Alert GCSA-15020 - Bollettino di Sicurezza Microsoft Giugno 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-15020
Data: 10 Giugno 2015
Titolo: Bollettino di Sicurezza Microsoft Giugno 2015
******************************************************************
:: Descrizione del problema
Microsoft ha rilasciato 8 bollettini di sicurezza relativi a vulnerabilita'
presenti nei sistemi operativi Windows e in altre applicazioni:
MS15-056 - Cumulative Security Update for Internet Explorer (3058515)
MS15-057 - Vulnerability in Windows Media Player Could Allow Remote Code Execution (3033890)
MS15-059 - Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3064949)
MS15-060 - Vulnerability in Microsoft Common Controls Could Allow Remote Code Execution (3059317)
MS15-061 - Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (3057839)
MS15-062 - Vulnerability in Active Directory Federation Services Could Allow Elevation of Privilege (3062577)
MS15-063 - Vulnerability in Windows Kernel Could Allow Elevation of Privilege (3063858)
MS15-064 - Vulnerabilities in Microsoft Exchange Server Could Allow Elevation of Privilege (3062157)
E' inoltre stato rilasciato un nuovo Avviso di Sicurezza:
Update for Juniper Network Windows In-Box Junos Pulse Client (2962393)
e la revisione di un precedente Avviso di Sicurezza:
Update for Adobe Flash Player in Internet Explorer (2755801)
Maggiori dettagli sono disponibili nella segnalazioni ufficiali alla sezione "Riferimenti".
:: Software interessato
Sistemi operativi:
Windows Server 2003
Windows Vista
Windows Server 2008
Windows Server 2008 R2
Windows 7
Windows 8 and Windows 8.1
Windows Server 2012 e Windows Server 2012 R2
Windows RT e Windows RT 8.1
Microsoft Server Software:
Microsoft Exchange Server 2013
Microsoft Office Suite:
Microsoft Office 2007
Microsoft Office 2010
Microsoft Office 2013
Microsoft Office 2013 RT
:: Impatto
Esecuzione di codice in modalita' sia locale che remota
Rilevazione di informazioni di autenticazione, di utente e di sistema
Accesso utente in modalita' sia locale che remota
Accesso root in modalita' locale
Modifica di informazioni utente
Accesso al sistema in modalita' remota
:: Soluzioni
Installare manualmente le patch indicate nei bollettini Microsoft,
oppure utilizzare uno degli strumenti di aggiornamento come:
Aggiornamenti Automatici, Windows Update, Microsoft Update,
Windows Server Update Services, Systems Management Server.
:: Riferimenti
Riepilogo dei bollettini Microsoft sulla sicurezza, Giugno 2015
https://technet.microsoft.com/library/security/ms15-jun
MSRC June 2015 Updates
http://blogs.technet.com/b/msrc/archive/2015/04/14/june-2015-updates.aspx
Bollettini Microsoft sulla sicurezza
https://technet.microsoft.com/it-it/library/security/MS15-056
https://technet.microsoft.com/it-it/library/security/MS15-057
https://technet.microsoft.com/it-it/library/security/MS15-059
https://technet.microsoft.com/it-it/library/security/MS15-060
https://technet.microsoft.com/it-it/library/security/MS15-061
https://technet.microsoft.com/it-it/library/security/MS15-062
https://technet.microsoft.com/it-it/library/security/MS15-063
https://technet.microsoft.com/it-it/library/security/MS15-064
Microsoft Update
http://windowsupdate.microsoft.com
https://www.update.microsoft.com/
http://support.microsoft.com/kb/294871
Security Tracker
http://www.securitytracker.com/id/1032521
http://www.securitytracker.com/id/1032522
http://www.securitytracker.com/id/1032523
http://www.securitytracker.com/id/1032524
http://www.securitytracker.com/id/1032525
http://www.securitytracker.com/id/1032526
http://www.securitytracker.com/id/1032527
http://www.securitytracker.com/id/1032528
Mitre CVE
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1687
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1719
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1720
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1721
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1722
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1723
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1724
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1725
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1726
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1727
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1728
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1730
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1731
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1732
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1735
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1736
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1737
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1739
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1740
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1741
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1742
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1743
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1744
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1745
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1747
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1748
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1750
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1751
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1752
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1753
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1754
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1755
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1756
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1757
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1758
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1759
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1760
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1764
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1765
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1766
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1768
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1770
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1771
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2359
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2360
GARR CERT Newsletter subscribe/unsubscribe:
http://testcert.dir.garr.it/index.php/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iD8DBQFVeCZQwZxMk2USYEIRAuLQAKCE8mghh8om3EUv/f4HNtXJN2w+ZwCgw6eo
cuhvtfNuVjc5WHCzLMd/rm8=
=VpoO
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-15020
Data: 10 Giugno 2015
Titolo: Bollettino di Sicurezza Microsoft Giugno 2015
******************************************************************
:: Descrizione del problema
Microsoft ha rilasciato 8 bollettini di sicurezza relativi a vulnerabilita'
presenti nei sistemi operativi Windows e in altre applicazioni:
MS15-056 - Cumulative Security Update for Internet Explorer (3058515)
MS15-057 - Vulnerability in Windows Media Player Could Allow Remote Code Execution (3033890)
MS15-059 - Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3064949)
MS15-060 - Vulnerability in Microsoft Common Controls Could Allow Remote Code Execution (3059317)
MS15-061 - Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (3057839)
MS15-062 - Vulnerability in Active Directory Federation Services Could Allow Elevation of Privilege (3062577)
MS15-063 - Vulnerability in Windows Kernel Could Allow Elevation of Privilege (3063858)
MS15-064 - Vulnerabilities in Microsoft Exchange Server Could Allow Elevation of Privilege (3062157)
E' inoltre stato rilasciato un nuovo Avviso di Sicurezza:
Update for Juniper Network Windows In-Box Junos Pulse Client (2962393)
e la revisione di un precedente Avviso di Sicurezza:
Update for Adobe Flash Player in Internet Explorer (2755801)
Maggiori dettagli sono disponibili nella segnalazioni ufficiali alla sezione "Riferimenti".
:: Software interessato
Sistemi operativi:
Windows Server 2003
Windows Vista
Windows Server 2008
Windows Server 2008 R2
Windows 7
Windows 8 and Windows 8.1
Windows Server 2012 e Windows Server 2012 R2
Windows RT e Windows RT 8.1
Microsoft Server Software:
Microsoft Exchange Server 2013
Microsoft Office Suite:
Microsoft Office 2007
Microsoft Office 2010
Microsoft Office 2013
Microsoft Office 2013 RT
:: Impatto
Esecuzione di codice in modalita' sia locale che remota
Rilevazione di informazioni di autenticazione, di utente e di sistema
Accesso utente in modalita' sia locale che remota
Accesso root in modalita' locale
Modifica di informazioni utente
Accesso al sistema in modalita' remota
:: Soluzioni
Installare manualmente le patch indicate nei bollettini Microsoft,
oppure utilizzare uno degli strumenti di aggiornamento come:
Aggiornamenti Automatici, Windows Update, Microsoft Update,
Windows Server Update Services, Systems Management Server.
:: Riferimenti
Riepilogo dei bollettini Microsoft sulla sicurezza, Giugno 2015
https://technet.microsoft.com/library/security/ms15-jun
MSRC June 2015 Updates
http://blogs.technet.com/b/msrc/archive/2015/04/14/june-2015-updates.aspx
Bollettini Microsoft sulla sicurezza
https://technet.microsoft.com/it-it/library/security/MS15-056
https://technet.microsoft.com/it-it/library/security/MS15-057
https://technet.microsoft.com/it-it/library/security/MS15-059
https://technet.microsoft.com/it-it/library/security/MS15-060
https://technet.microsoft.com/it-it/library/security/MS15-061
https://technet.microsoft.com/it-it/library/security/MS15-062
https://technet.microsoft.com/it-it/library/security/MS15-063
https://technet.microsoft.com/it-it/library/security/MS15-064
Microsoft Update
http://windowsupdate.microsoft.com
https://www.update.microsoft.com/
http://support.microsoft.com/kb/294871
Security Tracker
http://www.securitytracker.com/id/1032521
http://www.securitytracker.com/id/1032522
http://www.securitytracker.com/id/1032523
http://www.securitytracker.com/id/1032524
http://www.securitytracker.com/id/1032525
http://www.securitytracker.com/id/1032526
http://www.securitytracker.com/id/1032527
http://www.securitytracker.com/id/1032528
Mitre CVE
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1687
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1719
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1720
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1721
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1722
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1723
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1724
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1725
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1726
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1727
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1728
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1730
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1731
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1732
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1735
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1736
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1737
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1739
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1740
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1741
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1742
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1743
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1744
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1745
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1747
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1748
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1750
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1751
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1752
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1753
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1754
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1755
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1756
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1757
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1758
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1759
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1760
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1764
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1765
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1766
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1768
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1770
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1771
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2359
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2360
GARR CERT Newsletter subscribe/unsubscribe:
http://testcert.dir.garr.it/index.php/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iD8DBQFVeCZQwZxMk2USYEIRAuLQAKCE8mghh8om3EUv/f4HNtXJN2w+ZwCgw6eo
cuhvtfNuVjc5WHCzLMd/rm8=
=VpoO
-----END PGP SIGNATURE-----