Alert GCSA-10022 - MS10-015 Vulnerabilita' in Windows Kernel (977165)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-10022
Data : 11 febbraio 2010
Titolo : MS10-015 Vulnerabilita' in Windows Kernel (977165)
******************************************************************
:: Descrizione del problema
Microsoft ha rilasciato un aggiornamento per risolvere due
vulnerabilita' presenti nel Kernel di Microsoft Windows.
Le vulnerabilita' potrebbero consentire la conquista di
permessi piu' elevati se un aggressore, in grado di connettersi
localmente, eseguisse un'applicazione artefatta.
:: Software interessato
Windows 2000 SP4
Windows XP SP2
Windows XP SP3
Windows XP Pro x64 Edition SP2
Windows Vista
Windows Vista SP1
Windows Vista SP2
Windows Vista x64 Edition
Windows Vista x64 Edition SP1
Windows Vista x64 Edition SP2
Windows 7 (32-bit)
Windows Server 2003 SP2
Windows Server 2003 x64 Edition SP2
Windows Server 2003 SP2 (Itanium)
Windows Server 2008 (32-bit)
Windows Server 2008 (32-bit) SP2
Windows Server 2008 (x64)
Windows Server 2008 (x64) SP2
Windows Server 2008 (Itanium)
Windows Server 2008 (Itanium) SP2
:: Impatto
Privilege elevation
:: Soluzioni
Installare manualmente la patch elencata nel bollettino Microsoft,
oppure utilizzare uno degli strumenti di aggiornamento come:
Aggiornamenti Automatici, Windows Update, Microsoft Update,
Windows Server Update Services, Systems Management Server.
:: Riferimenti
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/Bulletin/MS10-015.mspx
Microsoft Knowledge Base
http://support.microsoft.com/kb/977165
Microsoft Update e Aggiornamenti Automatici
http://go.microsoft.com/fwlink/?LinkID=40747
https://www.update.microsoft.com/microsoftupdate/v6/
http://support.microsoft.com/kb/306525/
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0232
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0233
Vupen Security
http://www.vupen.com/english/advisories/2010/0348
ISC SANS
http://isc.sans.org/diary.html?storyid=8197
-----BEGIN PGP SIGNATURE-----
iQCVAwUBS3PgQvOB+SpikaiRAQJyDwQAwC3+yocCFizsj0aD2vje9GVQVIohsYQd
gaGoobodTy5ozoSStelZZxvvnUycH7I8v3VhGBzb2kI+WPc1E+mciwnSJM3uxTQQ
hBGbNM7qGwusmhGylbBkB3JMfCeBkeP8GbvITfr/25CkJWOeF5mR5impPX6IGmOT
3aR3sISA99s=
=G3e1
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-10022
Data : 11 febbraio 2010
Titolo : MS10-015 Vulnerabilita' in Windows Kernel (977165)
******************************************************************
:: Descrizione del problema
Microsoft ha rilasciato un aggiornamento per risolvere due
vulnerabilita' presenti nel Kernel di Microsoft Windows.
Le vulnerabilita' potrebbero consentire la conquista di
permessi piu' elevati se un aggressore, in grado di connettersi
localmente, eseguisse un'applicazione artefatta.
:: Software interessato
Windows 2000 SP4
Windows XP SP2
Windows XP SP3
Windows XP Pro x64 Edition SP2
Windows Vista
Windows Vista SP1
Windows Vista SP2
Windows Vista x64 Edition
Windows Vista x64 Edition SP1
Windows Vista x64 Edition SP2
Windows 7 (32-bit)
Windows Server 2003 SP2
Windows Server 2003 x64 Edition SP2
Windows Server 2003 SP2 (Itanium)
Windows Server 2008 (32-bit)
Windows Server 2008 (32-bit) SP2
Windows Server 2008 (x64)
Windows Server 2008 (x64) SP2
Windows Server 2008 (Itanium)
Windows Server 2008 (Itanium) SP2
:: Impatto
Privilege elevation
:: Soluzioni
Installare manualmente la patch elencata nel bollettino Microsoft,
oppure utilizzare uno degli strumenti di aggiornamento come:
Aggiornamenti Automatici, Windows Update, Microsoft Update,
Windows Server Update Services, Systems Management Server.
:: Riferimenti
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/Bulletin/MS10-015.mspx
Microsoft Knowledge Base
http://support.microsoft.com/kb/977165
Microsoft Update e Aggiornamenti Automatici
http://go.microsoft.com/fwlink/?LinkID=40747
https://www.update.microsoft.com/microsoftupdate/v6/
http://support.microsoft.com/kb/306525/
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0232
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0233
Vupen Security
http://www.vupen.com/english/advisories/2010/0348
ISC SANS
http://isc.sans.org/diary.html?storyid=8197
-----BEGIN PGP SIGNATURE-----
iQCVAwUBS3PgQvOB+SpikaiRAQJyDwQAwC3+yocCFizsj0aD2vje9GVQVIohsYQd
gaGoobodTy5ozoSStelZZxvvnUycH7I8v3VhGBzb2kI+WPc1E+mciwnSJM3uxTQQ
hBGbNM7qGwusmhGylbBkB3JMfCeBkeP8GbvITfr/25CkJWOeF5mR5impPX6IGmOT
3aR3sISA99s=
=G3e1
-----END PGP SIGNATURE-----