32-bit)
Microsoft Windows Server 2008 (32-bit) Service Pack 2
Microsoft Windows Server 2008 (x64)
Microsoft Windows Server 2008 (x64) Service Pack 2
Microsoft Windows Server 2008 (Itanium)
Microsoft Windows Server 2008 (Itanium) Service Pack 2
Microsoft WIndows 7 (32-bit)
Microsoft WIndows 7 (x64)
Microsoft Windows Server 2008 R2 x64
Microsoft Windows Server 2008 R2 Itanium
:: Impatto
Manomissione di dati firmati
:: Soluzioni
Installare manualmente la patch elencata nel bollettino Microsoft,
oppure utilizzare uno degli strumenti di aggiornamento come:
Aggiornamenti Automatici, Windows Update, Microsoft Update,
Windows Server Update Services.
:: Riferimenti
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/Bulletin/MS10-041.mspx
VUPEN
http://www.vupen.com/english/advisories/2010/1398
Secunia
http://secunia.com/advisories/40080/
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0217
-----BEGIN PGP SIGNATURE-----
iQCVAwUBTBDxMPOB+SpikaiRAQJMPQP/V4NpkkmyqR1v8RM+nYbEKdrjmSEH1rqL
Vo95A7tmUGA5rcpq3QSpAVzVPI/TPh4zVXA4IpvXle6wbANWETWwB3D/oJ0o3/ZK
3eq3/d30zootjNrA+3KYvGETNHclBVVr3SPhvfoi7hVbCubRJVVQpg3pUNleq1n+
6mDLG2DcxOA=
=4r6m
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-10071
Data : 10 Giugno 2010
Titolo : Vulnerabilita' in Microsoft .NET Framework (MS10-041)
******************************************************************
:: Descrizione del problema
Microsoft ha rilasciato un aggiornamento di sicurezza che risolve
una vulnerabilita' in Microsoft .NET Framework, che puo' consentire
la manomissione di contenuti XML firmati senza essere rilevata dal sistema.
:: Software interessato
Microsoft .NET Framework 1.0 Service Pack 3
Microsoft .NET Framework 1.1 Service Pack 1
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5 Service Pack 1
Microsoft .NET Framework 3.5.1
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 2
Microsoft Windows XP Service Pack 3
Microsoft Windows XP Professional x64 Edition Service Pack 2
Microsoft Windows Server 2003 Service Pack 2
Microsoft Windows Server 2003 x64 Edition Service Pack 2
Microsoft Windows Server 2003 SP2 (Itanium)
Microsoft Windows Vista
Microsoft Windows Vista Service Pack 1
Microsoft Windows Vista Service Pack 2
Microsoft Windows Vista x64 Edition
Microsoft Windows Vista x64 Edition Service Pack 1
Microsoft Windows Vista x64 Edition Service Pack 2
Microsoft Windows Server 2008 (32-bit)
Microsoft Windows Server 2008 (32-bit) Service Pack 2
Microsoft Windows Server 2008 (x64)
Microsoft Windows Server 2008 (x64) Service Pack 2
Microsoft Windows Server 2008 (Itanium)
Microsoft Windows Server 2008 (Itanium) Service Pack 2
Microsoft WIndows 7 (32-bit)
Microsoft WIndows 7 (x64)
Microsoft Windows Server 2008 R2 x64
Microsoft Windows Server 2008 R2 Itanium
:: Impatto
Manomissione di dati firmati
:: Soluzioni
Installare manualmente la patch elencata nel bollettino Microsoft,
oppure utilizzare uno degli strumenti di aggiornamento come:
Aggiornamenti Automatici, Windows Update, Microsoft Update,
Windows Server Update Services.
:: Riferimenti
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/Bulletin/MS10-041.mspx
VUPEN
http://www.vupen.com/english/advisories/2010/1398
Secunia
http://secunia.com/advisories/40080/
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0217
-----BEGIN PGP SIGNATURE-----
iQCVAwUBTBDxMPOB+SpikaiRAQJMPQP/V4NpkkmyqR1v8RM+nYbEKdrjmSEH1rqL
Vo95A7tmUGA5rcpq3QSpAVzVPI/TPh4zVXA4IpvXle6wbANWETWwB3D/oJ0o3/ZK
3eq3/d30zootjNrA+3KYvGETNHclBVVr3SPhvfoi7hVbCubRJVVQpg3pUNleq1n+
6mDLG2DcxOA=
=4r6m
-----END PGP SIGNATURE-----