Alert GCSA-08128 - MS08-078 Vulnerabilta' in Microsoft Internet
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-08128
Data : 18 dicembre 2008
Titolo : MS08-078 Vulnerabilta' in Microsoft Internet Explorer (960714)
******************************************************************
:: Descrizione del problema
Questo aggiornamento critico risolve una vulnerabilita' relativa
ad Internet Explorer, che potrebbe consentire l'esecuzione di codice
arbitrario nel caso in cui l'utente visualizzi pagine web malevole
create allo scopo.
Da varie fonti risulta che la vulnerabilta' in questione e'
correntemente sfruttata attraverso vari siti web malevoli.
:: Software interessato
Internet Explorer 5.01 e
Internet Explorer 6 SP1 su
Windows 2000 SP4
Internet Explorer 6 su
Windows XP SP2 e SP3
Windows XP Pro x64
Windows XP Pro x64 SP2
Windows Server 2003 SP1 e SP2
Windows Server 2003 x64
Windows Server 2003 x64 SP2
Windows Server 2003 Itanium-based SP1 e SP2
Internet Explorer 7 su
Windows XP SP2 e SP3
Windows XP Pro x64
Windows XP Pro x64 SP2
Windows Server 2003 SP1 e SP2
Windows Server 2003 x64
Windows Server 2003 x64 SP2
Windows Server 2003 Itanium-based SP1 e SP2
Windows Vista
Windows Vista SP1
Windows Vista x64
Windows Vista x64 SP1
Windows Server 2008 32-bit
Windows Server 2008 64-bit
Windows Server 2008 Itanium-based
Internet Explorer 8 Beta 2
:: Impatto
Esecuzione remota di codice arbitrario
Denial of service
:: Soluzioni
Installare manualmente la patch elencata nel bollettino Microsoft,
oppure utilizzare uno degli strumenti di aggiornamento come:
Aggiornamenti Automatici, Windows Update, Microsoft Update,
Windows Server Update Services.
:: Riferimenti
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/bulletin/ms08-078.mspx
Microsoft Knowledge Base
http://support.microsoft.com/kb/960714
Microsoft Security Advisory (961051)
http://www.microsoft.com/technet/security/advisory/961051.mspx
Microsoft SVRD
http://blogs.technet.com/swi/archive/2008/12/12/Clarification-on-the-various-workarounds-from-the-recent-IE-advisory.aspx
Microsoft Update
https://update.microsoft.com/microsoftupdate/
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4844
Secunia advisories
http://secunia.com/advisories/33089
Securityfocus Bugtraq ID
http://www.securityfocus.com/bid/32721
SANS Internet Storm Center
http://isc.sans.org/diary.html?storyid=5458
http://isc.sans.org/diary.html?storyid=5464
http://isc.sans.org/diary.html?storyid=5470
http://isc.sans.org/diary.html?storyid=5479
http://isc.sans.org/diary.html?storyid=5503
http://isc.sans.org/diary.html?storyid=5497
http://isc.sans.org/diary.html?storyid=5515
US-CERT Technical Cyber Security Alert
http://www.us-cert.gov/cas/techalerts/TA08-352A.html
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSUonAvOB+SpikaiRAQLK+QP9FWA4ef+MhcSkK6cu7RLxwjtp0THZ4jjp
Wq8vGWI6kSTlVWAOdvzEHBs5/ZAZJmpPFE5+k+B4NmbwZ2dEgi4dBPrMwa1mc4BR
LIr51GKpDParv/TGzannvNJ/55ZtYF0pk8vf7Kd2P0VHFC69Cu/5dBMg8W+iBzt4
0dF7AFuqtI0=
=bixp
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-08128
Data : 18 dicembre 2008
Titolo : MS08-078 Vulnerabilta' in Microsoft Internet Explorer (960714)
******************************************************************
:: Descrizione del problema
Questo aggiornamento critico risolve una vulnerabilita' relativa
ad Internet Explorer, che potrebbe consentire l'esecuzione di codice
arbitrario nel caso in cui l'utente visualizzi pagine web malevole
create allo scopo.
Da varie fonti risulta che la vulnerabilta' in questione e'
correntemente sfruttata attraverso vari siti web malevoli.
:: Software interessato
Internet Explorer 5.01 e
Internet Explorer 6 SP1 su
Windows 2000 SP4
Internet Explorer 6 su
Windows XP SP2 e SP3
Windows XP Pro x64
Windows XP Pro x64 SP2
Windows Server 2003 SP1 e SP2
Windows Server 2003 x64
Windows Server 2003 x64 SP2
Windows Server 2003 Itanium-based SP1 e SP2
Internet Explorer 7 su
Windows XP SP2 e SP3
Windows XP Pro x64
Windows XP Pro x64 SP2
Windows Server 2003 SP1 e SP2
Windows Server 2003 x64
Windows Server 2003 x64 SP2
Windows Server 2003 Itanium-based SP1 e SP2
Windows Vista
Windows Vista SP1
Windows Vista x64
Windows Vista x64 SP1
Windows Server 2008 32-bit
Windows Server 2008 64-bit
Windows Server 2008 Itanium-based
Internet Explorer 8 Beta 2
:: Impatto
Esecuzione remota di codice arbitrario
Denial of service
:: Soluzioni
Installare manualmente la patch elencata nel bollettino Microsoft,
oppure utilizzare uno degli strumenti di aggiornamento come:
Aggiornamenti Automatici, Windows Update, Microsoft Update,
Windows Server Update Services.
:: Riferimenti
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/bulletin/ms08-078.mspx
Microsoft Knowledge Base
http://support.microsoft.com/kb/960714
Microsoft Security Advisory (961051)
http://www.microsoft.com/technet/security/advisory/961051.mspx
Microsoft SVRD
http://blogs.technet.com/swi/archive/2008/12/12/Clarification-on-the-various-workarounds-from-the-recent-IE-advisory.aspx
Microsoft Update
https://update.microsoft.com/microsoftupdate/
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4844
Secunia advisories
http://secunia.com/advisories/33089
Securityfocus Bugtraq ID
http://www.securityfocus.com/bid/32721
SANS Internet Storm Center
http://isc.sans.org/diary.html?storyid=5458
http://isc.sans.org/diary.html?storyid=5464
http://isc.sans.org/diary.html?storyid=5470
http://isc.sans.org/diary.html?storyid=5479
http://isc.sans.org/diary.html?storyid=5503
http://isc.sans.org/diary.html?storyid=5497
http://isc.sans.org/diary.html?storyid=5515
US-CERT Technical Cyber Security Alert
http://www.us-cert.gov/cas/techalerts/TA08-352A.html
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSUonAvOB+SpikaiRAQLK+QP9FWA4ef+MhcSkK6cu7RLxwjtp0THZ4jjp
Wq8vGWI6kSTlVWAOdvzEHBs5/ZAZJmpPFE5+k+B4NmbwZ2dEgi4dBPrMwa1mc4BR
LIr51GKpDParv/TGzannvNJ/55ZtYF0pk8vf7Kd2P0VHFC69Cu/5dBMg8W+iBzt4
0dF7AFuqtI0=
=bixp
-----END PGP SIGNATURE-----