[SECURITY-L] CAIS-Alerta: Correcoes de Seguranca Acumulativas para Internet Explorer (MS07-069)

[CSIRT - UNICAMP]

----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br> -----

From: Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br>
Subject:  CAIS-Alerta: Correcoes de Seguranca Acumulativas para Internet
 Explorer (MS07-069)
To: pop-seg em cais.rnp.br, rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br
Date: Thu, 13 Dec 2007 15:42:16 -0200 (BRST)

-----BEGIN PGP SIGNED MESSAGE-----


Prezados,

O CAIS esta' repassando o alerta da Microsoft, intitulado "MS07-069 - 
Cumulative Security Update for Internet Explorer (942615)", que trata de 
quatro vulnerabilidades identificadas no navegador Internet Explorer.

A vulnerabilidade mais critica permite a execucao remota de codigo se um 
usuario abrir uma pagina Web maliciosa em um navegador Internet Explorer 
afetado. Usuarios cujas contas tenham menos direitos no sistema podem 
sofrer menos impacto.

As atualizacoes deste boletim substituem as do boletim MS07-057, 
divulgado em Outubro de 2007.


Sistemas afetados:

. Microsoft Internet Explorer 5.01 Service Pack 4 - Microsoft Windows 2000 Service Pack 4
. Microsoft Internet Explorer 6 Service Pack 1 - Microsoft Windows 2000 Service Pack 4
. Internet Explorer 6

  - Windows XP Service Pack 2
  - Windows XP Professional x64 Edition
  - Windows XP Professional x64 Edition Service Pack 2
  - Windows Server 2003 Service Pack 1
  - Windows Server 2003 Service Pack 2
  - Windows Server 2003 x64 Edition
  - Windows Server 2003 x64 Edition Service Pack 2
  - Windows Server 2003 com SP1 para Sistemas baseados em Itanium
  - Windows Server 2003 com SP2 para Sistemas baseados em Itanium

. Internet Explorer 7

  - Windows XP Service Pack 2
  - Windows XP Professional x64 Edition
  - Windows XP Professional x64 Edition Service Pack 2
  - Windows Server 2003 Service Pack 1
  - Windows Server 2003 Service Pack 2
  - Windows Server 2003 x64 Edition
  - Windows Server 2003 x64 Edition Service Pack 2
  - Windows Server 2003 com SP1 para Sistemas baseados em Itanium
  - Windows Server 2003 com SP2 para Sistemas baseados em Itanium
  - Windows Vista
  - Windows Vista x64 Edition


Correcoes disponiveis:

Recomenda-se fazer a atualizacao para as versoes disponiveis em:

. Microsoft Internet Explorer 5.01 Service Pack 4 - Microsoft Windows 2000 Service Pack 4
  http://www.microsoft.com/downloads/details.aspx?FamilyId=B3BD16EA-5D69-4AE3-84B3-AB773052CEEB

. Microsoft Internet Explorer 6 Service Pack 1 - Microsoft Windows 2000 Service Pack 4
  http://www.microsoft.com/downloads/details.aspx?FamilyId=BC8EDF05-262A-4D1D-B196-4FC1A844970C

. Internet Explorer 6

  - Windows XP Service Pack 2
    http://www.microsoft.com/downloads/details.aspx?FamilyId=6E4EBAFC-34C3-4DC7-B712-152C611D3F0A

  - Windows XP Professional x64 Edition
    http://www.microsoft.com/downloads/details.aspx?FamilyId=F5A5AF23-30FB-4E47-94BD-3B05B55C92F2

  - Windows XP Professional x64 Edition Service Pack 2
    http://www.microsoft.com/downloads/details.aspx?FamilyId=F5A5AF23-30FB-4E47-94BD-3B05B55C92F2

  - Windows Server 2003 Service Pack 1
    http://www.microsoft.com/downloads/details.aspx?FamilyId=BF466060-A585-4C2E-A48D-70E080C3BBE7

  - Windows Server 2003 Service Pack 2
    http://www.microsoft.com/downloads/details.aspx?FamilyId=BF466060-A585-4C2E-A48D-70E080C3BBE7

  - Windows Server 2003 x64 Edition
    http://www.microsoft.com/downloads/details.aspx?FamilyId=074697F2-18C8-4521-BBF7-1D0E7395D27D

  - Windows Server 2003 x64 Edition Service Pack 2
    http://www.microsoft.com/downloads/details.aspx?FamilyId=074697F2-18C8-4521-BBF7-1D0E7395D27D

  - Windows Server 2003 com SP1 para Sistemas baseados em Itanium
    http://www.microsoft.com/downloads/details.aspx?FamilyId=B3F390A6-0361-4553-B627-5E7AD6BF5055

  - Windows Server 2003 com SP2 para Sistemas baseados em Itanium
    http://www.microsoft.com/downloads/details.aspx?FamilyId=B3F390A6-0361-4553-B627-5E7AD6BF5055

. Internet Explorer 7

  - Windows XP Service Pack 2
    http://www.microsoft.com/downloads/details.aspx?FamilyId=B15A6506-02DD-43C2-AEF4-E10C1C76EE97

  - Windows XP Professional x64 Edition
    http://www.microsoft.com/downloads/details.aspx?FamilyId=C092A6BB-8E62-4D90-BDB1-5F3A15968F75    

  - Windows XP Professional x64 Edition Service Pack 2
    http://www.microsoft.com/downloads/details.aspx?FamilyId=C092A6BB-8E62-4D90-BDB1-5F3A15968F75

  - Windows Server 2003 Service Pack 1
    http://www.microsoft.com/downloads/details.aspx?FamilyId=34759C10-16A5-42A2-974D-9D532FB5A0A7

  - Windows Server 2003 Service Pack 2
    http://www.microsoft.com/downloads/details.aspx?FamilyId=34759C10-16A5-42A2-974D-9D532FB5A0A7

  - Windows Server 2003 x64 Edition
    http://www.microsoft.com/downloads/details.aspx?FamilyId=7DCCCE5A-7562-448B-A345-CF1CC758E35C

  - Windows Server 2003 x64 Edition Service Pack 2
    http://www.microsoft.com/downloads/details.aspx?FamilyId=7DCCCE5A-7562-448B-A345-CF1CC758E35C

  - Windows Server 2003 com SP1 para Sistemas baseados em Itanium
    http://www.microsoft.com/downloads/details.aspx?FamilyId=8414F3FB-216A-4D46-B590-4C1F304DFF91

  - Windows Server 2003 com SP2 para Sistemas baseados em Itanium
    http://www.microsoft.com/downloads/details.aspx?FamilyId=8414F3FB-216A-4D46-B590-4C1F304DFF91

  - Windows Vista
    http://www.microsoft.com/downloads/details.aspx?FamilyId=26D303DA-BB2E-4555-96F1-BECB0E277341

  - Windows Vista x64 Edition
    http://www.microsoft.com/downloads/details.aspx?FamilyId=C5E88E0B-A4C2-4690-91D9-326800030A16


Mais informacoes:

. MS07-069 - Cumulative Security Update for Internet Explorer (942615)
  http://www.microsoft.com/technet/security/Bulletin/MS07-069.mspx

. Correcoes de Seguranca Acumulativas para Internet Explorer (MS07-057)
  http://www.rnp.br/cais/alertas/2007/MS07-057.html

. SANS ISC Handler's Diary 2007-12-11: December black tuesday overview
  http://isc.sans.org/diary.html?storyid=3735

. Microsoft Brasil Security
  http://www.microsoft.com/brasil/security

. Technet Brasil - Central de Seguranca
  http://www.technetbrasil.com.br/seguranca

. Windows Live OneCare
  http://safety.live.com/site/pt-BR/default.htm


Identificador CVE (http://cve.mitre.org): CVE-2007-3902, CVE-2007-3903, 
                                          CVE-2007-5344, CVE-2007-5347


O CAIS recomenda que os administradores mantenham seus sistemas e 
aplicativos sempre atualizados, de acordo com as ultimas versoes e 
correcoes oferecidas pelos fabricantes.


Os Alertas do CAIS tambem sao oferecidos no formato RSS/RDF:
http://www.rnp.br/cais/alertas/rss.xml


Atenciosamente,

################################################################
#   CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS)     #
#       Rede Nacional de Ensino e Pesquisa (RNP)               #
#                                                              #
# cais em cais.rnp.br       http://www.cais.rnp.br                #
# Tel. 019-37873300      Fax. 019-37873301                     #
# Chave PGP disponivel   http://www.rnp.br/cais/cais-pgp.key   #
################################################################
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Made with pgp4pine 1.76

iQCVAwUBR2FvH+kli63F4U8VAQEVUgP8CKbZ1uffErBkbZ1N8/BzIEZMUoKWSwpa
KKT/LRYDTJYE0PQbaPKh12EKZg7H01ZC9yqRqj94nnOq4Wrr8fUTL00GIpAkMCUc
VnljzaAoCDjw7SNDIh6tZrVtKthKDAbYrbDhmb9WV/t24hjNFFbenQOMOrfJLuJa
nuxqn3VO1u4=
=xB1+
-----END PGP SIGNATURE-----

----- End forwarded message -----