Alert GCSA-15008 - Bollettino di Sicurezza Microsoft Febbraio 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-15008
Data: 12 Febbraio 2015
Titolo: Bollettino di Sicurezza Microsoft Febbraio 2015
******************************************************************
:: Descrizione del problema
Microsoft ha rilasciato 9 bollettini di sicurezza relativi a
vulnerabilita' presenti nei sistemi operativi Windows e in altre
applicazioni:
MS15-009 - Security Update for Internet Explorer (3034682)
MS15-010 - Vulnerabilities in Windows Kernel-Mode Driver Could
Allow Remote Code Execution (3036220)
MS15-011 - Vulnerability in Group Policy Could Allow Remote Code
Execution (3000483)
MS15-012 - Vulnerabilities in Microsoft Office Could Allow Remote
Code Execution (3032328)
MS15-013 - Vulnerability in Microsoft Office Could Allow Security
Feature Bypass (3033857)
MS15-014 - Vulnerability in Group Policy Could Allow Security
Feature Bypass (3004361)
MS15-015 - Vulnerability in Microsoft Windows Could Allow Elevation
of Privilege (3031432)
MS15-016 - Vulnerability in Microsoft Graphics Component Could Allow
Information Disclosure (3029944)
MS15-017 - Vulnerability in Virtual Machine Manager Could Allow
Elevation of Privilege (3035898)
e la revisione di un precedente bollettino:
MS14-083 - Vulnerabilities in Microsoft Excel Could Allow Remote
Code Execution (3017347)
E' inoltre stato rilasciato un nuovo Avviso di Sicurezza:
Update for Windows Command Line Auditing (3004375)
e la revisione di un precedente Avviso di Sicurezza:
Vulnerability in SSL 3.0 Could Allow Information Disclosure (3009008)
Maggiori dettagli sono disponibili nella segnalazioni ufficiali alla
sezione "Riferimenti".
:: Software interessato
Sistemi operativi:
Windows Server 2003
Windows Vista
Windows Server 2008
Windows Server 2008 R2
Windows 7
Windows 8 and Windows 8.1
Windows Server 2012 and Windows Server 2012 R2
Windows RT and Windows RT 8.1
Microsoft Server Software:
Microsoft System Center Virtual Machine Manager 2012 R2
Microsoft Office Suite:
Microsoft Office 2007
Microsoft Office 2010
Microsoft Office 2013 and Microsoft Office 2013 RT
Microsoft Office Services e Web Apps:
Microsoft SharePoint Server 2010
Microsoft Office Web Apps 2010
:: Impatto
Esecuzione di codice in modalita' remota
Esposizione di informazioni di autenticazione e di sistema
Escalation di privilegi
Security bypass
:: Soluzioni
Installare manualmente le patch indicate nei bollettini Microsoft,
oppure utilizzare uno degli strumenti di aggiornamento come:
Aggiornamenti Automatici, Windows Update, Microsoft Update,
Windows Server Update Services, Systems Management Server.
:: Riferimenti
Riepilogo dei bollettini Microsoft sulla sicurezza, Febbraio 2015
https://technet.microsoft.com/library/security/ms15-feb
MSRC January 2015 Updates
http://blogs.technet.com/b/msrc/archive/2015/02/10/february-2015-updates.aspx
Bollettini Microsoft sulla sicurezza
https://technet.microsoft.com/it-it/library/security/ms15-009
https://technet.microsoft.com/it-it/library/security/ms15-010
https://technet.microsoft.com/it-it/library/security/ms15-011
https://technet.microsoft.com/it-it/library/security/ms15-012
https://technet.microsoft.com/it-it/library/security/ms15-013
https://technet.microsoft.com/it-it/library/security/ms15-014
https://technet.microsoft.com/it-it/library/security/ms15-015
https://technet.microsoft.com/it-it/library/security/ms15-016
https://technet.microsoft.com/it-it/library/security/ms15-017
https://technet.microsoft.com/it-it/library/security/ms14-083
Microsoft Update
http://windowsupdate.microsoft.com
https://www.update.microsoft.com/
http://support.microsoft.com/kb/294871
Security Tracker
http://www.securitytracker.com/id/1031726
http://www.securitytracker.com/id/1031725
http://www.securitytracker.com/id/1031724
http://www.securitytracker.com/id/1031723
http://www.securitytracker.com/id/1031722
http://www.securitytracker.com/id/1031721
http://www.securitytracker.com/id/1031720
http://www.securitytracker.com/id/1031719
http://www.securitytracker.com/id/1031718
Mitre CVE
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8967
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0017
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0018
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0019
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0020
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0021
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0022
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0023
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0025
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0026
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0027
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0028
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0029
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0030
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0031
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0035
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0036
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0037
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0038
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0039
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0040
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0041
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0042
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0043
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0044
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0045
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0046
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0048
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0049
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0050
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0051
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0052
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0053
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0054
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0055
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0066
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0067
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0068
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0069
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0070
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0071
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0003
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0010
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0057
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0058
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0059
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0008
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0063
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0064
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0065
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6362
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0009
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0062
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0061
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0012
GARR CERT Security Alert - subscribe/unsubscribe: http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
iEYEARECAAYFAlTctqAACgkQwZxMk2USYEJ4SwCggjOlAL1fj8wEtSnw8dNory8q
gPoAoK24RFqgOczHQzpHwr1KDqb5HUBJ
=OO3e
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-15008
Data: 12 Febbraio 2015
Titolo: Bollettino di Sicurezza Microsoft Febbraio 2015
******************************************************************
:: Descrizione del problema
Microsoft ha rilasciato 9 bollettini di sicurezza relativi a
vulnerabilita' presenti nei sistemi operativi Windows e in altre
applicazioni:
MS15-009 - Security Update for Internet Explorer (3034682)
MS15-010 - Vulnerabilities in Windows Kernel-Mode Driver Could
Allow Remote Code Execution (3036220)
MS15-011 - Vulnerability in Group Policy Could Allow Remote Code
Execution (3000483)
MS15-012 - Vulnerabilities in Microsoft Office Could Allow Remote
Code Execution (3032328)
MS15-013 - Vulnerability in Microsoft Office Could Allow Security
Feature Bypass (3033857)
MS15-014 - Vulnerability in Group Policy Could Allow Security
Feature Bypass (3004361)
MS15-015 - Vulnerability in Microsoft Windows Could Allow Elevation
of Privilege (3031432)
MS15-016 - Vulnerability in Microsoft Graphics Component Could Allow
Information Disclosure (3029944)
MS15-017 - Vulnerability in Virtual Machine Manager Could Allow
Elevation of Privilege (3035898)
e la revisione di un precedente bollettino:
MS14-083 - Vulnerabilities in Microsoft Excel Could Allow Remote
Code Execution (3017347)
E' inoltre stato rilasciato un nuovo Avviso di Sicurezza:
Update for Windows Command Line Auditing (3004375)
e la revisione di un precedente Avviso di Sicurezza:
Vulnerability in SSL 3.0 Could Allow Information Disclosure (3009008)
Maggiori dettagli sono disponibili nella segnalazioni ufficiali alla
sezione "Riferimenti".
:: Software interessato
Sistemi operativi:
Windows Server 2003
Windows Vista
Windows Server 2008
Windows Server 2008 R2
Windows 7
Windows 8 and Windows 8.1
Windows Server 2012 and Windows Server 2012 R2
Windows RT and Windows RT 8.1
Microsoft Server Software:
Microsoft System Center Virtual Machine Manager 2012 R2
Microsoft Office Suite:
Microsoft Office 2007
Microsoft Office 2010
Microsoft Office 2013 and Microsoft Office 2013 RT
Microsoft Office Services e Web Apps:
Microsoft SharePoint Server 2010
Microsoft Office Web Apps 2010
:: Impatto
Esecuzione di codice in modalita' remota
Esposizione di informazioni di autenticazione e di sistema
Escalation di privilegi
Security bypass
:: Soluzioni
Installare manualmente le patch indicate nei bollettini Microsoft,
oppure utilizzare uno degli strumenti di aggiornamento come:
Aggiornamenti Automatici, Windows Update, Microsoft Update,
Windows Server Update Services, Systems Management Server.
:: Riferimenti
Riepilogo dei bollettini Microsoft sulla sicurezza, Febbraio 2015
https://technet.microsoft.com/library/security/ms15-feb
MSRC January 2015 Updates
http://blogs.technet.com/b/msrc/archive/2015/02/10/february-2015-updates.aspx
Bollettini Microsoft sulla sicurezza
https://technet.microsoft.com/it-it/library/security/ms15-009
https://technet.microsoft.com/it-it/library/security/ms15-010
https://technet.microsoft.com/it-it/library/security/ms15-011
https://technet.microsoft.com/it-it/library/security/ms15-012
https://technet.microsoft.com/it-it/library/security/ms15-013
https://technet.microsoft.com/it-it/library/security/ms15-014
https://technet.microsoft.com/it-it/library/security/ms15-015
https://technet.microsoft.com/it-it/library/security/ms15-016
https://technet.microsoft.com/it-it/library/security/ms15-017
https://technet.microsoft.com/it-it/library/security/ms14-083
Microsoft Update
http://windowsupdate.microsoft.com
https://www.update.microsoft.com/
http://support.microsoft.com/kb/294871
Security Tracker
http://www.securitytracker.com/id/1031726
http://www.securitytracker.com/id/1031725
http://www.securitytracker.com/id/1031724
http://www.securitytracker.com/id/1031723
http://www.securitytracker.com/id/1031722
http://www.securitytracker.com/id/1031721
http://www.securitytracker.com/id/1031720
http://www.securitytracker.com/id/1031719
http://www.securitytracker.com/id/1031718
Mitre CVE
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8967
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0017
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0018
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0019
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0020
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0021
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0022
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0023
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0025
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0026
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0027
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0028
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0029
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0030
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0031
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0035
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0036
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0037
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0038
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0039
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0040
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0041
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0042
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0043
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0044
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0045
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0046
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0048
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0049
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0050
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0051
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0052
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0053
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0054
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0055
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0066
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0067
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0068
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0069
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0070
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0071
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0003
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0010
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0057
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0058
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0059
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0008
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0063
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0064
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0065
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6362
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0009
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0062
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0061
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0012
GARR CERT Security Alert - subscribe/unsubscribe: http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
iEYEARECAAYFAlTctqAACgkQwZxMk2USYEJ4SwCggjOlAL1fj8wEtSnw8dNory8q
gPoAoK24RFqgOczHQzpHwr1KDqb5HUBJ
=OO3e
-----END PGP SIGNATURE-----