[SECURITY-L] CAIS-Alerta: Patch Acumulativo para o Internet Explorer
Daniela Regina Barbetti
daniela em ccuec.unicamp.br
Sex Fev 15 08:48:14 -02 2002
----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br> -----
From: Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br>
Subject: CAIS-Alerta: Patch Acumulativo para o Internet Explorer
To: <rnp-alerta em cais.rnp.br>, <rnp-seg em cais.rnp.br>
Cc: Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br>
Date: Thu, 14 Feb 2002 15:31:18 -0200 (EDT)
-----BEGIN PGP SIGNED MESSAGE-----
Prezados,
O CAIS esta' repassando o alerta do CIAC, CIAC Bulletin M-041 Microsoft
Internet Explorer Cumulative Patch, relativo ao alerta divulgado pela
Microsoft, Microsoft Security Bulletin MS02-005, que trata da
identificacao de seis vulnerabilidades no Internet Explorer.
Uma destas vulnerabilidades permite ao atacante executar codigo
remotamente no sistema cliente, podendo obter acesso ao mesmo.
Ressalta-se que o patch divulgado e' acumulativo, ou seja, uma vez
instalado, elimina todas as vulnerabilidades divulgadas anteriormente e
que afetam o IE 5.01, 5.5 e IE 6, alem das seis tratadas neste alerta.
Sistemas Afetados:
Plataformas Windows com Internet Explorer 5.01 SP2,
5.5 SP1 e SP2, ou 6.0.
Correcoes disponiveis:
A correcao consiste na aplicacao do "11 February 2002 Cumulative Patch
for IE", que pode ser obtido em:
http://www.microsoft.com/windows/ie/downloads/critical/q316059/default.asp
Maiores informacoes:
http://www.microsoft.com/technet/security/bulletin/ms02-005.asp
Identificadores do CVE: CAN-2002-0022, CAN-2002-0023, CAN-2002-0024,
CAN-2002-0025, CAN-2002-0026 e CAN-2002-0027
O CAIS recomenda fortemente aos administradores de sistemas Windows que
atualizem seus sistemas.
Atenciosamente,
################################################################
# CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA / RNP #
# #
# cais em cais.rnp.br http://www.cais.rnp.br #
# Tel. 019-37873300 Fax. 019-37873301 #
# Chave PGP disponivel em: http://www.cais.rnp.br/cais-pgp.key #
################################################################
>From ciac em rumpole.ciac.org Thu Feb 14 12:14:35 2002
Date: Tue, 12 Feb 2002 17:25:42 -0800 (PST)
From: CIAC Mail User <ciac em rumpole.ciac.org>
To: ciac-bulletin em rumpole.ciac.org
Subject: CIAC Bulletin M-041 Microsoft Internet Explorer Cumulative Patch
[For Public Release]
__________________________________________________________
The U.S. Department of Energy
Computer Incident Advisory Center
___ __ __ _ ___
/ | /_\ /
\___ __|__ / \ \___
__________________________________________________________
INFORMATION BULLETIN
Microsoft Internet Explorer Cumulative Patch
[Microsoft Security Bulletin MS02-005]
February 12, 2002 18:00 GMT Number M-041
______________________________________________________________________________
PROBLEM: Six vulnerabilities have been found in Internet Explorer, the
most serious of which allows an intruder to remotely run code
on another users system.
PLATFORM: Windows Platforms with Internet Explorer 5.01 SP2, 5.5 SP1 and
SP2, or 6.0.
DAMAGE: Depending on the vulnerability, an intruder can read or execute
files on a client system and possibly get remote access to the
system.
SOLUTION: Apply the 11 February 2002 Cumulative Patch for Internet
Explorer available on the Microsoft windowsupdate website.
______________________________________________________________________________
VULNERABILITY The risk is HIGH. Remote users can run code on a clients system
ASSESSMENT: and possibly get user access on that system.
______________________________________________________________________________
LINKS:
CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/m-041.shtml
ORIGINAL BULLETIN:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/
security/bulletin/MS02-005.asp
PATCHES: http://windowsupdate.microsoft.com
______________________________________________________________________________
- -+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+
This message was posted through the FIRST mailing list server.
Contact your team's FIRST representative to (un)subscribe,
DO NOT REDISTRIBUTE BEYOND MEMBERS OF FIRST TEAMS UNLESS THE AUTHOR OF
THIS MESSAGE GRANTS EXPRESS PERMISSION TO REDISTRIBUTE
- -+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+
- ------------ Output from pgp ------------
Signature by unknown keyid: 0x6CCB7419
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
Charset: noconv
iQCVAwUBPGv0bekli63F4U8VAQFc2gP+N4keuSfKjPf9YROUnrSUteWPEVR50Ji9
5ZIWSrXbU/CeXDtdwPAEdUX1NTxAhK/h66TwnBSV7n8F0AuLQCJ0hcZ7I2jGsRdU
CvQJResYvxU68eSUD16ql4z5glXLz99DkGW+5cN6gEchuTGb/JVFzKsDq27WTenv
wVy1ULb3MA8=
=xb42
-----END PGP SIGNATURE-----
----- End forwarded message -----
Mais detalhes sobre a lista de discussão SECURITY-L