Microsoft ha realizzato 10 aggiornamenti per i suoi Sistemi Operativi (in primis Windows XP e 2003, 32 e 64 bit) e per alcuni applicativi con essi distribuiti (ad esempio Internet Explorer e Outlook Express).
Seguono le note ufficiali a corredo degli update:
Critical:
Cumulative Security Update for Internet Explorer (883939)
Vulnerabilities exist in Internet Explorer, the most sever of these
could allow an attacker to take complete control of an affected system.
Vulnerability in HTML Help Could Allow Remote Code Execution (896358)
A vulnerability exists in HTML Help that could allow an attacker to take complete control of an affected system.
Vulnerability in SMB Could Allow Remote Code Execution (896422)
A vulnerability exists in Windows that could allow an attacker to take
complete control of an affected system. An attacker needs to
authenticate to be able to exploit this vulnerability.
Important:
Vulnerability in Web Client Service May Allow Remote Code Execution (896426)
A
vulnerability exists in the Windows Web Client Service that could allow
an attacker to take complete control of an affected system. An attacker
must have valid logon credentials and be able to log on locally to
exploit this vulnerability.
Vulnerability in Outlook Web Access for Exchange Server 5.5 Could Allow Cross-Site Scripting Attacks (895179)
A
cross-site scripting vulnerability exists in Outlook Web Access for
Microsoft Exchange that could allow an attacker to run a malicious
script in Outlook Web Access.
Cumulative Security Update for Outlook Express (897715)
A
vulnerability exists in Outlook Express that could allow an attacker to
take complete control of an affected system. User interaction is
required to exploit this vulnerability and an attacker would need to
persuade a user to connect to their News (NNTP) server.
Vulnerability in Microsoft Windows Interactive Training Could Allow Remote Code Execution (898458)
A
vulnerability exists in Windows that could allow an attacker to take
complete control of an affected system. Microsoft Windows Interactive
Training is not installed by default.
Moderate:
Vulnerability in Microsoft Agent Could Allow Spoofing (890046)
A
vulnerability exists in Microsoft Agent that could enable an attacker
to spoof trusted Internet content. An attacker first have to persuade a
user to visit the attacker’s site to attempt to exploit this
vulnerability.
Vulnerability in Telnet Client Could Allow Information Disclosure (896428)
A
vulnerability exists in the Windows Telnet Client that could enable an
attacker to retrieve unpredictable information from a system. User
interaction is required to exploit this vulnerability and an attacker
would need to persuade a user to connect to their Telnet server.
Cumulative Security Update for ISA Server 2000 (899753)
Vulnerabilities
exist in Microsoft ISA Server 2000 that could allow circumvention of a
packet filter and enable an attacker to retrieve unpredictable
information from an ISA Server’s cache or from a system behind the ISA
server.
E' possibile effetturare l'aggiornamento del software mediante Windows Update oppure cliccando sul link di seguito allegato.
Collegamenti
|
