Alert GCSA-09073 - Vulnerabilita' in Microsoft Workstation Service
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-09073
Data : 12 Agosto 2009
Titolo : Vulnerabilita' in Microsoft Workstation Service Queuing (MS09-041)
******************************************************************
:: Descrizione del problema
E' stata riscontrata un vulnerabilita' in Microsoft Windows che potrebbe
essere sfruttata da utenti malevoli per compromettere un sistema che ne sia
affetto.
Tale vulnerabilita' e' dovuta ad un errore in Microsoft Workstation Service
nella gestione della memoria durante l'elaborazione di messaggi RPC
appositamente predisposti, e potrebbe essere sfruttata per provocare un Denial
of Service o per eseguire codice arbitrario con privilegi SYSTEM.
:: Software interessato
Microsoft Windows XP Service Pack 2
Microsoft Windows XP Service Pack 3
Microsoft Windows XP Professional x64 Edition Service Pack 2
Microsoft Windows Server 2003 Service Pack 2
Microsoft Windows Server 2003 x64 Edition Service Pack 2
Microsoft Windows Server 2003 SP2 (Itanium)
Microsoft Windows Vista, Windows Vista Service Pack 1
Microsoft Windows Vista Service Pack 2
Microsoft Windows Vista x64 Edition
Microsoft Windows Vista x64 Edition Service Pack 1
Microsoft Windows Vista x64 Edition Service Pack 2
Microsoft Windows Server 2008 (32-bit)
Microsoft Windows Server 2008 (32-bit) Service Pack 2
Microsoft Windows Server 2008 (x64)
Microsoft Windows Server 2008 (x64) Service Pack 2
Microsoft Windows Server 2008 (Itanium)
Microsoft Windows Server 2008 (Itanium) Service Pack 2
:: Impatto
Denial of Service
Esecuzione di codice arbitrario con privilegi elevati
:: Soluzioni
Applicare gli aggiornamenti rilasciati da Microsoft:
http://www.microsoft.com/technet/security/Bulletin/MS09-041.mspx
:: Riferimenti
Microsoft Security Bulletin MS09-041
http://www.microsoft.com/technet/security/Bulletin/MS09-041.mspx
Secunia
http://secunia.com/advisories/36220/
VuPEN
http://www.vupen.com/english/advisories/2009/2236
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1544
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSoLC2/OB+SpikaiRAQIR/QQAkEYCbvxMcZYkO8nlAyShVyhSJlvO/3r5
0FQgdREFN2V3IeWtXDpXaOddIKBPFWnCjo2Rvcj7dhD/naMxlNvqX1ZSvX3wRfoO
dLihcotXv6BxnpDQKO0qjt0QlRgjiIgPogCeYWNpGfNzl3dcgku6CLPu8OKQG4AX
kTm9Df4ZfPI=
=2dfs
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-09073
Data : 12 Agosto 2009
Titolo : Vulnerabilita' in Microsoft Workstation Service Queuing (MS09-041)
******************************************************************
:: Descrizione del problema
E' stata riscontrata un vulnerabilita' in Microsoft Windows che potrebbe
essere sfruttata da utenti malevoli per compromettere un sistema che ne sia
affetto.
Tale vulnerabilita' e' dovuta ad un errore in Microsoft Workstation Service
nella gestione della memoria durante l'elaborazione di messaggi RPC
appositamente predisposti, e potrebbe essere sfruttata per provocare un Denial
of Service o per eseguire codice arbitrario con privilegi SYSTEM.
:: Software interessato
Microsoft Windows XP Service Pack 2
Microsoft Windows XP Service Pack 3
Microsoft Windows XP Professional x64 Edition Service Pack 2
Microsoft Windows Server 2003 Service Pack 2
Microsoft Windows Server 2003 x64 Edition Service Pack 2
Microsoft Windows Server 2003 SP2 (Itanium)
Microsoft Windows Vista, Windows Vista Service Pack 1
Microsoft Windows Vista Service Pack 2
Microsoft Windows Vista x64 Edition
Microsoft Windows Vista x64 Edition Service Pack 1
Microsoft Windows Vista x64 Edition Service Pack 2
Microsoft Windows Server 2008 (32-bit)
Microsoft Windows Server 2008 (32-bit) Service Pack 2
Microsoft Windows Server 2008 (x64)
Microsoft Windows Server 2008 (x64) Service Pack 2
Microsoft Windows Server 2008 (Itanium)
Microsoft Windows Server 2008 (Itanium) Service Pack 2
:: Impatto
Denial of Service
Esecuzione di codice arbitrario con privilegi elevati
:: Soluzioni
Applicare gli aggiornamenti rilasciati da Microsoft:
http://www.microsoft.com/technet/security/Bulletin/MS09-041.mspx
:: Riferimenti
Microsoft Security Bulletin MS09-041
http://www.microsoft.com/technet/security/Bulletin/MS09-041.mspx
Secunia
http://secunia.com/advisories/36220/
VuPEN
http://www.vupen.com/english/advisories/2009/2236
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1544
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSoLC2/OB+SpikaiRAQIR/QQAkEYCbvxMcZYkO8nlAyShVyhSJlvO/3r5
0FQgdREFN2V3IeWtXDpXaOddIKBPFWnCjo2Rvcj7dhD/naMxlNvqX1ZSvX3wRfoO
dLihcotXv6BxnpDQKO0qjt0QlRgjiIgPogCeYWNpGfNzl3dcgku6CLPu8OKQG4AX
kTm9Df4ZfPI=
=2dfs
-----END PGP SIGNATURE-----