Alert GCSA-11084 - Microsoft Security Bullettin December 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-11084
Data : 14 Dicembre 2011
Titolo : Microsoft Security Bullettin December 2011
******************************************************************
:: Descrizione del problema
Sono stati rilasciati da Microsoft 13 bollettini di sicurezza
relativi a varie vulnerabilita' presenti nei sistemi operativi
Windows e nelle applicazioni Office.
MS11-087 (2639417) Vulnerabilita' nei driver in modalita' kernel di Windows
MS11-088 (2652016) vulnerabilita' in Microsoft Office IME (cinese)
MS11-089 (2590602) Vulnerabilita' di Microsoft Office
MS11-090 (2618451) Aggiornamento cumulativo per la protezione dei kill bit ActiveX
MS11-091 (2607702) Vulnerabilita' in Microsoft Publisher
MS11-092 (2648048) Vulnerabilita' in Windows Media
MS11-093 (2624667) Vulnerabilita' in OLE
MS11-094 (2639142) Vulnerabilita' in Microsoft PowerPoint
MS11-095 (2640045) Vulnerabilita' in Active Directory
MS11-096 (2640241) Vulnerabilita' in Microsoft Excel
MS11-097 (2620712) Vulnerabilita' nel sottosistema runtime client/server di Windows
MS11-098 (2633171) Vulnerabilita' del kernel di Windows
MS11-099 (2618444) Aggiornamento cumulativo per la protezione di Internet Explorer
Maggiori dettagli sono disponibili nella segnalazioni ufficiali
alla sezione "Riferimenti".
:: Software interessato
Windows XP
Windows Vista
Windows 7
Windows Server 2003
Windows Server 2008
Windows Server 2008 R2
Microsoft Publisher 2003
Microsoft Publisher 2007
Microsoft Office 2007
Microsoft Office 2010
Microsoft Office for Mac 2011
:: Impatto
Esecuzione di codice arbitrario
Acquisizione di privilegi piu' elevati
Denial of Service
:: Soluzioni
Installare manualmente le patch indicate nei bollettini Microsoft,
oppure utilizzare uno degli strumenti di aggiornamento come:
Aggiornamenti Automatici, Windows Update, Microsoft Update,
Windows Server Update Services, Systems Management Server.
:: Riferimenti
Microsoft Security Bulletin Summary for December 2011
http://technet.microsoft.com/it-it/security/bulletin/ms11-dec
Microsoft Security Bulletin
http://technet.microsoft.com/it-it/security/bulletin/ms11-087
http://technet.microsoft.com/it-it/security/bulletin/ms11-088
http://technet.microsoft.com/it-it/security/bulletin/ms11-089
http://technet.microsoft.com/it-it/security/bulletin/ms11-090
http://technet.microsoft.com/it-it/security/bulletin/ms11-091
http://technet.microsoft.com/it-it/security/bulletin/ms11-092
http://technet.microsoft.com/it-it/security/bulletin/ms11-093
http://technet.microsoft.com/it-it/security/bulletin/ms11-094
http://technet.microsoft.com/it-it/security/bulletin/ms11-095
http://technet.microsoft.com/it-it/security/bulletin/ms11-096
http://technet.microsoft.com/it-it/security/bulletin/ms11-097
http://technet.microsoft.com/it-it/security/bulletin/ms11-098
http://technet.microsoft.com/it-it/security/bulletin/ms11-099
Mitre CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3402
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2010
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1983
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3397
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3410
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3411
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3412
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3401
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3400
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3396
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3413
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3406
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3403
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3408
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2018
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1992
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2019
Microsoft Update
http://windowsupdate.microsoft.com
https://www.update.microsoft.com/
http://support.microsoft.com/kb/294871
Zero Day Initiative
http://www.zerodayinitiative.com/advisories/ZDI-11-346/
http://www.zerodayinitiative.com/advisories/ZDI-11-347/
Secunia
http://secunia.com/advisories/47098/
http://secunia.com/advisories/47062/
http://secunia.com/advisories/47208/
SANS ISC Diary
http://isc.sans.edu/diary.html?storyid=12193
JC3-CIRC
http://www.doecirc.energy.gov/bulletins/u-057.shtml
-----BEGIN PGP SIGNATURE-----
iQCVAwUBTuiMnvOB+SpikaiRAQKEyQP/Srlm6kxwinGsGl/HWRSZzGyyJhimZS++
j/lABAHAar8ClEXS6f21/eVkV+AeVMI0zKJffrh6cNJDWcKETnN3k/hjzekJ2sr1
L8Bcn3Qd61cqj+hZvwJ7n4/e+OQWTdIFvQMAnpXs8mm9nXt40PAuHzRApMgvRZjs
cJKjwNz7PNo=
=+8XC
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-11084
Data : 14 Dicembre 2011
Titolo : Microsoft Security Bullettin December 2011
******************************************************************
:: Descrizione del problema
Sono stati rilasciati da Microsoft 13 bollettini di sicurezza
relativi a varie vulnerabilita' presenti nei sistemi operativi
Windows e nelle applicazioni Office.
MS11-087 (2639417) Vulnerabilita' nei driver in modalita' kernel di Windows
MS11-088 (2652016) vulnerabilita' in Microsoft Office IME (cinese)
MS11-089 (2590602) Vulnerabilita' di Microsoft Office
MS11-090 (2618451) Aggiornamento cumulativo per la protezione dei kill bit ActiveX
MS11-091 (2607702) Vulnerabilita' in Microsoft Publisher
MS11-092 (2648048) Vulnerabilita' in Windows Media
MS11-093 (2624667) Vulnerabilita' in OLE
MS11-094 (2639142) Vulnerabilita' in Microsoft PowerPoint
MS11-095 (2640045) Vulnerabilita' in Active Directory
MS11-096 (2640241) Vulnerabilita' in Microsoft Excel
MS11-097 (2620712) Vulnerabilita' nel sottosistema runtime client/server di Windows
MS11-098 (2633171) Vulnerabilita' del kernel di Windows
MS11-099 (2618444) Aggiornamento cumulativo per la protezione di Internet Explorer
Maggiori dettagli sono disponibili nella segnalazioni ufficiali
alla sezione "Riferimenti".
:: Software interessato
Windows XP
Windows Vista
Windows 7
Windows Server 2003
Windows Server 2008
Windows Server 2008 R2
Microsoft Publisher 2003
Microsoft Publisher 2007
Microsoft Office 2007
Microsoft Office 2010
Microsoft Office for Mac 2011
:: Impatto
Esecuzione di codice arbitrario
Acquisizione di privilegi piu' elevati
Denial of Service
:: Soluzioni
Installare manualmente le patch indicate nei bollettini Microsoft,
oppure utilizzare uno degli strumenti di aggiornamento come:
Aggiornamenti Automatici, Windows Update, Microsoft Update,
Windows Server Update Services, Systems Management Server.
:: Riferimenti
Microsoft Security Bulletin Summary for December 2011
http://technet.microsoft.com/it-it/security/bulletin/ms11-dec
Microsoft Security Bulletin
http://technet.microsoft.com/it-it/security/bulletin/ms11-087
http://technet.microsoft.com/it-it/security/bulletin/ms11-088
http://technet.microsoft.com/it-it/security/bulletin/ms11-089
http://technet.microsoft.com/it-it/security/bulletin/ms11-090
http://technet.microsoft.com/it-it/security/bulletin/ms11-091
http://technet.microsoft.com/it-it/security/bulletin/ms11-092
http://technet.microsoft.com/it-it/security/bulletin/ms11-093
http://technet.microsoft.com/it-it/security/bulletin/ms11-094
http://technet.microsoft.com/it-it/security/bulletin/ms11-095
http://technet.microsoft.com/it-it/security/bulletin/ms11-096
http://technet.microsoft.com/it-it/security/bulletin/ms11-097
http://technet.microsoft.com/it-it/security/bulletin/ms11-098
http://technet.microsoft.com/it-it/security/bulletin/ms11-099
Mitre CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3402
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2010
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1983
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3397
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3410
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3411
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3412
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3401
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3400
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3396
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3413
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3406
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3403
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3408
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2018
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1992
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2019
Microsoft Update
http://windowsupdate.microsoft.com
https://www.update.microsoft.com/
http://support.microsoft.com/kb/294871
Zero Day Initiative
http://www.zerodayinitiative.com/advisories/ZDI-11-346/
http://www.zerodayinitiative.com/advisories/ZDI-11-347/
Secunia
http://secunia.com/advisories/47098/
http://secunia.com/advisories/47062/
http://secunia.com/advisories/47208/
SANS ISC Diary
http://isc.sans.edu/diary.html?storyid=12193
JC3-CIRC
http://www.doecirc.energy.gov/bulletins/u-057.shtml
-----BEGIN PGP SIGNATURE-----
iQCVAwUBTuiMnvOB+SpikaiRAQKEyQP/Srlm6kxwinGsGl/HWRSZzGyyJhimZS++
j/lABAHAar8ClEXS6f21/eVkV+AeVMI0zKJffrh6cNJDWcKETnN3k/hjzekJ2sr1
L8Bcn3Qd61cqj+hZvwJ7n4/e+OQWTdIFvQMAnpXs8mm9nXt40PAuHzRApMgvRZjs
cJKjwNz7PNo=
=+8XC
-----END PGP SIGNATURE-----