Sicurezza – Bollettini Microsoft e Linux

News, Alert e Bollettini di sicurezza Microsoft e Linux

Microsoft (Microsoft Technical Security Notifications, MSRC Blog)
  • December 2018 Security Update Release
    by MSRC Team on 11 Dicembre 2018 at 6:00 pm

    Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates.  More information about this month’s security updates can be found on the Security Update Guide.&nbs […]

  • November 2018 Security Update Release
    by MSRC Team on 13 Novembre 2018 at 6:02 pm

    Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates.   More information about this month’s security updates can be found on the Security Update Guide.&nbs […]

  • Should You Send Your Pen Test Report to the MSRC?
    by MSRC Team on 12 Novembre 2018 at 6:02 pm

    Every day, the Microsoft Security Response Center (MSRC) receives vulnerability reports from security researchers, technology/industry partners, and customers. We want those reports, because they help us make our products and services more secure. High-quality reports that include proof of concept, details of an attack or demonstration of a vulnerability, and a detailed writeup of the... […]

  • October 2018 Security Update Release
    by MSRC Team on 9 Ottobre 2018 at 5:00 pm

    Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide. MSRC team […]

  • Standing behind “MSRC Listens”
    by MSRC Team on 2 Ottobre 2018 at 11:04 pm

    Last week at BlueHat’s “MSRC Listens” session, I took the stage with Mechele Gruhn, manager of the Vulnerability Response PM team, to explain how MSRC is changing our communication, workflows, and tooling to deliver an improved user experience for our partners in the security research community. We promised to communicate more about what’s happening in... […]

  • September 2018 Security Update Release
    by MSRC Team on 11 Settembre 2018 at 4:59 pm

    Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide. MSRC team […]

  • Inside MSRC: Sharing Our Story & Customer Tips
    by MSRC Team on 7 Settembre 2018 at 4:06 pm

    For the last 20 years, the Microsoft Security Response Center has been an integral part of Microsoft’s commitment to customer security.  We are often called on to talk about the work we do and how customers can apply the lessons we have learned over that period to better their security posture.  Today we are releasing... […]

  • August 2018 Security Update Release
    by MSRC Team on 14 Agosto 2018 at 5:09 pm

    Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates.  More information about this month’s security updates can be found on the Security Update Guide.   MSRC team&nbs […]

  • Microsoft’s Top 100 Security Researchers – Black Hat 2018 Edition
    by MSRC Team on 8 Agosto 2018 at 5:00 pm

    This morning we are excited to unveil the security researcher leaderboard at the Black Hat Security Conference.  This list recognizes the top security researchers who have contributed research to the Microsoft products and services.  If you are curious on how we build the list, check out our blog from last week on The Making of... […]

  • The Making of the Top 100 Researcher List
    by MSRC Team on 1 Agosto 2018 at 6:50 pm

    At Black Hat USA each year, we unveil the Top 100 Security Researcher list to reflect the amazing engagement we get from the community. During this period, we had several thousand researchers engage with the Microsoft Security Response Center (MSRC). We appreciate all the partnership and coordination that goes on throughout the year. The Top... […]

  • 4053440 - Securely opening Microsoft Office documents that contain Dynamic Data Exchange (DDE) fields - Version: 3.0
    on 9 Gennaio 2018 at 6:00 pm

    Revision Note: V3.0 (January 9, 2018): Microsoft has released an update for all supported editions of Microsoft Excel that allows users to set the functionality of the DDE protocol based on their environment. For more information and to download the update, see ADV170021.Summary: Microsoft is releasing this security advisory to provide information regarding security settings for Microsoft Office applications. This advisory provides guidance on what users can do to ensure that these applications are properly secured when processing Dynamic Data Exchange (DDE) fields. […]

  • 4056318 - Guidance for securing AD DS account used by Azure AD Connect for directory synchronization - Version: 1.0
    on 12 Dicembre 2017 at 6:00 pm

    Revision Note: V1.0 (December 12, 2017): Advisory published.Summary: Microsoft is releasing this security advisory to provide information regarding security settings for the AD DS (Active Directory Domain Services) account used by Azure AD Connect for directory synchronization. This advisory also provides guidance on what on-premises AD administrators can do to ensure that the account is properly secured. […]

  • MS14-085 - Important: Vulnerability in Microsoft Graphics Component Could Allow Information Disclosure (3013126) - Version: 1.1
    on 19 Ottobre 2017 at 5:00 pm

    Severity Rating: ImportantRevision Note: V1.1 (October 19, 2017): Corrected a typo in the CVE description.Summary: This security update resolves a publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow information disclosure if a user browses to a website containing specially crafted JPEG content. An attacker could use this information disclosure vulnerability to gain information about the system that could then be combined with other attacks to compromise the system. The information disclosure vulnerability by itself does not allow arbitrary code execution. However, an attacker could use this information disclosure vulnerability in conjunction with another vulnerability to bypass security features such as Address Space Layout Randomization (ASLR). […]

  • MS16-JUL - Microsoft Security Bulletin Summary for July 2016 - Version: 2.0
    on 12 Settembre 2017 at 5:00 pm

    Revision Note: V2.0 (September 12, 2017): For MS16-087, to address known issues with the 3170455 update for CVE-2016-3238, Microsoft has made available the following updates for currently-supported versions of Microsoft Windows: • Rereleased update 3170455 for Windows Server 2008 • Monthly Rollup 4038777 and Security Update 4038779 for Windows 7 and Windows Server 2008 R2 • Monthly Rollup 4038799 and Security Update 4038786 for Windows Server 2012 • Monthly Rollup 4038792 and Security Update 4038793 for Windows 8.1 and Windows Server 2012 R2 • Cumulative Update 4038781 for Windows 10 • Cumulative Update 4038781 for Windows 10 Version 1511 • Cumulative Update 4038782 for Windows 10 Version 1607 and Windows Server 2016. Microsoft recommends that customers running Windows Server 2008 reinstall update 3170455. Microsoft recommends that customers running other supported versions of Windows install the appropriate update. See Microsoft Knowledge Base Article 3170005 (https://support.microsoft.com/en-us/help/3170005) for more information.Summary: This bulletin summary lists security bulletins released for July 2016. […]

  • MS16-095 - Critical: Cumulative Security Update for Internet Explorer (3177356) - Version: 3.0
    on 12 Settembre 2017 at 5:00 pm

    Severity Rating: CriticalRevision Note: V3.0 (September 12, 2017): Revised the Affected Software table to include Internet Explorer 11 installed on Windows 10 Version 1703 for 32-bit Systems and Internet Explorer 11 installed on Windows 10 Version 1703 for x64-based Systems because they are affected by CVE-2016-3326. Consumers using Windows 10 are automatically protected. Microsoft recommends that enterprise customers running Internet Explorer on Windows 10 Version 1703 ensure they have update 4038788 installed to be protected from this vulnerability. Customers who are running other versions of Windows 10 and who have installed the June cumulative updates do not need to take any further action.Summary: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. […]

  • MS16-AUG - Microsoft Security Bulletin Summary for August 2016 - Version: 3.0
    on 12 Settembre 2017 at 5:00 pm

    Revision Note: V3.0 (September 12, 2017): For MS16-095, revised the Windows Operating System and Components Affected Software table to include Internet Explorer 11 installed on Windows 10 Version 1703 for 32-bit Systems and Internet Explorer 11 installed on Windows 10 Version 1703 for x64-based Systems because they are affected by CVE-2016-3326. Microsoft recommends that customers running Internet Explorer on Windows 10 Version 1703 install update 4038788 to be protected from this vulnerability.Summary: This bulletin summary lists security bulletins released for August 2016. […]

  • MS16-087 - Critical: Security Update for Windows Print Spooler Components (3170005) - Version: 2.0
    on 12 Settembre 2017 at 5:00 pm

    Severity Rating: CriticalRevision Note: V2.0 (September 12, 2017): To address known issues with the 3170455 update for CVE-2016-3238, Microsoft has made available the following updates for currently-supported versions of Microsoft Windows: • Rereleased update 3170455 for Windows Server 2008 • Monthly Rollup 4038777 and Security Update 4038779 for Windows 7 and Windows Server 2008 R2 • Monthly Rollup 4038799 and Security Update 4038786 for Windows Server 2012 • Monthly Rollup 4038792 and Security Update 4038793 for Windows 8.1 and Windows Server 2012 R2 • Cumulative Update 4038781 for Windows 10 • Cumulative Update 4038781 for Windows 10 Version 1511 • Cumulative Update 4038782 for Windows 10 Version 1607 and Windows Server 2016. Microsoft recommends that customers running Windows Server 2008 reinstall update 3170455. Microsoft recommends that customers running other supported versions of Windows install the appropriate update. See Microsoft Knowledge Base Article 3170005 (https://support.microsoft.com/en-us/help/3170005) for more information.Summary: This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if an attacker is able to execute a man-in-the-middle (MiTM) attack on a workstation or print server, or sets up a rogue print server on a target network. […]

  • MS16-APR - Microsoft Security Bulletin Summary for April 2016 - Version: 4.0
    on 12 Settembre 2017 at 5:00 pm

    Revision Note: V4.0 (September 12, 2017): For MS16-039, revised the Windows Operating Systems and Components affected software table to include Windows 10 Version 1703 for 32-bit Systems and Windows 10 Version 1703 for x64-based Systems because they are affected by CVE-2016-0165. Consumers running Windows 10 are automatically protected. Microsoft recommends that enterprise customers running Windows 10 Version 1703 ensure they have update 4038788 installed to be protected from this vulnerability.Summary: This bulletin summary lists security bulletins released for April 2016. […]

  • MS16-123 - Important: Security Update for Windows Kernel-Mode Drivers (3192892) - Version: 3.0
    on 12 Settembre 2017 at 5:00 pm

    Severity Rating: ImportantRevision Note: V3.0 (September 12, 2017): Revised the Affected Software table to include Windows 10 Version 1703 for 32-bit Systems and Windows 10 Version 1703 for x64-based Systems because they are affected by CVE-2016-3376. Consumers using Windows 10 are automatically protected. Microsoft recommends that enterprise customers running Windows 10 Version 1703 ensure they have update 4038788 installed to be protected from this vulnerability.Summary: This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system. […]

  • MS16-OCT - Microsoft Security Bulletin Summary for October 2016 - Version: 3.0
    on 12 Settembre 2017 at 5:00 pm

    Revision Note: V3.0 (September 12, 2017): For MS16-123, revised the Windows Operating System and Components affected software table to include Windows 10 Version 1703 for 32-bit Systems and Windows 10 Version 1703 for x64-based Systems because they are affected by CVE-2016-3376. Consumers using Windows 10 are automatically protected. Microsoft recommends that enterprise customers running Windows 10 Version 1703 ensure they have update 4038788 installed to be protected from this vulnerability.Summary: This bulletin summary lists security bulletins released for October 2016. […]

  • MS16-039 - Critical: Security Update for Microsoft Graphics Component (3148522) - Version: 4.0
    on 12 Settembre 2017 at 5:00 pm

    Severity Rating: CriticalRevision Note: V4.0 (September 12, 2017): Revised the Microsoft Windows affected software table to include Windows 10 Version 1703 for 32-bit Systems and Windows 10 Version 1703 for x64-based Systems because they are affected by CVE-2016-0165. Consumers running Windows 10 are automatically protected. Microsoft recommends that enterprise customers running Windows 10 Version 1703 ensure they have update 4038788 installed to be protected from this vulnerability.Summary: This security update resolves vulnerabilities in Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Skype for Business, and Microsoft Lync. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a webpage that contains specially crafted embedded fonts. […]

  • MS16-149 - Important: Security Update for Microsoft Windows (3205655) - Version: 1.1
    on 23 Agosto 2017 at 5:00 pm

    Severity Rating: ImportantRevision Note: V1.1 (August 23, 2017): Corrected the Updates Replaced for security update 3196726 to None. This is an informational change only. Customers who have already successfully installed the update do not need to take any further action.Summary: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow elevation of privilege if a locally authenticated attacker runs a specially crafted application. […]

  • 4038556 - Guidance for securing applications that host the WebBrowser Control - Version: 1.0
    on 8 Agosto 2017 at 5:00 pm

    Revision Note: V1.0 (August 8, 2017): Advisory published.Summary: Microsoft is releasing this security advisory to provide information regarding security settings for applications developed with the Microsoft Internet Explorer layout engine, also known as the Trident layout engine. This advisory also provides guidance on what developers and individuals can do to ensure that their applications hosting the WebBrowser Control are properly secured. […]

  • MS17-MAR - Microsoft Security Bulletin Summary for March 2017 - Version: 4.0
    on 8 Agosto 2017 at 5:00 pm

    Revision Note: V4.0 (August 8, 2017): For MS17-007, to comprehensively address CVE-2017-0071, Microsoft released the July security updates for all versions of Windows 10. Note that Windows 10 for 32-bit Systems, Windows 10 for x64-based Systems, Windows 10 Version 1703 for 32-bit Systems, and Windows 10 Version 1703 for x64-based Systems have been added to the Affected Products table as they are also affected by this vulnerability. Microsoft recommends that customers who have not already done so install the July 2017 security updates to be fully protected from this vulnerabilitySummary: This bulletin summary lists security bulletins released for March 2017 […]

  • MS17-007 - Critical: Cumulative Security Update for Microsoft Edge (4013071) - Version: 2.0
    on 8 Agosto 2017 at 5:00 pm

    Severity Rating: CriticalRevision Note: V2.0 (August 8, 2017): To comprehensively address CVE-2017-0071, Microsoft released the July security updates for all versions of Windows 10. Note that Windows 10 for 32-bit Systems, Windows 10 for x64-based Systems, Windows 10 Version 1703 for 32-bit Systems, and Windows 10 Version 1703 for x64-based Systems have been added to the Affected Products table as they are also affected by this vulnerability. Microsoft recommends that customers who have not already done so install the July 2017 security updates to be fully protected from this vulnerability.Summary: This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited these vulnerabilities could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. […]

  • MS16-SEP - Microsoft Security Bulletin Summary for September 2016 - Version: 2.0
    on 11 Luglio 2017 at 5:00 pm

    Revision Note: V2.0 (July 11, 2017): Revised Windows Affected Software and Vulnerability Severity Ratings table to include Windows 10 Version 1703 for 32-bit Systems and Windows 10 Version 1703 for x64-based Systems because they are affected by CVE-2016-3305. Microsoft recommends that customers running Windows 10 Version 1703 should install update 4025342 to be protected from this vulnerability.Summary: This bulletin summary lists security bulletins released for September 2016. […]

  • MS16-111 - Important: Security Update for Windows Kernel (3186973) - Version: 2.0
    on 11 Luglio 2017 at 5:00 pm

    Severity Rating: ImportantRevision Note: V2.0 (July 11, 2017): Revised Windows Affected Software and Vulnerability Severity Ratings table to include Windows 10 Version 1703 for 32-bit Systems and Windows 10 Version 1703 for x64-based Systems because they are affected by CVE-2016-3305. Microsoft recommends that customers running Windows 10 Version 1703 should install update 4025342 to be protected from this vulnerability.Summary: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker runs a specially crafted application on a target system. […]

  • 4033453 - Vulnerability in Azure AD Connect Could Allow Elevation of Privilege - Version: 1.0
    on 27 Giugno 2017 at 5:00 pm

    Revision Note: V1.0 (June 27, 2017): Advisory published.Summary: Microsoft is releasing this security advisory to inform customers that a new version of Azure Active Directory (AD) Connect is available that addresses an Important security vulnerability. […]

  • 4025685 - Guidance related to June 2017 security update release - Version: 1.0
    on 13 Giugno 2017 at 5:00 pm

    Revision Note: V1.0 (June 13, 2017): Advisory publishedSummary: Microsoft is announcing the availability of additional guidance for critical security updates, that are at heightened risk of exploitation due to past and threatened nation-state attacks and disclosures. Some of the releases are new, and some are for older platforms that we are making publicly available today. […]

  • 4022344 - Security Update for Microsoft Malware Protection Engine - Version: 1.2
    on 12 Maggio 2017 at 5:00 pm

    Severity Rating: CriticalRevision Note: V1.2 (May 12, 2017): Added entries into the affected software table. This is an informational change only.Summary: Microsoft is releasing this security advisory to inform customers that an update to the Microsoft Malware Protection Engine addresses a security vulnerability that was reported to Microsoft. […]

Linux (Community’s Center for Security)