Alert GCSA-10169 - MS10-090 Aggiornamento Cumulativo per Internet
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-10169
Data : 15 dicembre 2010
Titolo : MS10-090 Aggiornamento Cumulativo per Internet Explorer (2416400)
******************************************************************
:: Descrizione del problema
Microsoft ha rilasciato un aggiornamento che risolve
sette vulnerabilita' presenti nel browser Internet Explorer.
Le vulnerabilita' potrebbero consentire l'esecuzione
di codice arbitrario da remoto, se viene visualizzata
una pagina artefatta.
Vi sono report circa lo sfruttamento corrente
di questi bug per compromettere sistemi.
:: Software interessato
Internet Explorer 6
Internet Explorer 7
Internet Explorer 8
:: Impatto
Esecuzione remota di codice arbitrario
Conquista del controllo sul sistema
:: Soluzioni
Installare manualmente la patch elencata nel bollettino Microsoft,
oppure utilizzare uno degli strumenti di aggiornamento come:
Aggiornamenti Automatici, Windows Update, Microsoft Update,
Windows Server Update Services, Systems Management Server.
:: Riferimenti
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/Bulletin/MS10-090.mspx
Microsoft Knowledge Base
http://support.microsoft.com/kb/2416400
Microsoft Security Advisory
http://www.microsoft.com/technet/security/advisory/2458511.mspx
Microsoft Update
http://windowsupdate.microsoft.com
https://www.update.microsoft.com/
http://support.microsoft.com/kb/294871
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3340
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3342
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3343
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3345
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3346
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3348
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3962
Vupen Security
http://www.vupen.com/english/advisories/2010/3214
ISC SANS
http://isc.sans.org/diary.html?storyid=10081
Securityfocus Bugtraq ID
http://www.securityfocus.com/bid/45255
iDefense Labs
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=885
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=886
-----BEGIN PGP SIGNATURE-----
iQCVAwUBTQjF8/OB+SpikaiRAQI7+gP+KsSJnm4B5HWxRwDyHmviDBXlJPMMqQeR
CtdgVMEw004zpBv+8ibWQ7wgCkdZalgfRPWsXaUQuw68idI3rpiLu3otPCcOZdH0
fDk8v6Az4YSHz0xhGEsCIss54R0PjKUTuFMOgOqCzgpxTYY97Gm9JdxksA3SFMI/
VDgGP4gdf0c=
=ICBh
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-10169
Data : 15 dicembre 2010
Titolo : MS10-090 Aggiornamento Cumulativo per Internet Explorer (2416400)
******************************************************************
:: Descrizione del problema
Microsoft ha rilasciato un aggiornamento che risolve
sette vulnerabilita' presenti nel browser Internet Explorer.
Le vulnerabilita' potrebbero consentire l'esecuzione
di codice arbitrario da remoto, se viene visualizzata
una pagina artefatta.
Vi sono report circa lo sfruttamento corrente
di questi bug per compromettere sistemi.
:: Software interessato
Internet Explorer 6
Internet Explorer 7
Internet Explorer 8
:: Impatto
Esecuzione remota di codice arbitrario
Conquista del controllo sul sistema
:: Soluzioni
Installare manualmente la patch elencata nel bollettino Microsoft,
oppure utilizzare uno degli strumenti di aggiornamento come:
Aggiornamenti Automatici, Windows Update, Microsoft Update,
Windows Server Update Services, Systems Management Server.
:: Riferimenti
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/Bulletin/MS10-090.mspx
Microsoft Knowledge Base
http://support.microsoft.com/kb/2416400
Microsoft Security Advisory
http://www.microsoft.com/technet/security/advisory/2458511.mspx
Microsoft Update
http://windowsupdate.microsoft.com
https://www.update.microsoft.com/
http://support.microsoft.com/kb/294871
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3340
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3342
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3343
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3345
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3346
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3348
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3962
Vupen Security
http://www.vupen.com/english/advisories/2010/3214
ISC SANS
http://isc.sans.org/diary.html?storyid=10081
Securityfocus Bugtraq ID
http://www.securityfocus.com/bid/45255
iDefense Labs
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=885
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=886
-----BEGIN PGP SIGNATURE-----
iQCVAwUBTQjF8/OB+SpikaiRAQI7+gP+KsSJnm4B5HWxRwDyHmviDBXlJPMMqQeR
CtdgVMEw004zpBv+8ibWQ7wgCkdZalgfRPWsXaUQuw68idI3rpiLu3otPCcOZdH0
fDk8v6Az4YSHz0xhGEsCIss54R0PjKUTuFMOgOqCzgpxTYY97Gm9JdxksA3SFMI/
VDgGP4gdf0c=
=ICBh
-----END PGP SIGNATURE-----