Alert GCSA-08017 - MS08-010 Aggiornamento Cumulativo per Internet
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-08017
Data : 13 febbraio 2008
Titolo : MS08-010 Aggiornamento Cumulativo per Internet Explorer (944533)
******************************************************************
:: Descrizione del problema
Questo aggiornamento critico risolve quattro vulnerabilita'
relative ad Internet Explorer. La piu' grave di queste consente
l'esecuzione di codice da remoto se l'utente visita pagine web
malevole.
:: Software interessato
Internet Explorer 5.01
Internet Explorer 6 SP1
Internet Explorer 6
Internet Explorer 7
Windows 2000 SP4
Windows XP SP2
Windows XP Pro x64 Edition
Windows XP Pro x64 Edition SP2
Windows Server 2003 SP1
Windows Server 2003 SP2
Windows Server 2003 x64 Edition
Windows Server 2003 x64 Edition SP2
Windows Server 2003 with SP1 (Itanium)
Windows Server 2003 with SP2 (Itanium)
Windows Vista
Windows Vista x64 Edition
:: Impatto
Esecuzione remota di codice arbitrario
Denial of service
Conqusta del controllo completo sul sistema
:: Soluzioni
Installare manualmente la patch elencata nel bollettino Microsoft,
oppure utilizzare uno degli strumenti di aggiornamento come:
Aggiornamenti Automatici, Windows Update, Microsoft Update,
Windows Server Update Services.
:: Riferimenti
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/bulletin/MS08-010.mspx
Microsoft Knowledge Base
http://support.microsoft.com/kb/944533
Microsoft Update
https://update.microsoft.com/microsoftupdate/
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0076
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0077
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0078
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4790
Secunia advisories
http://secunia.com/advisories/28903/
FrSIRT
http://www.frsirt.com/english/advisories/2008/0512
ISC SANS Diary
http://isc.sans.org/diary.html?storyid=3973
CIAC
http://www.ciac.org/ciac/bulletins/s-176.shtml
iDefense Labs
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=661
ZDI
http://www.zerodayinitiative.com/advisories/ZDI-08-006.html
-----BEGIN PGP SIGNATURE-----
iQCVAwUBR7MckfOB+SpikaiRAQIUIQP/d7OoK4xah8j+Hn8WhjKzCves+FWAPmva
I5N8bMja424+uVo4wfK41rbYviYYdet4kr+7BLRqktOFwfNRuuV74g+rG5rZcyqB
VK0zdFA+a88oc1h1lyJP7z8QdjNqmpTtUxnTXlvKiHb8ZPFdhf2uCAIs0D3Pt+sB
OegjGywQUw8=
=eV2c
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-08017
Data : 13 febbraio 2008
Titolo : MS08-010 Aggiornamento Cumulativo per Internet Explorer (944533)
******************************************************************
:: Descrizione del problema
Questo aggiornamento critico risolve quattro vulnerabilita'
relative ad Internet Explorer. La piu' grave di queste consente
l'esecuzione di codice da remoto se l'utente visita pagine web
malevole.
:: Software interessato
Internet Explorer 5.01
Internet Explorer 6 SP1
Internet Explorer 6
Internet Explorer 7
Windows 2000 SP4
Windows XP SP2
Windows XP Pro x64 Edition
Windows XP Pro x64 Edition SP2
Windows Server 2003 SP1
Windows Server 2003 SP2
Windows Server 2003 x64 Edition
Windows Server 2003 x64 Edition SP2
Windows Server 2003 with SP1 (Itanium)
Windows Server 2003 with SP2 (Itanium)
Windows Vista
Windows Vista x64 Edition
:: Impatto
Esecuzione remota di codice arbitrario
Denial of service
Conqusta del controllo completo sul sistema
:: Soluzioni
Installare manualmente la patch elencata nel bollettino Microsoft,
oppure utilizzare uno degli strumenti di aggiornamento come:
Aggiornamenti Automatici, Windows Update, Microsoft Update,
Windows Server Update Services.
:: Riferimenti
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/bulletin/MS08-010.mspx
Microsoft Knowledge Base
http://support.microsoft.com/kb/944533
Microsoft Update
https://update.microsoft.com/microsoftupdate/
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0076
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0077
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0078
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4790
Secunia advisories
http://secunia.com/advisories/28903/
FrSIRT
http://www.frsirt.com/english/advisories/2008/0512
ISC SANS Diary
http://isc.sans.org/diary.html?storyid=3973
CIAC
http://www.ciac.org/ciac/bulletins/s-176.shtml
iDefense Labs
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=661
ZDI
http://www.zerodayinitiative.com/advisories/ZDI-08-006.html
-----BEGIN PGP SIGNATURE-----
iQCVAwUBR7MckfOB+SpikaiRAQIUIQP/d7OoK4xah8j+Hn8WhjKzCves+FWAPmva
I5N8bMja424+uVo4wfK41rbYviYYdet4kr+7BLRqktOFwfNRuuV74g+rG5rZcyqB
VK0zdFA+a88oc1h1lyJP7z8QdjNqmpTtUxnTXlvKiHb8ZPFdhf2uCAIs0D3Pt+sB
OegjGywQUw8=
=eV2c
-----END PGP SIGNATURE-----