Alert GCSA-17077 - Microsoft Security Update Dicembre 2017
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-17077
Data: 13 Dicembre 2017
Titolo: Microsoft Security Update Dicembre 2017
******************************************************************
:: Descrizione del problema
Microsoft ha rilasciato nuovi aggiornamenti mirati a risolvere
le vulnerabilità presenti nei sistemi operativi Windows e in vari
software applicativi.
Un attaccante remoto potrebbe sfruttare le vulnerabilità per
prendere il controllo del sistema affetto.
E' stato inoltre rilasciato l'Avviso di sicurezza 4056318
"Guidance for securing AD DS account used by Azure AD Connect
for directory synchronization"
Maggiori dettagli sono disponibili nella segnalazione
ufficiale alla sezione "Riferimenti".
:: Software interessato
Internet Explorer
Microsoft Edge
Microsoft Windows
Microsoft Office and Microsoft Office Services and Web Apps
Microsoft Exchange Server
ChakraCore
Microsoft Malware Protection Engine
:: Impatto
Esecuzione di codice arbitrario
Accesso al sistema
Accesso con privilegi utente
Information Disclosure
Modifica di informazioni utente e di sistema
:: Soluzioni
Per default l'installazione degli aggiornamenti avviene in
maniera automatica.
Windows Update domande frequenti
https://support.microsoft.com/it-it/help/12373/windows-update-faq
Ulteriori dettagli e known issues nella sezione "Release Notes":
https://portal.msrc.microsoft.com/en-us/security-guidance
:: Riferimenti
Microsoft Security Update Summary
https://portal.msrc.microsoft.com/en-us/security-guidance/summary
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/c383fa60-b852-e711-80dd-000d3a32f9b6
Microsoft Security Advisories
https://technet.microsoft.com/library/security/4056318
Securitytracker
https://www.securitytracker.com/id/1039998
https://www.securitytracker.com/id/1039997
https://www.securitytracker.com/id/1039996
https://www.securitytracker.com/id/1039995
https://www.securitytracker.com/id/1039994
https://www.securitytracker.com/id/1039993
https://www.securitytracker.com/id/1039992
https://www.securitytracker.com/id/1039991
https://www.securitytracker.com/id/1039990
https://www.securitytracker.com/id/1039989
https://www.securitytracker.com/id/1039988
https://www.securitytracker.com/id/1039987
SANS ISC
https://isc.sans.edu/forums/diary/December+Microsoft+Patch+Tuesday+Summary/23123/
Mitre CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11885
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11889
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11890
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11893
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11895
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11899
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11901
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11903
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11906
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11908
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11909
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11910
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11911
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11912
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11913
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11914
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11918
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11927
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11930
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11932
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11937
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11886
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11887
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11888
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11894
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11907
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11905
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11916
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11919
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11934
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11935
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11936
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11939
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11940
GARR CERT Newsletter subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAloxKMAACgkQwZxMk2USYEKYNgCcDodGCqIqScmfbP9YYFolNH2/
rVEAnjuC1crWafJH2O32BNWrZsFb79tz
=9XDX
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-17077
Data: 13 Dicembre 2017
Titolo: Microsoft Security Update Dicembre 2017
******************************************************************
:: Descrizione del problema
Microsoft ha rilasciato nuovi aggiornamenti mirati a risolvere
le vulnerabilità presenti nei sistemi operativi Windows e in vari
software applicativi.
Un attaccante remoto potrebbe sfruttare le vulnerabilità per
prendere il controllo del sistema affetto.
E' stato inoltre rilasciato l'Avviso di sicurezza 4056318
"Guidance for securing AD DS account used by Azure AD Connect
for directory synchronization"
Maggiori dettagli sono disponibili nella segnalazione
ufficiale alla sezione "Riferimenti".
:: Software interessato
Internet Explorer
Microsoft Edge
Microsoft Windows
Microsoft Office and Microsoft Office Services and Web Apps
Microsoft Exchange Server
ChakraCore
Microsoft Malware Protection Engine
:: Impatto
Esecuzione di codice arbitrario
Accesso al sistema
Accesso con privilegi utente
Information Disclosure
Modifica di informazioni utente e di sistema
:: Soluzioni
Per default l'installazione degli aggiornamenti avviene in
maniera automatica.
Windows Update domande frequenti
https://support.microsoft.com/it-it/help/12373/windows-update-faq
Ulteriori dettagli e known issues nella sezione "Release Notes":
https://portal.msrc.microsoft.com/en-us/security-guidance
:: Riferimenti
Microsoft Security Update Summary
https://portal.msrc.microsoft.com/en-us/security-guidance/summary
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/c383fa60-b852-e711-80dd-000d3a32f9b6
Microsoft Security Advisories
https://technet.microsoft.com/library/security/4056318
Securitytracker
https://www.securitytracker.com/id/1039998
https://www.securitytracker.com/id/1039997
https://www.securitytracker.com/id/1039996
https://www.securitytracker.com/id/1039995
https://www.securitytracker.com/id/1039994
https://www.securitytracker.com/id/1039993
https://www.securitytracker.com/id/1039992
https://www.securitytracker.com/id/1039991
https://www.securitytracker.com/id/1039990
https://www.securitytracker.com/id/1039989
https://www.securitytracker.com/id/1039988
https://www.securitytracker.com/id/1039987
SANS ISC
https://isc.sans.edu/forums/diary/December+Microsoft+Patch+Tuesday+Summary/23123/
Mitre CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11885
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11889
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11890
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11893
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11895
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11899
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11901
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11903
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11906
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11908
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11909
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11910
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11911
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11912
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11913
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11914
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11918
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11927
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11930
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11932
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11937
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11886
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11887
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11888
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11894
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11907
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11905
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11916
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11919
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11934
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11935
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11936
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11939
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11940
GARR CERT Newsletter subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAloxKMAACgkQwZxMk2USYEKYNgCcDodGCqIqScmfbP9YYFolNH2/
rVEAnjuC1crWafJH2O32BNWrZsFb79tz
=9XDX
-----END PGP SIGNATURE-----