Alert GCSA-10139 - Vulnerabilita' in Microsoft ASP.NET (MS10-070)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-10139
Data : 30 Settembre 2010
Titolo : Vulnerabilita' in Microsoft ASP.NET (MS10-070 - 2418042)
******************************************************************
:: Descrizione del problema
E' stata riscontrata una vulnerabilita' in Microsoft ASP.NET,
che potrebbe essere sfruttata da attaccanti per accedere a informazioni
sensibili e decrittare informazioni criptate su una macchina affetta.
:: Software interessato
Windows XP Service Pack 3
Microsoft .NET Framework 1.1 Service Pack 1 (KB2416447)
Microsoft .NET Framework 2.0 Service Pack 2 (KB2418241)
Microsoft .NET Framework 3.5 (KB2416468)
Microsoft .NET Framework 3.5 Service Pack 1 (KB2416473)
Microsoft .NET Framework 4.0 (KB2416472)
Windows XP Professional x64 Edition Service Pack 2
Microsoft .NET Framework 1.1 Service Pack 1 (KB2416447)
Microsoft .NET Framework 2.0 Service Pack 2 (KB2418241)
Microsoft .NET Framework 3.5 (KB2416468)
Microsoft .NET Framework 3.5 Service Pack 1 (KB2416473)
Microsoft .NET Framework 4.0 (K2416472)
Windows Server 2003 Service Pack 2
Microsoft .NET Framework 1.1 Service Pack 1 (KB2416451)
Microsoft .NET Framework 2.0 Service Pack 2 (KB2418241)
Microsoft .NET Framework 3.5 (KB2416468)
Microsoft .NET Framework 3.5 Service Pack 1 (KB2416473)
Microsoft .NET Framework 4.0 (KB2416472)
Windows Server 2003 x64 Edition Service Pack 2
Microsoft .NET Framework 1.1 Service Pack 1 (KB2416447)
Microsoft .NET Framework 2.0 Service Pack 2 (KB2418241)
Microsoft .NET Framework 3.5 (KB2416468)
Microsoft .NET Framework 3.5 Service Pack 1 (KB2416473)
Microsoft .NET Framework 4.0 (KB2416472)
Windows Server 2003 with SP2 for Itanium-based Systems
Microsoft .NET Framework 1.1 Service Pack 1 (KB2416447)
Microsoft .NET Framework 2.0 Service Pack 2 (KB2418241)
Microsoft .NET Framework 3.5 (KB2416468)
Microsoft .NET Framework 3.5 Service Pack 1 (KB2416473)
Microsoft .NET Framework 4.0 (KB2416472)
Windows Vista Service Pack 1
Microsoft .NET Framework 1.1 Service Pack 1 (KB2416447)
Microsoft .NET Framework 3.5 Service Pack 1 (KB2416473)
Microsoft .NET Framework 4.0 (KB2416472)
Microsoft .NET Framework 2.0 Service Pack 1 and Microsoft .NET
Framework 3.5 (KB2416469)
Microsoft .NET Framework 2.0 Service Pack 2 (KB2416474)
Windows Vista Service Pack 2
Microsoft .NET Framework 1.1 Service Pack 1 (KB2416447)
Microsoft .NET Framework 2.0 Service Pack 2 (KB2416470)
Microsoft .NET Framework 3.5 (KB2418240)
Microsoft .NET Framework 3.5 Service Pack 1 (KB2416473)
Microsoft .NET Framework 4.0 (KB2416472)
Windows Vista x64 Edition Service Pack 1
Microsoft .NET Framework 1.1 Service Pack 1 (KB2416447)
Microsoft .NET Framework 3.5 Service Pack 1 (KB2416473)
Microsoft .NET Framework 4.0 (KB2416472)
Microsoft .NET Framework 2.0 Service Pack 1 and Microsoft .NET
Framework 3.5 (KB2416469)
Microsoft .NET Framework 2.0 Service Pack 2 (KB2416474)
Windows Vista x64 Edition Service Pack 2
Microsoft .NET Framework 1.1 Service Pack 1 (KB2416447)
Microsoft .NET Framework 2.0 Service Pack 2 (KB2416470)
Microsoft .NET Framework 3.5 (KB2418240)
Microsoft .NET Framework 3.5 Service Pack 1 (KB2416473)
Microsoft .NET Framework 4.0 (KB2416472)
Windows Server 2008 for 32-bit Systems
Microsoft .NET Framework 1.1 Service Pack 1** (KB2416447)
Microsoft .NET Framework 3.5 Service Pack 1** (KB2416473)
Microsoft .NET Framework 4.0** (KB2416472)
Microsoft .NET Framework 2.0 Service Pack 1 and Microsoft .NET
Framework 3.5** (KB2416469)
Microsoft .NET Framework 2.0 Service Pack 2** (KB2416474)
Windows Server 2008 for 32-bit Systems Service Pack 2
Microsoft .NET Framework 1.1 Service Pack 1** (KB2416447)
Microsoft .NET Framework 2.0 Service Pack 2** (KB2416470)
Microsoft .NET Framework 3.5** (KB2418240)
Microsoft .NET Framework 3.5 Service Pack 1** (KB2416473)
Microsoft .NET Framework 4.0** (KB2416472)
Windows Server 2008 for x64-based Systems
Microsoft .NET Framework 1.1 Service Pack 1** (KB2416447)
Microsoft .NET Framework 3.5 Service Pack 1** (KB2416473)
Microsoft .NET Framework 4.0** (KB2416472)
Microsoft .NET Framework 2.0 Service Pack 1 and Microsoft .NET
Framework 3.5** (KB2416469)
Microsoft .NET Framework 2.0 Service Pack 2** (KB2416474)
Windows Server 2008 for x64-based Systems Service Pack 2
Microsoft .NET Framework 1.1 Service Pack 1** (KB2416447)
Microsoft .NET Framework 2.0 Service Pack 2** (KB2416470)
Microsoft .NET Framework 3.5** (KB2418240)
Microsoft .NET Framework 3.5 Service Pack 1** (KB2416473)
Microsoft .NET Framework 4.0** (KB2416472)
Windows Server 2008 for Itanium-based Systems
Microsoft .NET Framework 1.1 Service Pack 1 (KB2416447)
Microsoft .NET Framework 3.5 Service Pack 1 (KB2416473)
Microsoft .NET Framework 4.0 (KB2416472)
Microsoft .NET Framework 2.0 Service Pack 1 and Microsoft .NET
Framework 3.5 (KB2416469)
Microsoft .NET Framework 2.0 Service Pack 2 (KB2416474)
Windows Server 2008 for Itanium-based Systems Service Pack 2
Microsoft .NET Framework 1.1 Service Pack 1 (KB2416447)
Microsoft .NET Framework 2.0 Service Pack 2 (KB2416470)
Microsoft .NET Framework 3.5 (KB2418240)
Microsoft .NET Framework 3.5 Service Pack 1 (KB2416473)
Microsoft .NET Framework 4.0 (KB2416472)
Windows 7 for 32-bit Systems
Microsoft .NET Framework 3.5.1 (KB2416471)
Microsoft .NET Framework 4.0 (KB2416472)
Windows 7 for x64-based Systems
Microsoft .NET Framework 3.5.1 (KB2416471)
Microsoft .NET Framework 4.0 (KB2416472)
Windows Server 2008 R2 for x64-based Systems
Microsoft .NET Framework 3.5.1* (KB2416471)
Microsoft .NET Framework 4.0* (KB2416472)
Windows Server 2008 R2 for Itanium-based Systems
Microsoft .NET Framework 3.5.1 (KB2416471)
Microsoft .NET Framework 4.0 (KB2416472)
:: Impatto
Accesso a dati sensibili
:: Soluzioni
Applicare la patch:
http://www.microsoft.com/technet/security/bulletin/ms10-070.mspx
:: Riferimenti
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/bulletin/ms10-070.mspx
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3332
-----BEGIN PGP SIGNATURE-----
iQCVAwUBTKXoJvOB+SpikaiRAQIdRAP/aG4oYbax10X5qdaSPfksOzBA9r17J2a/
DD4tehuSZpBvlHrdsWt+Gg0Bz3n0nFN46LM88w1uB2/nNE2FQrCxaAHUpHsQTxaB
r1FaquBVa1S/JuEO0S43ALNCd7SJDF9DizGUl3ORtPi/81pXPC50SYxBvhcQzP3x
1K7lXHWxNdw=
=l/0m
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-10139
Data : 30 Settembre 2010
Titolo : Vulnerabilita' in Microsoft ASP.NET (MS10-070 - 2418042)
******************************************************************
:: Descrizione del problema
E' stata riscontrata una vulnerabilita' in Microsoft ASP.NET,
che potrebbe essere sfruttata da attaccanti per accedere a informazioni
sensibili e decrittare informazioni criptate su una macchina affetta.
:: Software interessato
Windows XP Service Pack 3
Microsoft .NET Framework 1.1 Service Pack 1 (KB2416447)
Microsoft .NET Framework 2.0 Service Pack 2 (KB2418241)
Microsoft .NET Framework 3.5 (KB2416468)
Microsoft .NET Framework 3.5 Service Pack 1 (KB2416473)
Microsoft .NET Framework 4.0 (KB2416472)
Windows XP Professional x64 Edition Service Pack 2
Microsoft .NET Framework 1.1 Service Pack 1 (KB2416447)
Microsoft .NET Framework 2.0 Service Pack 2 (KB2418241)
Microsoft .NET Framework 3.5 (KB2416468)
Microsoft .NET Framework 3.5 Service Pack 1 (KB2416473)
Microsoft .NET Framework 4.0 (K2416472)
Windows Server 2003 Service Pack 2
Microsoft .NET Framework 1.1 Service Pack 1 (KB2416451)
Microsoft .NET Framework 2.0 Service Pack 2 (KB2418241)
Microsoft .NET Framework 3.5 (KB2416468)
Microsoft .NET Framework 3.5 Service Pack 1 (KB2416473)
Microsoft .NET Framework 4.0 (KB2416472)
Windows Server 2003 x64 Edition Service Pack 2
Microsoft .NET Framework 1.1 Service Pack 1 (KB2416447)
Microsoft .NET Framework 2.0 Service Pack 2 (KB2418241)
Microsoft .NET Framework 3.5 (KB2416468)
Microsoft .NET Framework 3.5 Service Pack 1 (KB2416473)
Microsoft .NET Framework 4.0 (KB2416472)
Windows Server 2003 with SP2 for Itanium-based Systems
Microsoft .NET Framework 1.1 Service Pack 1 (KB2416447)
Microsoft .NET Framework 2.0 Service Pack 2 (KB2418241)
Microsoft .NET Framework 3.5 (KB2416468)
Microsoft .NET Framework 3.5 Service Pack 1 (KB2416473)
Microsoft .NET Framework 4.0 (KB2416472)
Windows Vista Service Pack 1
Microsoft .NET Framework 1.1 Service Pack 1 (KB2416447)
Microsoft .NET Framework 3.5 Service Pack 1 (KB2416473)
Microsoft .NET Framework 4.0 (KB2416472)
Microsoft .NET Framework 2.0 Service Pack 1 and Microsoft .NET
Framework 3.5 (KB2416469)
Microsoft .NET Framework 2.0 Service Pack 2 (KB2416474)
Windows Vista Service Pack 2
Microsoft .NET Framework 1.1 Service Pack 1 (KB2416447)
Microsoft .NET Framework 2.0 Service Pack 2 (KB2416470)
Microsoft .NET Framework 3.5 (KB2418240)
Microsoft .NET Framework 3.5 Service Pack 1 (KB2416473)
Microsoft .NET Framework 4.0 (KB2416472)
Windows Vista x64 Edition Service Pack 1
Microsoft .NET Framework 1.1 Service Pack 1 (KB2416447)
Microsoft .NET Framework 3.5 Service Pack 1 (KB2416473)
Microsoft .NET Framework 4.0 (KB2416472)
Microsoft .NET Framework 2.0 Service Pack 1 and Microsoft .NET
Framework 3.5 (KB2416469)
Microsoft .NET Framework 2.0 Service Pack 2 (KB2416474)
Windows Vista x64 Edition Service Pack 2
Microsoft .NET Framework 1.1 Service Pack 1 (KB2416447)
Microsoft .NET Framework 2.0 Service Pack 2 (KB2416470)
Microsoft .NET Framework 3.5 (KB2418240)
Microsoft .NET Framework 3.5 Service Pack 1 (KB2416473)
Microsoft .NET Framework 4.0 (KB2416472)
Windows Server 2008 for 32-bit Systems
Microsoft .NET Framework 1.1 Service Pack 1** (KB2416447)
Microsoft .NET Framework 3.5 Service Pack 1** (KB2416473)
Microsoft .NET Framework 4.0** (KB2416472)
Microsoft .NET Framework 2.0 Service Pack 1 and Microsoft .NET
Framework 3.5** (KB2416469)
Microsoft .NET Framework 2.0 Service Pack 2** (KB2416474)
Windows Server 2008 for 32-bit Systems Service Pack 2
Microsoft .NET Framework 1.1 Service Pack 1** (KB2416447)
Microsoft .NET Framework 2.0 Service Pack 2** (KB2416470)
Microsoft .NET Framework 3.5** (KB2418240)
Microsoft .NET Framework 3.5 Service Pack 1** (KB2416473)
Microsoft .NET Framework 4.0** (KB2416472)
Windows Server 2008 for x64-based Systems
Microsoft .NET Framework 1.1 Service Pack 1** (KB2416447)
Microsoft .NET Framework 3.5 Service Pack 1** (KB2416473)
Microsoft .NET Framework 4.0** (KB2416472)
Microsoft .NET Framework 2.0 Service Pack 1 and Microsoft .NET
Framework 3.5** (KB2416469)
Microsoft .NET Framework 2.0 Service Pack 2** (KB2416474)
Windows Server 2008 for x64-based Systems Service Pack 2
Microsoft .NET Framework 1.1 Service Pack 1** (KB2416447)
Microsoft .NET Framework 2.0 Service Pack 2** (KB2416470)
Microsoft .NET Framework 3.5** (KB2418240)
Microsoft .NET Framework 3.5 Service Pack 1** (KB2416473)
Microsoft .NET Framework 4.0** (KB2416472)
Windows Server 2008 for Itanium-based Systems
Microsoft .NET Framework 1.1 Service Pack 1 (KB2416447)
Microsoft .NET Framework 3.5 Service Pack 1 (KB2416473)
Microsoft .NET Framework 4.0 (KB2416472)
Microsoft .NET Framework 2.0 Service Pack 1 and Microsoft .NET
Framework 3.5 (KB2416469)
Microsoft .NET Framework 2.0 Service Pack 2 (KB2416474)
Windows Server 2008 for Itanium-based Systems Service Pack 2
Microsoft .NET Framework 1.1 Service Pack 1 (KB2416447)
Microsoft .NET Framework 2.0 Service Pack 2 (KB2416470)
Microsoft .NET Framework 3.5 (KB2418240)
Microsoft .NET Framework 3.5 Service Pack 1 (KB2416473)
Microsoft .NET Framework 4.0 (KB2416472)
Windows 7 for 32-bit Systems
Microsoft .NET Framework 3.5.1 (KB2416471)
Microsoft .NET Framework 4.0 (KB2416472)
Windows 7 for x64-based Systems
Microsoft .NET Framework 3.5.1 (KB2416471)
Microsoft .NET Framework 4.0 (KB2416472)
Windows Server 2008 R2 for x64-based Systems
Microsoft .NET Framework 3.5.1* (KB2416471)
Microsoft .NET Framework 4.0* (KB2416472)
Windows Server 2008 R2 for Itanium-based Systems
Microsoft .NET Framework 3.5.1 (KB2416471)
Microsoft .NET Framework 4.0 (KB2416472)
:: Impatto
Accesso a dati sensibili
:: Soluzioni
Applicare la patch:
http://www.microsoft.com/technet/security/bulletin/ms10-070.mspx
:: Riferimenti
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/bulletin/ms10-070.mspx
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3332
-----BEGIN PGP SIGNATURE-----
iQCVAwUBTKXoJvOB+SpikaiRAQIdRAP/aG4oYbax10X5qdaSPfksOzBA9r17J2a/
DD4tehuSZpBvlHrdsWt+Gg0Bz3n0nFN46LM88w1uB2/nNE2FQrCxaAHUpHsQTxaB
r1FaquBVa1S/JuEO0S43ALNCd7SJDF9DizGUl3ORtPi/81pXPC50SYxBvhcQzP3x
1K7lXHWxNdw=
=l/0m
-----END PGP SIGNATURE-----