[SECURITY-L] CAIS-Alerta: Patch Acumulativo para o Internet Explorer

Daniela Regina Barbetti daniela em ccuec.unicamp.br
Sex Fev 15 08:48:14 -02 2002 

----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br> -----

From: Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br>
Subject: CAIS-Alerta: Patch Acumulativo para o Internet Explorer
To: <rnp-alerta em cais.rnp.br>, <rnp-seg em cais.rnp.br>
Cc: Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br>
Date: Thu, 14 Feb 2002 15:31:18 -0200 (EDT)

-----BEGIN PGP SIGNED MESSAGE-----


Prezados,

O CAIS esta' repassando o alerta do CIAC, CIAC Bulletin M-041 Microsoft
Internet Explorer Cumulative Patch, relativo ao alerta divulgado pela
Microsoft, Microsoft Security Bulletin MS02-005, que trata da
identificacao de seis vulnerabilidades no Internet Explorer.

Uma destas vulnerabilidades permite ao atacante executar codigo
remotamente no sistema cliente, podendo  obter acesso ao mesmo.

Ressalta-se que o patch divulgado e' acumulativo, ou seja, uma vez
instalado, elimina todas as vulnerabilidades divulgadas anteriormente e
que afetam o IE 5.01, 5.5 e IE 6, alem das seis tratadas neste alerta.

Sistemas Afetados:

	Plataformas Windows com Internet Explorer 5.01 SP2,
	 	5.5 SP1 e SP2, ou 6.0.

Correcoes disponiveis:

A correcao consiste na aplicacao do  "11 February 2002 Cumulative Patch
for IE", que pode ser obtido em:

	http://www.microsoft.com/windows/ie/downloads/critical/q316059/default.asp

Maiores informacoes:

        http://www.microsoft.com/technet/security/bulletin/ms02-005.asp

Identificadores do CVE: CAN-2002-0022, CAN-2002-0023, CAN-2002-0024,
			CAN-2002-0025, CAN-2002-0026 e CAN-2002-0027


O CAIS recomenda fortemente aos administradores de sistemas Windows que
atualizem seus sistemas.


Atenciosamente,



################################################################
#   CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA / RNP      #
#                                                              #
# cais em cais.rnp.br     http://www.cais.rnp.br                  #
# Tel. 019-37873300    Fax. 019-37873301                       #
# Chave PGP disponivel em: http://www.cais.rnp.br/cais-pgp.key #
################################################################


>From ciac em rumpole.ciac.org Thu Feb 14 12:14:35 2002
Date: Tue, 12 Feb 2002 17:25:42 -0800 (PST)
From: CIAC Mail User <ciac em rumpole.ciac.org>
To: ciac-bulletin em rumpole.ciac.org
Subject: CIAC Bulletin M-041 Microsoft Internet Explorer Cumulative Patch

[For Public Release]
             __________________________________________________________

                       The U.S. Department of Energy
                     Computer Incident Advisory Center
                           ___  __ __    _     ___
                          /       |     /_\   /
                          \___  __|__  /   \  \___
             __________________________________________________________

                             INFORMATION BULLETIN

                  Microsoft Internet Explorer Cumulative Patch
                     [Microsoft Security Bulletin MS02-005]

February 12, 2002 18:00 GMT                                       Number M-041
______________________________________________________________________________
PROBLEM:       Six vulnerabilities have been found in Internet Explorer, the
               most serious of which allows an intruder to remotely run code
               on another users system.
PLATFORM:      Windows Platforms with Internet Explorer 5.01 SP2, 5.5 SP1 and
               SP2, or 6.0.
DAMAGE:        Depending on the vulnerability, an intruder can read or execute
               files on a client system and possibly get remote access to the
               system.
SOLUTION:      Apply the 11 February 2002 Cumulative Patch for Internet
               Explorer available on the Microsoft windowsupdate website.
______________________________________________________________________________
VULNERABILITY  The risk is HIGH. Remote users can run code on a clients system
ASSESSMENT:    and possibly get user access on that system.
______________________________________________________________________________
LINKS:
 CIAC BULLETIN:      http://www.ciac.org/ciac/bulletins/m-041.shtml
 ORIGINAL BULLETIN:
	http://www.microsoft.com/technet/treeview/default.asp?url=/technet/
	       security/bulletin/MS02-005.asp
 PATCHES:            http://windowsupdate.microsoft.com
______________________________________________________________________________


- -+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+
This message was posted through the FIRST mailing list server.
Contact your team's FIRST representative to (un)subscribe,

DO NOT REDISTRIBUTE BEYOND MEMBERS OF FIRST TEAMS UNLESS THE AUTHOR OF
THIS MESSAGE GRANTS EXPRESS PERMISSION TO REDISTRIBUTE
- -+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+
- ------------ Output from pgp ------------
Signature by unknown keyid: 0x6CCB7419










-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
Charset: noconv

iQCVAwUBPGv0bekli63F4U8VAQFc2gP+N4keuSfKjPf9YROUnrSUteWPEVR50Ji9
5ZIWSrXbU/CeXDtdwPAEdUX1NTxAhK/h66TwnBSV7n8F0AuLQCJ0hcZ7I2jGsRdU
CvQJResYvxU68eSUD16ql4z5glXLz99DkGW+5cN6gEchuTGb/JVFzKsDq27WTenv
wVy1ULb3MA8=
=xb42
-----END PGP SIGNATURE-----



----- End forwarded message -----

Mais detalhes sobre a lista de discussão SECURITY-L