Alert GCSA-09021 - MS09-008 Vulnerabilita' in Microsoft DNS e WINS
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-09021
Data : 11 marzo 2009
Titolo : MS09-008 Vulnerabilita' in Microsoft DNS e WINS Server (962238)
******************************************************************
:: Descrizione del problema
Questo aggiornamento risolve quattro vulnerabilita' presenti in
Windows DNS server e Windows WINS server.
Queste vulnerabilita' potrebbero consentire ad un aggressore
remoto di redirigere il traffico di rete destinato a
certi sistemi su internet verso un sistema sotto il suo controllo,
per mezzo di attacchi spoofing e cache poisoning.
:: Software interessato
DNS server e WINS Server su
- Windows 2000 Server SP4
- Windows Server 2003 SP1 e SP2
- Windows Server 2003 x64
- Windows Server 2003 x64 SP2
- Windows Server 2003 SP1 per sistemi Itanium
- Windows Server 2003 SP2 per sistemi Itanium
DNS server su
- Windows Server 2008 32-bit
- Windows Server 2008 x64
:: Impatto
spoofing
Security Bypass
:: Soluzioni
Installare manualmente la patch elencata nel bollettino Microsoft,
oppure utilizzare uno degli strumenti di aggiornamento come:
Aggiornamenti Automatici, Windows Update, Microsoft Update,
Windows Server Update Services.
:: Riferimenti
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/bulletin/MS09-008.mspx
Microsoft Knowledge Base
http://support.microsoft.com/kb/962238
Microsoft Update
https://update.microsoft.com/microsoftupdate/
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0093
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0094
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0233
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0234
Vupen Security
http://www.vupen.com/english/advisories/2009/0661
Securityfocus Bugtraq ID
http://www.securityfocus.com/bid/33988
Secunia
http://secunia.com/advisories/34217/
US-CERT
http://www.kb.cert.org/vuls/id/319331
-----BEGIN PGP SIGNATURE-----
iQCUAwUBSbe+zPOB+SpikaiRAQJHEgP3V/SrF7KZvfZ+oUUA9ki4xIIRk9MTifln
so2o4F7f/dKjfF7XzohLY3JLWP3jhTkLodOH1Y0vqi93NV+7EmilQ+YqhW+4s03M
kteuUO800/deW+7JMTcYnSOaLlQ1h6HuZTOMJ0mTNA6AcP7FZvURNmYr+0bfVeGU
whqahwp/Yw==
=Ou01
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-09021
Data : 11 marzo 2009
Titolo : MS09-008 Vulnerabilita' in Microsoft DNS e WINS Server (962238)
******************************************************************
:: Descrizione del problema
Questo aggiornamento risolve quattro vulnerabilita' presenti in
Windows DNS server e Windows WINS server.
Queste vulnerabilita' potrebbero consentire ad un aggressore
remoto di redirigere il traffico di rete destinato a
certi sistemi su internet verso un sistema sotto il suo controllo,
per mezzo di attacchi spoofing e cache poisoning.
:: Software interessato
DNS server e WINS Server su
- Windows 2000 Server SP4
- Windows Server 2003 SP1 e SP2
- Windows Server 2003 x64
- Windows Server 2003 x64 SP2
- Windows Server 2003 SP1 per sistemi Itanium
- Windows Server 2003 SP2 per sistemi Itanium
DNS server su
- Windows Server 2008 32-bit
- Windows Server 2008 x64
:: Impatto
spoofing
Security Bypass
:: Soluzioni
Installare manualmente la patch elencata nel bollettino Microsoft,
oppure utilizzare uno degli strumenti di aggiornamento come:
Aggiornamenti Automatici, Windows Update, Microsoft Update,
Windows Server Update Services.
:: Riferimenti
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/bulletin/MS09-008.mspx
Microsoft Knowledge Base
http://support.microsoft.com/kb/962238
Microsoft Update
https://update.microsoft.com/microsoftupdate/
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0093
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0094
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0233
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0234
Vupen Security
http://www.vupen.com/english/advisories/2009/0661
Securityfocus Bugtraq ID
http://www.securityfocus.com/bid/33988
Secunia
http://secunia.com/advisories/34217/
US-CERT
http://www.kb.cert.org/vuls/id/319331
-----BEGIN PGP SIGNATURE-----
iQCUAwUBSbe+zPOB+SpikaiRAQJHEgP3V/SrF7KZvfZ+oUUA9ki4xIIRk9MTifln
so2o4F7f/dKjfF7XzohLY3JLWP3jhTkLodOH1Y0vqi93NV+7EmilQ+YqhW+4s03M
kteuUO800/deW+7JMTcYnSOaLlQ1h6HuZTOMJ0mTNA6AcP7FZvURNmYr+0bfVeGU
whqahwp/Yw==
=Ou01
-----END PGP SIGNATURE-----