Alert GCSA-14047 - Bollettino di Sicurezza Microsoft Dicembre 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-14047
Data: 10 Dicembre 2014
Titolo: Bollettino di Sicurezza Microsoft Dicembre 2014
******************************************************************
:: Descrizione del problema
Microsoft ha rilasciato 7 bollettini di sicurezza relativi a vulnerabilita'
presenti nei sistemi operativi Windows e in altre applicazioni:
MS14-075 Vulnerabilita' in Microsoft Exchange Server (3009712)
MS14-080 Aggiornamento cumulativo per Internet Explorer (3008923)
MS14-081 Vulnerabilita' in Microsoft Word e Microsoft Office Web Apps
(3017301)
MS14-082 Vulnerabilita' in Microsoft Office (3017349)
MS14-083 Vulnerabilita' in Microsoft Excel (3017347)
MS14-084 Vulnerabilita' in VBScript Scripting Engine (3016711)
MS14-085 Vulnerabilita' in Microsoft Graphics Component (3013126)
Maggiori dettagli sono disponibili nella segnalazioni ufficiali alla sezione
"Riferimenti".
:: Software interessato
Microsoft Office
Microsoft Word
Microsoft Word Viewer
Microsoft Office Compatibility Pack
Microsoft Exchange Server
Microsoft Excel
Microsoft Graphics Component
Microsoft SharePoint Server
VBScript
:: Impatto
Esecuzione di codice in modalita' remota
Accesso utente in modalita' remota
Esposizione e modifica di informazioni utente
Esposizione di informazioni di autenticazione e di sistema
:: Soluzioni
Installare manualmente le patch indicate nei bollettini Microsoft,
oppure utilizzare uno degli strumenti di aggiornamento come:
Aggiornamenti Automatici, Windows Update, Microsoft Update, Windows Server
Update Services, Systems Management Server.
:: Riferimenti
Riepilogo dei bollettini Microsoft sulla sicurezza, Dicembre 2014
https://technet.microsoft.com/library/security/ms14-dec
MSRC November 2014 Updates
http://blogs.technet.com/b/msrc/archive/2014/12/09/december-2014-updates.aspx
Bollettini Microsoft sulla sicurezza
https://technet.microsoft.com/it-it/library/security/ms14-075
https://technet.microsoft.com/it-it/library/security/ms14-080
https://technet.microsoft.com/it-it/library/security/ms14-081
https://technet.microsoft.com/it-it/library/security/ms14-082
https://technet.microsoft.com/it-it/library/security/ms14-083
https://technet.microsoft.com/it-it/library/security/ms14-084
https://technet.microsoft.com/it-it/library/security/ms14-085
Microsoft Update
http://windowsupdate.microsoft.com
https://www.update.microsoft.com/
http://support.microsoft.com/kb/294871
Security Tracker
http://www.securitytracker.com/id/1031313
http://www.securitytracker.com/id/1031314
http://www.securitytracker.com/id/1031315
http://www.securitytracker.com/id/1031318
http://www.securitytracker.com/id/1031319
http://www.securitytracker.com/id/1031320
http://www.securitytracker.com/id/1031324
http://www.securitytracker.com/id/1031325
Mitre CVE
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6363
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6356
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6357
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6327
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6328
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6329
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6330
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6363
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6365
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6366
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6368
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6369
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6373
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6374
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6375
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6376
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8966
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6319
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6325
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6326
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6336
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6364
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6360
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6361
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6355
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6357
GARR CERT Newsletter subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
iEYEARECAAYFAlSIcdYACgkQwZxMk2USYEKbVQCcC6JoE6yFirIMSv/P7O1ZtztR
YpIAoMxJB3e78expBbG46vzCuxQRXpbO
=QF++
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-14047
Data: 10 Dicembre 2014
Titolo: Bollettino di Sicurezza Microsoft Dicembre 2014
******************************************************************
:: Descrizione del problema
Microsoft ha rilasciato 7 bollettini di sicurezza relativi a vulnerabilita'
presenti nei sistemi operativi Windows e in altre applicazioni:
MS14-075 Vulnerabilita' in Microsoft Exchange Server (3009712)
MS14-080 Aggiornamento cumulativo per Internet Explorer (3008923)
MS14-081 Vulnerabilita' in Microsoft Word e Microsoft Office Web Apps
(3017301)
MS14-082 Vulnerabilita' in Microsoft Office (3017349)
MS14-083 Vulnerabilita' in Microsoft Excel (3017347)
MS14-084 Vulnerabilita' in VBScript Scripting Engine (3016711)
MS14-085 Vulnerabilita' in Microsoft Graphics Component (3013126)
Maggiori dettagli sono disponibili nella segnalazioni ufficiali alla sezione
"Riferimenti".
:: Software interessato
Microsoft Office
Microsoft Word
Microsoft Word Viewer
Microsoft Office Compatibility Pack
Microsoft Exchange Server
Microsoft Excel
Microsoft Graphics Component
Microsoft SharePoint Server
VBScript
:: Impatto
Esecuzione di codice in modalita' remota
Accesso utente in modalita' remota
Esposizione e modifica di informazioni utente
Esposizione di informazioni di autenticazione e di sistema
:: Soluzioni
Installare manualmente le patch indicate nei bollettini Microsoft,
oppure utilizzare uno degli strumenti di aggiornamento come:
Aggiornamenti Automatici, Windows Update, Microsoft Update, Windows Server
Update Services, Systems Management Server.
:: Riferimenti
Riepilogo dei bollettini Microsoft sulla sicurezza, Dicembre 2014
https://technet.microsoft.com/library/security/ms14-dec
MSRC November 2014 Updates
http://blogs.technet.com/b/msrc/archive/2014/12/09/december-2014-updates.aspx
Bollettini Microsoft sulla sicurezza
https://technet.microsoft.com/it-it/library/security/ms14-075
https://technet.microsoft.com/it-it/library/security/ms14-080
https://technet.microsoft.com/it-it/library/security/ms14-081
https://technet.microsoft.com/it-it/library/security/ms14-082
https://technet.microsoft.com/it-it/library/security/ms14-083
https://technet.microsoft.com/it-it/library/security/ms14-084
https://technet.microsoft.com/it-it/library/security/ms14-085
Microsoft Update
http://windowsupdate.microsoft.com
https://www.update.microsoft.com/
http://support.microsoft.com/kb/294871
Security Tracker
http://www.securitytracker.com/id/1031313
http://www.securitytracker.com/id/1031314
http://www.securitytracker.com/id/1031315
http://www.securitytracker.com/id/1031318
http://www.securitytracker.com/id/1031319
http://www.securitytracker.com/id/1031320
http://www.securitytracker.com/id/1031324
http://www.securitytracker.com/id/1031325
Mitre CVE
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6363
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6356
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6357
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6327
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6328
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6329
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6330
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6363
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6365
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6366
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6368
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6369
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6373
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6374
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6375
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6376
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8966
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6319
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6325
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6326
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6336
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6364
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6360
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6361
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6355
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6357
GARR CERT Newsletter subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
iEYEARECAAYFAlSIcdYACgkQwZxMk2USYEKbVQCcC6JoE6yFirIMSv/P7O1ZtztR
YpIAoMxJB3e78expBbG46vzCuxQRXpbO
=QF++
-----END PGP SIGNATURE-----