[SECURITY-L] CAIS-Alerta: Vulnerabilidade Critica no Microsoft Internet Explorer (MS08-078)
CSIRT - UNICAMP
security em unicamp.br
Sex Dez 19 08:56:04 -02 2008
----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br> -----
From: Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br>
Subject: CAIS-Alerta: Vulnerabilidade Critica no Microsoft Internet Explorer
(MS08-078)
To: pop-seg em cais.rnp.br, rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br
Date: Thu, 18 Dec 2008 14:36:57 -0200 (BRST)
-----BEGIN PGP SIGNED MESSAGE-----
Prezados,
O CAIS esta' repassando o alerta da Microsoft, intitulado "MS08-078 -
Security Update for Internet Explorer (960714)", que trata de uma
vulnerabilidade critica nas versoes 5, 6 e 7 do navegador Internet
Explorer.
Foi descoberta uma vulnerabilidade critica que pode fazer com que o
navegador feche inesperadamente.
Esta vulnerabilidade permite a execucao remota de codigo se um usuario
abrir uma pagina Web preparada por um atacante com o navegador Internet
Explorer. Usuarios com menos privilegios no sistema podem causar menos
impacto caso a vulnerabilidade seja explorada.
Este boletim de seguranca foi divulgado fora do ciclo mensal de boletins
de seguranca por se tratar de uma vulnerabilidade critica, por isso o CAIS
recomenda a aplicacao imediada da correcao.
SISTEMAS AFETADOS
. Microsoft Internet Explorer 5.01 Service Pack 4 - Microsoft Windows 2000 Service Pack 4
. Microsoft Internet Explorer 6 Service Pack 1 - Microsoft Windows 2000 Service Pack 4
. Internet Explorer 6
- Windows XP Service Pack 2
- Windows XP Service Pack 3
- Windows XP Professional x64 Edition
- Windows XP Professional x64 Edition Service Pack 2
- Windows Server 2003 Service Pack 1
- Windows Server 2003 Service Pack 2
- Windows Server 2003 x64 Edition
- Windows Server 2003 x64 Edition Service Pack 2
- Windows Server 2003 com SP1 para Sistemas Itanium
- Windows Server 2003 com SP2 para Sistemas Itanium
. Internet Explorer 7
- Windows XP Service Pack 2
- Windows XP Service Pack 3
- Windows XP Professional x64 Edition
- Windows XP Professional x64 Edition Service Pack 2
- Windows Server 2003 Service Pack 1
- Windows Server 2003 Service Pack 2
- Windows Server 2003 x64 Edition
- Windows Server 2003 x64 Edition Service Pack 2
- Windows Server 2003 com SP1 para Sistemas Itanium
- Windows Server 2003 com SP2 para Sistemas Itanium
- Windows Vista
- Windows Vista Service Pack 1
- Windows Vista x64 Edition
- Windows Vista x64 Edition Service Pack 1
- Windows Server 2008 para Sistemas 32 bits
- Windows Server 2008 para Sistemas x64
- Windows Server 2008 para Sistemas Itanium
CORRECOES DISPONIVEIS
Recomenda-se atualizar os sistemas para as versoes disponiveis em:
. Microsoft Internet Explorer 5.01 Service Pack 4 - Microsoft Windows 2000 Service Pack 4
http://www.microsoft.com/downloads/details.aspx?familyid=d3e18732-47f1-40ce-999c-d1fd283bf138
. Microsoft Internet Explorer 6 Service Pack 1 - Microsoft Windows 2000 Service Pack 4
http://www.microsoft.com/downloads/details.aspx?familyid=124c14b6-9323-4f6f-902b-727aa56444bc
. Internet Explorer 6
- Windows XP Service Pack 2
http://www.microsoft.com/downloads/details.aspx?familyid=1d83e0af-46fa-4bfc-ba57-635435a7ef2d
- Windows XP Service Pack 3
http://www.microsoft.com/downloads/details.aspx?familyid=1d83e0af-46fa-4bfc-ba57-635435a7ef2d
- Windows XP Professional x64 Edition
http://www.microsoft.com/downloads/details.aspx?familyid=a585cb73-2c1a-4fa8-862a-ad6aeaeaf2f8
- Windows XP Professional x64 Edition Service Pack 2
http://www.microsoft.com/downloads/details.aspx?familyid=a585cb73-2c1a-4fa8-862a-ad6aeaeaf2f8
- Windows Server 2003 Service Pack 1
http://www.microsoft.com/downloads/details.aspx?familyid=d81e9cf9-ce0c-463a-a359-49a348cb89ae
- Windows Server 2003 Service Pack 2
http://www.microsoft.com/downloads/details.aspx?familyid=d81e9cf9-ce0c-463a-a359-49a348cb89ae
- Windows Server 2003 x64 Edition
http://www.microsoft.com/downloads/details.aspx?familyid=015df302-d79f-43a1-b5c5-32ac04de0510
- Windows Server 2003 x64 Edition Service Pack 2
http://www.microsoft.com/downloads/details.aspx?familyid=015df302-d79f-43a1-b5c5-32ac04de0510
- Windows Server 2003 com SP1 para Sistemas Itanium
http://www.microsoft.com/downloads/details.aspx?familyid=18016305-7f72-47f6-ab4c-94282289bf5f
- Windows Server 2003 com SP2 para Sistemas Itanium
http://www.microsoft.com/downloads/details.aspx?familyid=18016305-7f72-47f6-ab4c-94282289bf5f
. Internet Explorer 7
- Windows XP Service Pack 2
http://www.microsoft.com/downloads/details.aspx?familyid=0190a289-164e-41a7-8c01-fa1aaed3f531
- Windows XP Service Pack 3
http://www.microsoft.com/downloads/details.aspx?familyid=0190a289-164e-41a7-8c01-fa1aaed3f531
- Windows XP Professional x64 Edition
http://www.microsoft.com/downloads/details.aspx?familyid=9ba71e23-8cef-4399-b215-983b0dcf5cb5
- Windows XP Professional x64 Edition Service Pack 2
http://www.microsoft.com/downloads/details.aspx?familyid=9ba71e23-8cef-4399-b215-983b0dcf5cb5
- Windows Server 2003 Service Pack 1
http://www.microsoft.com/downloads/details.aspx?familyid=388847ec-817e-45cf-8fa7-32c7e1f57f80
- Windows Server 2003 Service Pack 2
http://www.microsoft.com/downloads/details.aspx?familyid=388847ec-817e-45cf-8fa7-32c7e1f57f80
- Windows Server 2003 x64 Edition
http://www.microsoft.com/downloads/details.aspx?familyid=2ae17caf-6204-470e-8480-380d3d505657
- Windows Server 2003 x64 Edition Service Pack 2
http://www.microsoft.com/downloads/details.aspx?familyid=2ae17caf-6204-470e-8480-380d3d505657
- Windows Server 2003 com SP1 para Sistemas Itanium
http://www.microsoft.com/downloads/details.aspx?familyid=97d6c093-f68d-4ddf-8e3c-f29662a1940f
- Windows Server 2003 com SP2 para Sistemas Itanium
http://www.microsoft.com/downloads/details.aspx?familyid=97d6c093-f68d-4ddf-8e3c-f29662a1940f
- Windows Vista
http://www.microsoft.com/downloads/details.aspx?familyid=7887111d-4fac-4823-bdd2-a18d9468fdf0
- Windows Vista Service Pack 1
http://www.microsoft.com/downloads/details.aspx?familyid=7887111d-4fac-4823-bdd2-a18d9468fdf0
- Windows Vista x64 Edition
http://www.microsoft.com/downloads/details.aspx?familyid=69979d92-8d45-47fe-ac4c-c2f1f23cf1fb
- Windows Vista x64 Edition Service Pack 1
http://www.microsoft.com/downloads/details.aspx?familyid=69979d92-8d45-47fe-ac4c-c2f1f23cf1fb
- Windows Server 2008 para Sistemas 32 bits
http://www.microsoft.com/downloads/details.aspx?familyid=5552e564-dd1c-4e2a-9a42-6317522c884d
- Windows Server 2008 para Sistemas x64
http://www.microsoft.com/downloads/details.aspx?familyid=889c6eb1-7d1f-4e60-b637-535cb6e4e443
- Windows Server 2008 para Sistemas Itanium
http://www.microsoft.com/downloads/details.aspx?familyid=06cb502a-6818-4599-aa24-6eddb83e4b84
MAIS INFORMACOES
. MS08-078: Security Update for Internet Explorer (960714)
http://www.microsoft.com/technet/security/Bulletin/MS08-078.mspx
. Vulnerability in Internet Explorer Could Allow Remote Code Execution
http://www.microsoft.com/technet/security/advisory/961051.mspx
. Clarification on the various workarounds from the recent IE advisory
http://blogs.technet.com/swi/archive/2008/12/12/Clarification-on-the-various-workarounds-from-the-recent-IE-advisory.aspx
. SANS ISC Handler's Diary 2008-12-17: Internet Explorer 960714 is released
http://isc.sans.org/diary.html?storyid=5515
. SANS ISC Handler's Diary 2008-12-16: XML data Island workaround may affect clients wth exchange 2003 outlook web access
http://isc.sans.org/diary.html?storyid=5503
. SANS ISC Handler's Diary 2008-12-16: Microsoft announces an out of band patch for IE zero day
http://isc.sans.org/diary.html?storyid=5497
. SANS ISC Handler's Diary 2008-12-13: The continuing IE saga - workarounds
http://isc.sans.org/diary.html?storyid=5479
. SANS ISC Handler's Diary 2008-12-12: IE7 0day expanded to include IE6 and IE8(beta) -- now others
http://isc.sans.org/diary.html?storyid=5470
. SANS ISC Handler's Diary 2008-12-12: MSIE 0-day Spreading Via SQL Injection
http://isc.sans.org/diary.html?storyid=5464
. SANS ISC Handler's Diary 2008-12-10: 0-day exploit for Internet Explorer in the wild
http://isc.sans.org/diary.html?storyid=5458
. Microsoft Brasil Security
http://www.microsoft.com/brasil/security
. Technet Brasil - Central de Seguranca
http://www.technetbrasil.com.br/seguranca
. Windows Live OneCare
http://safety.live.com/site/pt-BR/default.htm
Identificador CVE (http://cve.mitre.org): CVE-2008-4844
O CAIS recomenda que os administradores mantenham seus sistemas e
aplicativos sempre atualizados, de acordo com as ultimas versoes e
correcoes oferecidas pelos fabricantes.
Os Alertas do CAIS tambem sao oferecidos no formato RSS/RDF:
http://www.rnp.br/cais/alertas/rss.xml
Atenciosamente,
################################################################
# CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) #
# Rede Nacional de Ensino e Pesquisa (RNP) #
# #
# cais em cais.rnp.br http://www.cais.rnp.br #
# Tel. 019-37873300 Fax. 019-37873301 #
# Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key #
################################################################
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Made with pgp4pine 1.76
iQCVAwUBSUp8Oukli63F4U8VAQEcWgQAmv2DF2sVpHgbNXy3DCPmI+Ahf12cXdYZ
uGQmWzyX/CkXRCV1rop47qYhdgcYc89NEUandxmLfKaYZT4pXeU7EN2JFYYRJsf6
FlKOeUWnhTUomKFvMs95vH401bpUFeKm3EjRwMkf/EM4tAfDbEbiLBCm6qoJrlVK
U/fZj1aJHiQ=
=TbDp
-----END PGP SIGNATURE-----
----- End forwarded message -----
Mais detalhes sobre a lista de discussão SECURITY-L