Alert GCSA-09047 - Vulnerabilita' in Windows Kernel (MS09-025)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-09047
Data : 11 giugno 2009
Titolo : Vulnerabilita' in Windows Kernel (MS09-025)
******************************************************************
:: Descrizione del problema
Il bolletino di sicurezza Microsoft MS09-025 risolve due
vulnerabilita' presenti nel Kernel dei sistemi Microsoft Windows che
potrebbero essere sfruttate da utenti locali malevoli per ottenere
privilegi superiori.
:: Sistemi operativi interessati
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows Server 2008
Microsoft Windows Storage Server 2003
Microsoft Windows Vista
Microsoft Windows XP Home Edition
Microsoft Windows XP Professional
:: Impatto
Esecuzione di codice arbitrario
Ottenimento di privilegi superiori
:: Soluzioni
Installare manualmente la patch elencata nel bollettino Microsoft,
oppure utilizzare uno degli strumenti di aggiornamento come:
Aggiornamenti Automatici, Windows Update, Microsoft Update,
Windows Server Update Services.
:: Riferimenti
Microsoft Security Bulletin MS09-025 - Important
http://www.microsoft.com/technet/security/bulletin/ms09-025.mspx
US-CERT - Technical Cyber Security Alert TA09-160A
http://www.us-cert.gov/cas/techalerts/TA09-160A.html
Secunia - Microsoft Windows Kernel Privilege Escalation Vulnerabilities
http://secunia.com/advisories/35372/
Securityfocus
http://www.securityfocus.com/bid/35121
http://www.securityfocus.com/bid/35238
http://www.securityfocus.com/bid/35240
http://www.securityfocus.com/bid/35120
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1123
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1124
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1125
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1126
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSjDlzvOB+SpikaiRAQLSdgQAvopxPz3h+9D4fe5Xn+OxBNjhsRllcv9U
mJmKTRP3ZcZI9KM2W9SLRX4b6dPb7cEqBkfXjNL+ndIdECgJeXlBS2UcZNuhY4fU
pXqnIGPhYiEymQMkPTyvxlaZpMoyXh6YI2knsmgqVIsQ9G4GIWwxErfdGgIH1IkU
TghGfvSaimg=
=UhjD
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-09047
Data : 11 giugno 2009
Titolo : Vulnerabilita' in Windows Kernel (MS09-025)
******************************************************************
:: Descrizione del problema
Il bolletino di sicurezza Microsoft MS09-025 risolve due
vulnerabilita' presenti nel Kernel dei sistemi Microsoft Windows che
potrebbero essere sfruttate da utenti locali malevoli per ottenere
privilegi superiori.
:: Sistemi operativi interessati
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows Server 2008
Microsoft Windows Storage Server 2003
Microsoft Windows Vista
Microsoft Windows XP Home Edition
Microsoft Windows XP Professional
:: Impatto
Esecuzione di codice arbitrario
Ottenimento di privilegi superiori
:: Soluzioni
Installare manualmente la patch elencata nel bollettino Microsoft,
oppure utilizzare uno degli strumenti di aggiornamento come:
Aggiornamenti Automatici, Windows Update, Microsoft Update,
Windows Server Update Services.
:: Riferimenti
Microsoft Security Bulletin MS09-025 - Important
http://www.microsoft.com/technet/security/bulletin/ms09-025.mspx
US-CERT - Technical Cyber Security Alert TA09-160A
http://www.us-cert.gov/cas/techalerts/TA09-160A.html
Secunia - Microsoft Windows Kernel Privilege Escalation Vulnerabilities
http://secunia.com/advisories/35372/
Securityfocus
http://www.securityfocus.com/bid/35121
http://www.securityfocus.com/bid/35238
http://www.securityfocus.com/bid/35240
http://www.securityfocus.com/bid/35120
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1123
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1124
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1125
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1126
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSjDlzvOB+SpikaiRAQLSdgQAvopxPz3h+9D4fe5Xn+OxBNjhsRllcv9U
mJmKTRP3ZcZI9KM2W9SLRX4b6dPb7cEqBkfXjNL+ndIdECgJeXlBS2UcZNuhY4fU
pXqnIGPhYiEymQMkPTyvxlaZpMoyXh6YI2knsmgqVIsQ9G4GIWwxErfdGgIH1IkU
TghGfvSaimg=
=UhjD
-----END PGP SIGNATURE-----