Alert GCSA-10147 - Vulnerabilita' in Microsoft Windows Kernel-Mode
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-10147
Data : 14 Ottobre 2010
Titolo : Vulnerabilita' in Microsoft Windows Kernel-Mode Drivers
(MS10-073)
******************************************************************
:: Descrizione del problema
Sono state riscontrate multiple vulnerabilita' in Microsoft
Windows che potrebbero essere sfruttate da un attaccante locale per
ottenere elevati privilegi su un sistema vulnerabile. Le vulnerabilita'
sono causate da errori nel file "Wind32k.sys", e potrebbero essere
sfruttate per ottenere privilegi "ring0" su un sistema affetto.
Una di queste vulnerabilita' e' sfruttata dal malware Stuxnet.
:: Software interessato
Microsoft Windows XP Service Pack 3
Microsoft Windows XP Professional x64 Edition Service Pack 2
Microsoft Windows Server 2003 Service Pack 2
Microsoft Windows Server 2003 x64 Edition Service Pack 2
Microsoft Windows Server 2003 SP2 (Itanium)
Microsoft Windows Vista Service Pack 1
Microsoft Windows Vista Service Pack 2
Microsoft Windows Vista x64 Edition Service Pack 1
Microsoft Windows Vista x64 Edition Service Pack 2
Microsoft Windows Server 2008 (32-bit)
Microsoft Windows Server 2008 (32-bit) Service Pack 2
Microsoft Windows Server 2008 (64x)
Microsoft Windows Server 2008 (64x) Service Pack 2
Microsoft Windows Server 2008 (Itanium)
Microsoft Windows Server 2008 (Itanium) Service Pack 2
Microsoft Windows 7 (32-bit)
Microsoft Windows 7 (64x)
Microsoft Windows Server 2008 R2 (64x)
Microsoft Windows Server 2008 R2 (Itanium)
:: Impatto
Escalation di privilegi
:: Soluzioni
Installare manualmente la patch elencata nel bollettino Microsoft,
oppure utilizzare uno degli strumenti di aggiornamento come:
Aggiornamenti Automatici, Windows Update, Microsoft Update,
Windows Server Update Services.
:: Riferimenti
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/Bulletin/ms10-073.mspx
VUPEN
http://www.vupen.com/english/advisories/2010/2620
Secunia
http://secunia.com/advisories/40421/
http://secunia.com/advisories/41471/
http://secunia.com/advisories/41775/
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2549
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2743
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2744
-----BEGIN PGP SIGNATURE-----
iQCVAwUBTLcDavOB+SpikaiRAQJBMwP9FIOQXl81GxQ0RVNaKInsNStoYvbiM0N8
9O5NSB8cTxAlCx0u32lKg110utf1qQecH2XQcqWgft4hsPDhqA5nRz7xpNx1W2q6
VFZiC4gfg/6xDMVYmIlqUs8VZcYhIEOwUpAYHDsCvDaOMpm4Mo3A8rWT+tazfZyV
5PocD1+QTP4=
=ckbG
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-10147
Data : 14 Ottobre 2010
Titolo : Vulnerabilita' in Microsoft Windows Kernel-Mode Drivers
(MS10-073)
******************************************************************
:: Descrizione del problema
Sono state riscontrate multiple vulnerabilita' in Microsoft
Windows che potrebbero essere sfruttate da un attaccante locale per
ottenere elevati privilegi su un sistema vulnerabile. Le vulnerabilita'
sono causate da errori nel file "Wind32k.sys", e potrebbero essere
sfruttate per ottenere privilegi "ring0" su un sistema affetto.
Una di queste vulnerabilita' e' sfruttata dal malware Stuxnet.
:: Software interessato
Microsoft Windows XP Service Pack 3
Microsoft Windows XP Professional x64 Edition Service Pack 2
Microsoft Windows Server 2003 Service Pack 2
Microsoft Windows Server 2003 x64 Edition Service Pack 2
Microsoft Windows Server 2003 SP2 (Itanium)
Microsoft Windows Vista Service Pack 1
Microsoft Windows Vista Service Pack 2
Microsoft Windows Vista x64 Edition Service Pack 1
Microsoft Windows Vista x64 Edition Service Pack 2
Microsoft Windows Server 2008 (32-bit)
Microsoft Windows Server 2008 (32-bit) Service Pack 2
Microsoft Windows Server 2008 (64x)
Microsoft Windows Server 2008 (64x) Service Pack 2
Microsoft Windows Server 2008 (Itanium)
Microsoft Windows Server 2008 (Itanium) Service Pack 2
Microsoft Windows 7 (32-bit)
Microsoft Windows 7 (64x)
Microsoft Windows Server 2008 R2 (64x)
Microsoft Windows Server 2008 R2 (Itanium)
:: Impatto
Escalation di privilegi
:: Soluzioni
Installare manualmente la patch elencata nel bollettino Microsoft,
oppure utilizzare uno degli strumenti di aggiornamento come:
Aggiornamenti Automatici, Windows Update, Microsoft Update,
Windows Server Update Services.
:: Riferimenti
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/Bulletin/ms10-073.mspx
VUPEN
http://www.vupen.com/english/advisories/2010/2620
Secunia
http://secunia.com/advisories/40421/
http://secunia.com/advisories/41471/
http://secunia.com/advisories/41775/
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2549
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2743
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2744
-----BEGIN PGP SIGNATURE-----
iQCVAwUBTLcDavOB+SpikaiRAQJBMwP9FIOQXl81GxQ0RVNaKInsNStoYvbiM0N8
9O5NSB8cTxAlCx0u32lKg110utf1qQecH2XQcqWgft4hsPDhqA5nRz7xpNx1W2q6
VFZiC4gfg/6xDMVYmIlqUs8VZcYhIEOwUpAYHDsCvDaOMpm4Mo3A8rWT+tazfZyV
5PocD1+QTP4=
=ckbG
-----END PGP SIGNATURE-----