Alert GCSA-15037 - Bollettino di Sicurezza Microsoft Settembre 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-15037
Data: 9 Settembre 2015
Titolo: Bollettino di Sicurezza Microsoft Settembre 2015
******************************************************************
:: Descrizione del problema
Microsoft ha rilasciato 12 bollettini di sicurezza relativi a
vulnerabilita' presenti nei sistemi operativi Windows e relative
applicazioni:
MS15-094 Cumulative Security Update for Internet Explorer (3089548)
MS15-095 Cumulative Security Update for Microsoft Edge (3089665)
MS15-096 Vulnerability in Active Directory Service Could Allow Denial of Service (3072595)
MS15-097 Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution (3089656)
MS15-098 Vulnerabilities in Windows Journal Could Allow Remote Code Execution (3089669)
MS15-099 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3089664)
MS15-100 Vulnerability in Windows Media Center Could Allow Remote Code Execution (3087918)
MS15-101 Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (3089662)
MS15-102 Vulnerabilities in Windows Task Management Could Allow Elevation of Privilege (3089657)
MS15-103 Vulnerabilities in Microsoft Exchange Server Could Allow Information Disclosure (3089250)
MS15-104 Vulnerabilities in Skype for Business Server and Lync Server Could Allow Elevation of Privilege (3089952)
MS15-105 Vulnerability in Windows Hyper-V Could Allow Security Feature Bypass (3091287)
Maggiori dettagli sono disponibili nelle segnalazioni ufficiali alla
sezione "Riferimenti".
:: Software interessato
Sistemi operativi:
Windows Vista
Windows Server 2008
Windows Server 2008 R2
Windows 7
Windows 8 and Windows 8.1
Windows Server 2012 and Windows Server 2012 R2
Windows RT and Windows RT 8.1
Windows 10
Microsoft Server Software:
Microsoft SharePoint Foundation 2013
Microsoft Exchange Server 2013
Microsoft Office Suite and Software:
Microsoft Office 2007
Office 2010
Microsoft Office 2013
Microsoft Office 2013 RT
Microsoft Office for Mac
Other Office Software
Microsoft Office Services e Web Apps:
Microsoft SharePoint Server 2010
Microsoft SharePoint Server 2013
Microsoft Office Web Apps 2010
Microsoft Office Web Apps 2013
Microsoft Communications Platforms and Software:
Microsoft Live Meeting 2007
Microsoft Lync 2010
Microsoft Lync 2013
Microsoft Lync Server 2013
Skype for Business Server 2015
:: Impatto
Esecuzione di codice in modalita' remota
Elevazione di privilegi
Information Disclosure
Denial of Service
Bypass delle impostazioni di sicurezza
:: Soluzioni
Installare manualmente le patch indicate nei bollettini Microsoft,
oppure utilizzare uno degli strumenti di aggiornamento come:
Aggiornamenti Automatici, Windows Update, Microsoft Update,
Windows Server Update Services, Systems Management Server.
:: Riferimenti
Riepilogo dei bollettini Microsoft sulla sicurezza, Settembre 2015
https://technet.microsoft.com/library/security/ms15-Sep
Bollettini Microsoft sulla sicurezza
https://technet.microsoft.com/it-it/library/security/MS15-094
https://technet.microsoft.com/it-it/library/security/MS15-095
https://technet.microsoft.com/it-it/library/security/MS15-096
https://technet.microsoft.com/it-it/library/security/MS15-097
https://technet.microsoft.com/it-it/library/security/MS15-098
https://technet.microsoft.com/it-it/library/security/MS15-099
https://technet.microsoft.com/it-it/library/security/MS15-100
https://technet.microsoft.com/it-it/library/security/MS15-101
https://technet.microsoft.com/it-it/library/security/MS15-102
https://technet.microsoft.com/it-it/library/security/MS15-103
https://technet.microsoft.com/it-it/library/security/MS15-104
https://technet.microsoft.com/it-it/library/security/MS15-105
Microsoft Update
http://windowsupdate.microsoft.com
https://www.update.microsoft.com/
http://support.microsoft.com/kb/294871
Security Tracker
http://securitytracker.com/id/1033484
http://securitytracker.com/id/1033485
http://securitytracker.com/id/1033487
http://securitytracker.com/id/1033488
http://securitytracker.com/id/1033489
http://securitytracker.com/id/1033492
http://securitytracker.com/id/1033493
http://securitytracker.com/id/1033494
http://securitytracker.com/id/1033495
http://securitytracker.com/id/1033496
http://securitytracker.com/id/1033497
http://securitytracker.com/id/1033499
http://securitytracker.com/id/1033500
http://securitytracker.com/id/1033501
ISC SANS Diary
https://isc.sans.edu/forums/diary/September+2015+Microsoft+Patch+Tuesday/20129/
Mitre CVE
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2483
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2484
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2485
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2486
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2487
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2488
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2489
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2490
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2491
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2492
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2493
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2494
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2498
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2499
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2500
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2501
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2541
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2542
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2585
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2586
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2594
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2535
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2506
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2507
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2508
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2510
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2511
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2512
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2517
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2518
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2527
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2529
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2546
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2513
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2514
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2516
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2519
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2530
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2520
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2521
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2522
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2523
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2545
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2509
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2504
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2526
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2524
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2525
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2528
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2505
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2543
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2544
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2531
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2532
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2536
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2534
GARR CERT Newsletter subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAlXwQgMACgkQwZxMk2USYELdLgCglkZzeACQ6RPUjLaXArtj5+6y
ptUAoK5xH0bUiBjaE3T0IwDoUh3wjxeA
=Itkd
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-15037
Data: 9 Settembre 2015
Titolo: Bollettino di Sicurezza Microsoft Settembre 2015
******************************************************************
:: Descrizione del problema
Microsoft ha rilasciato 12 bollettini di sicurezza relativi a
vulnerabilita' presenti nei sistemi operativi Windows e relative
applicazioni:
MS15-094 Cumulative Security Update for Internet Explorer (3089548)
MS15-095 Cumulative Security Update for Microsoft Edge (3089665)
MS15-096 Vulnerability in Active Directory Service Could Allow Denial of Service (3072595)
MS15-097 Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution (3089656)
MS15-098 Vulnerabilities in Windows Journal Could Allow Remote Code Execution (3089669)
MS15-099 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3089664)
MS15-100 Vulnerability in Windows Media Center Could Allow Remote Code Execution (3087918)
MS15-101 Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (3089662)
MS15-102 Vulnerabilities in Windows Task Management Could Allow Elevation of Privilege (3089657)
MS15-103 Vulnerabilities in Microsoft Exchange Server Could Allow Information Disclosure (3089250)
MS15-104 Vulnerabilities in Skype for Business Server and Lync Server Could Allow Elevation of Privilege (3089952)
MS15-105 Vulnerability in Windows Hyper-V Could Allow Security Feature Bypass (3091287)
Maggiori dettagli sono disponibili nelle segnalazioni ufficiali alla
sezione "Riferimenti".
:: Software interessato
Sistemi operativi:
Windows Vista
Windows Server 2008
Windows Server 2008 R2
Windows 7
Windows 8 and Windows 8.1
Windows Server 2012 and Windows Server 2012 R2
Windows RT and Windows RT 8.1
Windows 10
Microsoft Server Software:
Microsoft SharePoint Foundation 2013
Microsoft Exchange Server 2013
Microsoft Office Suite and Software:
Microsoft Office 2007
Office 2010
Microsoft Office 2013
Microsoft Office 2013 RT
Microsoft Office for Mac
Other Office Software
Microsoft Office Services e Web Apps:
Microsoft SharePoint Server 2010
Microsoft SharePoint Server 2013
Microsoft Office Web Apps 2010
Microsoft Office Web Apps 2013
Microsoft Communications Platforms and Software:
Microsoft Live Meeting 2007
Microsoft Lync 2010
Microsoft Lync 2013
Microsoft Lync Server 2013
Skype for Business Server 2015
:: Impatto
Esecuzione di codice in modalita' remota
Elevazione di privilegi
Information Disclosure
Denial of Service
Bypass delle impostazioni di sicurezza
:: Soluzioni
Installare manualmente le patch indicate nei bollettini Microsoft,
oppure utilizzare uno degli strumenti di aggiornamento come:
Aggiornamenti Automatici, Windows Update, Microsoft Update,
Windows Server Update Services, Systems Management Server.
:: Riferimenti
Riepilogo dei bollettini Microsoft sulla sicurezza, Settembre 2015
https://technet.microsoft.com/library/security/ms15-Sep
Bollettini Microsoft sulla sicurezza
https://technet.microsoft.com/it-it/library/security/MS15-094
https://technet.microsoft.com/it-it/library/security/MS15-095
https://technet.microsoft.com/it-it/library/security/MS15-096
https://technet.microsoft.com/it-it/library/security/MS15-097
https://technet.microsoft.com/it-it/library/security/MS15-098
https://technet.microsoft.com/it-it/library/security/MS15-099
https://technet.microsoft.com/it-it/library/security/MS15-100
https://technet.microsoft.com/it-it/library/security/MS15-101
https://technet.microsoft.com/it-it/library/security/MS15-102
https://technet.microsoft.com/it-it/library/security/MS15-103
https://technet.microsoft.com/it-it/library/security/MS15-104
https://technet.microsoft.com/it-it/library/security/MS15-105
Microsoft Update
http://windowsupdate.microsoft.com
https://www.update.microsoft.com/
http://support.microsoft.com/kb/294871
Security Tracker
http://securitytracker.com/id/1033484
http://securitytracker.com/id/1033485
http://securitytracker.com/id/1033487
http://securitytracker.com/id/1033488
http://securitytracker.com/id/1033489
http://securitytracker.com/id/1033492
http://securitytracker.com/id/1033493
http://securitytracker.com/id/1033494
http://securitytracker.com/id/1033495
http://securitytracker.com/id/1033496
http://securitytracker.com/id/1033497
http://securitytracker.com/id/1033499
http://securitytracker.com/id/1033500
http://securitytracker.com/id/1033501
ISC SANS Diary
https://isc.sans.edu/forums/diary/September+2015+Microsoft+Patch+Tuesday/20129/
Mitre CVE
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2483
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2484
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2485
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2486
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2487
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2488
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2489
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2490
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2491
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2492
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2493
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2494
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2498
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2499
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2500
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2501
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2541
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2542
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2585
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2586
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2594
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2535
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2506
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2507
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2508
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2510
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2511
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2512
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2517
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2518
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2527
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2529
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2546
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2513
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2514
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2516
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2519
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2530
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2520
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2521
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2522
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2523
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2545
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2509
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2504
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2526
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2524
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2525
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2528
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2505
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2543
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2544
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2531
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2532
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2536
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2534
GARR CERT Newsletter subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAlXwQgMACgkQwZxMk2USYELdLgCglkZzeACQ6RPUjLaXArtj5+6y
ptUAoK5xH0bUiBjaE3T0IwDoUh3wjxeA
=Itkd
-----END PGP SIGNATURE-----