Alert GCSA-13031 - Bollettino di Sicurezza Microsoft Maggio 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-13031
Data : 16 Maggio 2013
Titolo : Bollettino di Sicurezza Microsoft Maggio 2013
******************************************************************
:: Descrizione del problema
Microsoft ha rilasciato 10 bollettini di sicurezza relativi
a vulnerabilita' presenti nei sistemi operativi e applicazioni
Windows:
MS13-037 Aggiornamento cumulativo per la protezione di Internet Explorer
(2829530)
MS13-038 Aggiornamento per la protezione di Internet Explorer (2847204)
MS13-039 Una vulnerabilita' in HTTP.sys puo' consentire un attacco di tipo
Denial of Service (2829254)
MS13-040 Alcune vulnerabilita' in .NET Framework possono consentire lo
spoofing (2836440)
MS13-041 Una vulnerabilita' in Lync puo' consentire l'esecuzione di codice
in modalita' remota (2834695)
MS13-042 Alcune vulnerabilita' in Microsoft Publisher possono consentire
l'esecuzione di codice in modalita' remota (2830397)
MS13-043 Una vulnerabilita' in Microsoft Word puo' consentire l'esecuzione
di codice in modalita' remota (2830399)
MS13-044 Una vulnerabilita' in Microsoft Visio puo' consentire
l'intercettazione di informazioni personali (2834692)
MS13-045 Una vulnerabilita' in Windows Essentials puo' consentire
l'intercettazione di informazioni personali (2813707)
MS13-046 Alcune vulnerabilita' nei driver in modalita' kernel possono
consentire l'acquisizione di privilegi pia' elevati (2840221)
Maggiori dettagli sono disponibili nella segnalazioni ufficiali
alla sezione "Riferimenti".
:: Software interessato
Microsoft Windows
Microsoft Internet Explorer
Microsoft Office
Microsoft Server Software
Microsoft Security Software
:: Impatto
Esecuzione di codice in modalita' remota
Acquisizione di privilegi piu' elevati
Elusione della funzione di protezione
Attacco di tipo Denial of Service
:: Soluzioni
Installare manualmente le patch indicate nei bollettini Microsoft,
oppure utilizzare uno degli strumenti di aggiornamento come:
Aggiornamenti Automatici, Windows Update, Microsoft Update,
Windows Server Update Services, Systems Management Server.
:: Riferimenti
Riepilogo dei bollettini Microsoft sulla sicurezza - Aprile 2013
http://technet.microsoft.com/it-it/security/bulletin/ms13-may
Bollettini Microsoft sulla sicurezza
https://technet.microsoft.com/it-it/security/bulletin/ms13-037
https://technet.microsoft.com/it-it/security/bulletin/ms13-038
https://technet.microsoft.com/it-it/security/bulletin/ms13-039
https://technet.microsoft.com/it-it/security/bulletin/ms13-040
https://technet.microsoft.com/it-it/security/bulletin/ms13-041
https://technet.microsoft.com/it-it/security/bulletin/ms13-042
https://technet.microsoft.com/it-it/security/bulletin/ms13-043
https://technet.microsoft.com/it-it/security/bulletin/ms13-044
https://technet.microsoft.com/it-it/security/bulletin/ms13-045
https://technet.microsoft.com/it-it/security/bulletin/ms13-046
Microsoft Update
http://windowsupdate.microsoft.com
https://www.update.microsoft.com/
http://support.microsoft.com/kb/294871
Mitre CVE
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0811
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1297
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1306
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1307
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1308
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1309
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1310
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1311
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1312
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1313
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2551
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1347
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1305
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1336
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1337
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1302
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1316
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1317
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1318
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1319
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1320
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1321
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1322
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1323
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1327
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1328
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1329
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1335
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1301
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0096
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1332
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1333
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1334
SANS ISC Diary
https://isc.sans.edu/diary/Microsoft+May+2013+Black+Tuesday+Overview/15791
US-CERT Alert TA13-134A
http://www.us-cert.gov/ncas/alerts/TA13-134A
GARR CERT Newsletter subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAlGUllYACgkQwZxMk2USYELkfQCeI+IVo/dVsDZyOZeGvEnrwrLi
sUEAnAzF+8UGjlGiK408FVVs+y/WOjdK
=qHfz
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-13031
Data : 16 Maggio 2013
Titolo : Bollettino di Sicurezza Microsoft Maggio 2013
******************************************************************
:: Descrizione del problema
Microsoft ha rilasciato 10 bollettini di sicurezza relativi
a vulnerabilita' presenti nei sistemi operativi e applicazioni
Windows:
MS13-037 Aggiornamento cumulativo per la protezione di Internet Explorer
(2829530)
MS13-038 Aggiornamento per la protezione di Internet Explorer (2847204)
MS13-039 Una vulnerabilita' in HTTP.sys puo' consentire un attacco di tipo
Denial of Service (2829254)
MS13-040 Alcune vulnerabilita' in .NET Framework possono consentire lo
spoofing (2836440)
MS13-041 Una vulnerabilita' in Lync puo' consentire l'esecuzione di codice
in modalita' remota (2834695)
MS13-042 Alcune vulnerabilita' in Microsoft Publisher possono consentire
l'esecuzione di codice in modalita' remota (2830397)
MS13-043 Una vulnerabilita' in Microsoft Word puo' consentire l'esecuzione
di codice in modalita' remota (2830399)
MS13-044 Una vulnerabilita' in Microsoft Visio puo' consentire
l'intercettazione di informazioni personali (2834692)
MS13-045 Una vulnerabilita' in Windows Essentials puo' consentire
l'intercettazione di informazioni personali (2813707)
MS13-046 Alcune vulnerabilita' nei driver in modalita' kernel possono
consentire l'acquisizione di privilegi pia' elevati (2840221)
Maggiori dettagli sono disponibili nella segnalazioni ufficiali
alla sezione "Riferimenti".
:: Software interessato
Microsoft Windows
Microsoft Internet Explorer
Microsoft Office
Microsoft Server Software
Microsoft Security Software
:: Impatto
Esecuzione di codice in modalita' remota
Acquisizione di privilegi piu' elevati
Elusione della funzione di protezione
Attacco di tipo Denial of Service
:: Soluzioni
Installare manualmente le patch indicate nei bollettini Microsoft,
oppure utilizzare uno degli strumenti di aggiornamento come:
Aggiornamenti Automatici, Windows Update, Microsoft Update,
Windows Server Update Services, Systems Management Server.
:: Riferimenti
Riepilogo dei bollettini Microsoft sulla sicurezza - Aprile 2013
http://technet.microsoft.com/it-it/security/bulletin/ms13-may
Bollettini Microsoft sulla sicurezza
https://technet.microsoft.com/it-it/security/bulletin/ms13-037
https://technet.microsoft.com/it-it/security/bulletin/ms13-038
https://technet.microsoft.com/it-it/security/bulletin/ms13-039
https://technet.microsoft.com/it-it/security/bulletin/ms13-040
https://technet.microsoft.com/it-it/security/bulletin/ms13-041
https://technet.microsoft.com/it-it/security/bulletin/ms13-042
https://technet.microsoft.com/it-it/security/bulletin/ms13-043
https://technet.microsoft.com/it-it/security/bulletin/ms13-044
https://technet.microsoft.com/it-it/security/bulletin/ms13-045
https://technet.microsoft.com/it-it/security/bulletin/ms13-046
Microsoft Update
http://windowsupdate.microsoft.com
https://www.update.microsoft.com/
http://support.microsoft.com/kb/294871
Mitre CVE
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0811
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1297
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1306
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1307
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1308
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1309
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1310
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1311
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1312
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1313
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2551
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1347
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1305
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1336
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1337
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1302
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1316
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1317
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1318
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1319
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1320
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1321
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1322
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1323
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1327
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1328
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1329
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1335
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1301
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0096
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1332
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1333
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1334
SANS ISC Diary
https://isc.sans.edu/diary/Microsoft+May+2013+Black+Tuesday+Overview/15791
US-CERT Alert TA13-134A
http://www.us-cert.gov/ncas/alerts/TA13-134A
GARR CERT Newsletter subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAlGUllYACgkQwZxMk2USYELkfQCeI+IVo/dVsDZyOZeGvEnrwrLi
sUEAnAzF+8UGjlGiK408FVVs+y/WOjdK
=qHfz
-----END PGP SIGNATURE-----