AGGIORNAMENTO Alert GCSA-09062 - Vulnerabilita' in Visual Studio
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : AGGIORNAMENTO Alert GCSA-09062
Data : 12 agosto 2009
Titolo : Vulnerabilita' in Visual Studio Active Template Library (MS09-035)
******************************************************************
:: Descrizione del problema
E' stato rilasciata una revisione del bollettino di sicurezza Microsoft
MS09-035.
La revisione consiste in nuovi aggiornamenti per correggere la vulnerabilita'
in oggetto, relativamente ai sistemi di seguito riportati, ed e' rivolta agli
sviluppatori che utilizzano Visual Studio per creare componenti e controlli
per applicazioni mobili usando ATL for Smart Devices:
:: Software interessato
Microsoft Visual Studio 2005 Service Pack 1 (KB973673)
Microsoft Visual Studio 2008 (KB973674)
Microsoft Visual Studio 2008 Service Pack 1 (KB973675)
:: Soluzioni
Applicare gli aggiornamenti rilasciati da Microsoft:
http://www.microsoft.com/technet/security/Bulletin/MS09-035.mspx
:: Riferimenti
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/bulletin/MS09-035.mspx
Microsoft Knowledge Base
http://support.microsoft.com/kb/969706
Microsoft Update
https://update.microsoft.com/microsoftupdate/
Microsoft Security Advisory (973882)
http://www.microsoft.com/technet/security/advisory/973882.mspx
Microsoft Blogs
http://blogs.technet.com/msrc/archive/2009/07/28/microsoft-security-advisory-973882-microsoft-security-bulletins-ms09-034-and-ms09-035-released.aspx
http://blogs.technet.com/srd/archive/2009/07/28/overview-of-the-out-of-band-release.aspx
http://blogs.technet.com/bluehat/archive/2009/07/27/black-hat-usa-atl-killbit-bypass.aspx
http://blogs.msdn.com/sdl/archive/2009/07/28/atl-ms09-035-and-the-sdl.aspx
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0901
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2493
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2495
Vupen Security
http://www.vupen.com/english/advisories/2009/2034
Adobe PSIRT
http://blogs.adobe.com/psirt/2009/07/impact_of_microsoft_atl_vulner.html
Cisco Security Advisory
http://www.cisco.com/warp/public/707/cisco-sa-20090728-activex.shtml
Securityfocus Bugtraq ID
http://www.securityfocus.com/bid/35832
http://www.securityfocus.com/bid/35828
http://www.securityfocus.com/bid/35830
US-CERT
http://www.us-cert.gov/cas/techalerts/TA09-209A.html
http://www.kb.cert.org/vuls/id/456745
http://www.kb.cert.org/vuls/id/180513
ISC SANS Diary
http://isc.sans.org/diary.html?storyid=6874
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSoLK8/OB+SpikaiRAQKOOgP+NOU1hSBYgsfwTMqJyyvAu5iNWoMN6vcX
a63vSAmxldoXOGjO6AlwFEJp7mnOrbBbDfb2QXRHNcReuv3ovJY7rQZosdYzjiCv
lXhkUuCGmOOOGBn7z2+NXKQC9NMDCw0Y7aBV9eFl9yz4PKkrCksTZqm+KxlyToOS
ZbRCbh5MzIE=
=zMmX
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : AGGIORNAMENTO Alert GCSA-09062
Data : 12 agosto 2009
Titolo : Vulnerabilita' in Visual Studio Active Template Library (MS09-035)
******************************************************************
:: Descrizione del problema
E' stato rilasciata una revisione del bollettino di sicurezza Microsoft
MS09-035.
La revisione consiste in nuovi aggiornamenti per correggere la vulnerabilita'
in oggetto, relativamente ai sistemi di seguito riportati, ed e' rivolta agli
sviluppatori che utilizzano Visual Studio per creare componenti e controlli
per applicazioni mobili usando ATL for Smart Devices:
:: Software interessato
Microsoft Visual Studio 2005 Service Pack 1 (KB973673)
Microsoft Visual Studio 2008 (KB973674)
Microsoft Visual Studio 2008 Service Pack 1 (KB973675)
:: Soluzioni
Applicare gli aggiornamenti rilasciati da Microsoft:
http://www.microsoft.com/technet/security/Bulletin/MS09-035.mspx
:: Riferimenti
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/bulletin/MS09-035.mspx
Microsoft Knowledge Base
http://support.microsoft.com/kb/969706
Microsoft Update
https://update.microsoft.com/microsoftupdate/
Microsoft Security Advisory (973882)
http://www.microsoft.com/technet/security/advisory/973882.mspx
Microsoft Blogs
http://blogs.technet.com/msrc/archive/2009/07/28/microsoft-security-advisory-973882-microsoft-security-bulletins-ms09-034-and-ms09-035-released.aspx
http://blogs.technet.com/srd/archive/2009/07/28/overview-of-the-out-of-band-release.aspx
http://blogs.technet.com/bluehat/archive/2009/07/27/black-hat-usa-atl-killbit-bypass.aspx
http://blogs.msdn.com/sdl/archive/2009/07/28/atl-ms09-035-and-the-sdl.aspx
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0901
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2493
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2495
Vupen Security
http://www.vupen.com/english/advisories/2009/2034
Adobe PSIRT
http://blogs.adobe.com/psirt/2009/07/impact_of_microsoft_atl_vulner.html
Cisco Security Advisory
http://www.cisco.com/warp/public/707/cisco-sa-20090728-activex.shtml
Securityfocus Bugtraq ID
http://www.securityfocus.com/bid/35832
http://www.securityfocus.com/bid/35828
http://www.securityfocus.com/bid/35830
US-CERT
http://www.us-cert.gov/cas/techalerts/TA09-209A.html
http://www.kb.cert.org/vuls/id/456745
http://www.kb.cert.org/vuls/id/180513
ISC SANS Diary
http://isc.sans.org/diary.html?storyid=6874
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSoLK8/OB+SpikaiRAQKOOgP+NOU1hSBYgsfwTMqJyyvAu5iNWoMN6vcX
a63vSAmxldoXOGjO6AlwFEJp7mnOrbBbDfb2QXRHNcReuv3ovJY7rQZosdYzjiCv
lXhkUuCGmOOOGBn7z2+NXKQC9NMDCw0Y7aBV9eFl9yz4PKkrCksTZqm+KxlyToOS
ZbRCbh5MzIE=
=zMmX
-----END PGP SIGNATURE-----