Alert GCSA-12067 - Microsoft Security Bullettin November 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-12067
Data : 15 Novembre 2012
Titolo : Microsoft Security Bullettin November 2012
******************************************************************
:: Descrizione del problema
Microsoft ha rilasciato 6 bollettini di sicurezza relativi
a vulnerabilita' presenti nei sistemi operativi Windows
e in altre applicazioni:
MS12-071 Aggiornamento cumulativo per la protezione di Internet Explorer (2761451)
MS12-072 Vulnerabilita' nella Shell di Windows (2727528)
MS12-073 Vulnerabilita' in Microsoft Internet Information Services (IIS) (2733829)
MS12-074 Vulnerabilita' in .NET Framework (2745030)
MS12-075 vulnerabilita' nei driver in modalita' kernel di Windows (2761226)
MS12-076 Vulnerabilita' in Excel (2720184)
Maggiori dettagli sono disponibili nella segnalazioni ufficiali
alla sezione "Riferimenti".
:: Software interessato
Internet Explorer 9
Windows XP SP3
Windows XP Pro x64 Edition SP2
Windows Server 2003 SP2
Windows Server 2003 x64 Edition SP2
Windows Server 2003 with SP2 per Itanium-based Systems
Windows Vista SP2
Windows Vista x64 Edition SP2
Windows Server 2008 per 32-bit Systems SP2
Windows Server 2008 per x64-based Systems SP2
Windows Server 2008 per Itanium-based Systems SP2
Windows 7 per 32-bit Systems e SP1
Windows 7 per x64-based Systems e SP1
Windows Server 2008 R2 per x64-based Systems e SP1
Windows Server 2008 R2 per Itanium-based Systems e SP1
Windows 8 per 32-bit e 64-bit Systems
Windows Server 2012
Windows RT
Microsoft .NET Framework 1.0 SP3
Microsoft .NET Framework 1.1 SP1
Microsoft .NET Framework 2.0 SP2
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4
Microsoft .NET Framework 4.5
Excel 2003 SP3
Excel 2007 SP2 e SP3
Excel 2010 SP1 (32-bit e 64-bit editions)
Office 2008 per Mac
Office per Mac 2011
Excel Viewer
Office Compatibility Pack SP2 e SP3
Microsoft FTP Service 7.0 per IIS 7.0
Microsoft FTP Service 7.5 per IIS 7.0
Microsoft FTP Service 7.5 per IIS 7.5
Internet Information Services 7.5
:: Impatto
Esecuzione remota di codice arbitrario
Esposizione di dati sensibili
:: Soluzioni
Installare manualmente le patch indicate nei bollettini Microsoft,
oppure utilizzare uno degli strumenti di aggiornamento come:
Aggiornamenti Automatici, Windows Update, Microsoft Update,
Windows Server Update Services, Systems Management Server.
:: Riferimenti
Riepilogo dei bollettini Microsoft sulla sicurezza - novembre 2012
http://technet.microsoft.com/it-it/security/bulletin/ms12-nov
Bollettini Microsoft sulla sicurezza
http://technet.microsoft.com/it-it/security/bulletin/ms12-071
http://technet.microsoft.com/it-it/security/bulletin/ms12-072
http://technet.microsoft.com/it-it/security/bulletin/ms12-073
http://technet.microsoft.com/it-it/security/bulletin/ms12-074
http://technet.microsoft.com/it-it/security/bulletin/ms12-075
http://technet.microsoft.com/it-it/security/bulletin/ms12-076
Microsoft Knowledge Base
http://support.microsoft.com/kb/2761451
http://support.microsoft.com/kb/2727528
http://support.microsoft.com/kb/2733829
http://support.microsoft.com/kb/2745030
http://support.microsoft.com/kb/2761226
http://support.microsoft.com/kb/2720184
Microsoft Update
http://windowsupdate.microsoft.com
https://www.update.microsoft.com/
http://support.microsoft.com/kb/294871
Mitre CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1538
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1539
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4775
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1527
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1528
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2531
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2532
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1895
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1896
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2519
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4776
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4777
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2530
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2553
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2897
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1885
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1886
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1887
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2543
SANS ISC Diary
http://isc.sans.edu/diary.html?storyid=14503
-----BEGIN PGP SIGNATURE-----
iD8DBQFQpMnEwZxMk2USYEIRAgbTAKCnyF9ofy2VP8KlOaR0N75UP8s0bACfXlgu
iw6PF/gJXskmRYVv/FcDCjo=
=g/ni
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-12067
Data : 15 Novembre 2012
Titolo : Microsoft Security Bullettin November 2012
******************************************************************
:: Descrizione del problema
Microsoft ha rilasciato 6 bollettini di sicurezza relativi
a vulnerabilita' presenti nei sistemi operativi Windows
e in altre applicazioni:
MS12-071 Aggiornamento cumulativo per la protezione di Internet Explorer (2761451)
MS12-072 Vulnerabilita' nella Shell di Windows (2727528)
MS12-073 Vulnerabilita' in Microsoft Internet Information Services (IIS) (2733829)
MS12-074 Vulnerabilita' in .NET Framework (2745030)
MS12-075 vulnerabilita' nei driver in modalita' kernel di Windows (2761226)
MS12-076 Vulnerabilita' in Excel (2720184)
Maggiori dettagli sono disponibili nella segnalazioni ufficiali
alla sezione "Riferimenti".
:: Software interessato
Internet Explorer 9
Windows XP SP3
Windows XP Pro x64 Edition SP2
Windows Server 2003 SP2
Windows Server 2003 x64 Edition SP2
Windows Server 2003 with SP2 per Itanium-based Systems
Windows Vista SP2
Windows Vista x64 Edition SP2
Windows Server 2008 per 32-bit Systems SP2
Windows Server 2008 per x64-based Systems SP2
Windows Server 2008 per Itanium-based Systems SP2
Windows 7 per 32-bit Systems e SP1
Windows 7 per x64-based Systems e SP1
Windows Server 2008 R2 per x64-based Systems e SP1
Windows Server 2008 R2 per Itanium-based Systems e SP1
Windows 8 per 32-bit e 64-bit Systems
Windows Server 2012
Windows RT
Microsoft .NET Framework 1.0 SP3
Microsoft .NET Framework 1.1 SP1
Microsoft .NET Framework 2.0 SP2
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4
Microsoft .NET Framework 4.5
Excel 2003 SP3
Excel 2007 SP2 e SP3
Excel 2010 SP1 (32-bit e 64-bit editions)
Office 2008 per Mac
Office per Mac 2011
Excel Viewer
Office Compatibility Pack SP2 e SP3
Microsoft FTP Service 7.0 per IIS 7.0
Microsoft FTP Service 7.5 per IIS 7.0
Microsoft FTP Service 7.5 per IIS 7.5
Internet Information Services 7.5
:: Impatto
Esecuzione remota di codice arbitrario
Esposizione di dati sensibili
:: Soluzioni
Installare manualmente le patch indicate nei bollettini Microsoft,
oppure utilizzare uno degli strumenti di aggiornamento come:
Aggiornamenti Automatici, Windows Update, Microsoft Update,
Windows Server Update Services, Systems Management Server.
:: Riferimenti
Riepilogo dei bollettini Microsoft sulla sicurezza - novembre 2012
http://technet.microsoft.com/it-it/security/bulletin/ms12-nov
Bollettini Microsoft sulla sicurezza
http://technet.microsoft.com/it-it/security/bulletin/ms12-071
http://technet.microsoft.com/it-it/security/bulletin/ms12-072
http://technet.microsoft.com/it-it/security/bulletin/ms12-073
http://technet.microsoft.com/it-it/security/bulletin/ms12-074
http://technet.microsoft.com/it-it/security/bulletin/ms12-075
http://technet.microsoft.com/it-it/security/bulletin/ms12-076
Microsoft Knowledge Base
http://support.microsoft.com/kb/2761451
http://support.microsoft.com/kb/2727528
http://support.microsoft.com/kb/2733829
http://support.microsoft.com/kb/2745030
http://support.microsoft.com/kb/2761226
http://support.microsoft.com/kb/2720184
Microsoft Update
http://windowsupdate.microsoft.com
https://www.update.microsoft.com/
http://support.microsoft.com/kb/294871
Mitre CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1538
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1539
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4775
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1527
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1528
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2531
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2532
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1895
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1896
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2519
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4776
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4777
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2530
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2553
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2897
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1885
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1886
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1887
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2543
SANS ISC Diary
http://isc.sans.edu/diary.html?storyid=14503
-----BEGIN PGP SIGNATURE-----
iD8DBQFQpMnEwZxMk2USYEIRAgbTAKCnyF9ofy2VP8KlOaR0N75UP8s0bACfXlgu
iw6PF/gJXskmRYVv/FcDCjo=
=g/ni
-----END PGP SIGNATURE-----