[SECURITY-L] CAIS-Alerta: Correcoes de Seguranca Acumulativas para Internet Explorer (MS08-010)
CSIRT - UNICAMP
security em unicamp.br
Qua Fev 13 15:48:51 -02 2008
----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br> -----
From: Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br>
Subject: CAIS-Alerta: Correcoes de Seguranca Acumulativas para Internet
Explorer (MS08-010)
To: pop-seg em cais.rnp.br, rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br
Date: Tue, 12 Feb 2008 18:06:30 -0200 (BRST)
-----BEGIN PGP SIGNED MESSAGE-----
Prezados,
O CAIS esta' repassando o alerta da Microsoft, intitulado "MS08-010 -
Cumulative Security Update for Internet Explorer (944533)", que trata de
quatro vulnerabilidades identificadas no navegador Internet Explorer.
A vulnerabilidade mais critica permite a execucao remota de codigo caso um
usuario abra uma pagina Web maliciosa com um navegador Internet Explorer
afetado. Usuarios cujas contas tenham menos privilegios no sistema podem
sofrer menos impacto.
As atualizacoes deste boletim substituem as do boletim MS07-069, divulgado
em Dezembro de 2007.
Sistemas afetados:
. Internet Explorer 5.01 e Internet Explorer 6 Service Pack 1
- Microsoft Windows 2000 Service Pack 4
- Microsoft Windows 2000 Service Pack 4
. Internet Explorer 6
- Windows XP Service Pack 2
- Windows XP Professional x64 Edition
- Windows XP Professional x64 Edition Service Pack 2
- Windows Server 2003 Service Pack 1
- Windows Server 2003 Service Pack 2
- Windows Server 2003 x64 Edition
- Windows Server 2003 x64 Edition Service Pack 2
- Windows Server 2003 com SP1 para sistemas baseados em Itanium
- Windows Server 2003 com SP2 para sistemas baseados em Itanium
. Internet Explorer 7
- Windows XP Service Pack 2
- Windows XP Professional x64 Edition
- Windows XP Professional x64 Edition Service Pack 2
- Windows Server 2003 Service Pack 1
- Windows Server 2003 Service Pack 2
- Windows Server 2003 x64 Edition
- Windows Server 2003 x64 Edition Service Pack 2
- Windows Server 2003 com SP1 para sistemas baseados em Itanium
- Windows Server 2003 com SP2 para sistemas baseados em Itanium
- Windows Vista
- Windows Vista x64 Edition
Correcoes disponiveis:
Recomenda-se fazer a atualizacao para as versoes disponiveis em:
. Internet Explorer 5.01 e Internet Explorer 6 Service Pack 1
- Microsoft Windows 2000 Service Pack 4
http://www.microsoft.com/downloads/details.aspx?FamilyId=1032A039-468B-4C5F-8C1C-5E54C2832E41
- Microsoft Windows 2000 Service Pack 4
http://www.microsoft.com/downloads/details.aspx?FamilyId=87E66DCE-5060-4814-8754-829B4E190359
. Internet Explorer 6
- Windows XP Service Pack 2
http://www.microsoft.com/downloads/details.aspx?FamilyId=BB2AA3CB-021F-4890-AB20-2A51F8E17554
- Windows XP Professional x64 Edition
http://www.microsoft.com/downloads/details.aspx?FamilyId=8989F576-8B30-4866-90EC-929D24F3B409
- Windows XP Professional x64 Edition Service Pack 2
http://www.microsoft.com/downloads/details.aspx?FamilyId=8989F576-8B30-4866-90EC-929D24F3B409
- Windows Server 2003 Service Pack 1
http://www.microsoft.com/downloads/details.aspx?FamilyId=429B7ED1-FE78-459A-B834-D0F3C69CB703
- Windows Server 2003 Service Pack 2
http://www.microsoft.com/downloads/details.aspx?FamilyId=429B7ED1-FE78-459A-B834-D0F3C69CB703
- Windows Server 2003 x64 Edition
http://www.microsoft.com/downloads/details.aspx?FamilyId=E989E23C-38BB-4FE7-A830-D7BDF7659392
- Windows Server 2003 x64 Edition Service Pack 2
http://www.microsoft.com/downloads/details.aspx?FamilyId=E989E23C-38BB-4FE7-A830-D7BDF7659392
- Windows Server 2003 com SP1 para sistemas baseados em Itanium
http://www.microsoft.com/downloads/details.aspx?FamilyId=5A097F7A-B696-48D0-B13F-337C5FD14E24
- Windows Server 2003 com SP2 para sistemas baseados em Itanium
http://www.microsoft.com/downloads/details.aspx?FamilyId=5A097F7A-B696-48D0-B13F-337C5FD14E24
. Internet Explorer 7
- Windows XP Service Pack 2
http://www.microsoft.com/downloads/details.aspx?FamilyId=D4AA293A-6332-4C6C-B128-876F516BD030
- Windows XP Professional x64 Edition
http://www.microsoft.com/downloads/details.aspx?FamilyId=B72AF1B6-6E23-4005-AEF6-82195B380153
- Windows XP Professional x64 Edition Service Pack 2
http://www.microsoft.com/downloads/details.aspx?FamilyId=B72AF1B6-6E23-4005-AEF6-82195B380153
- Windows Server 2003 Service Pack 1
http://www.microsoft.com/downloads/details.aspx?FamilyId=B2AA6562-881E-4FD6-BE1B-53426A0FF4A9
- Windows Server 2003 Service Pack 2
http://www.microsoft.com/downloads/details.aspx?FamilyId=B2AA6562-881E-4FD6-BE1B-53426A0FF4A9
- Windows Server 2003 x64 Edition
http://www.microsoft.com/downloads/details.aspx?FamilyId=4BB99AFC-BE14-4F2E-9570-B7FE09E39131
- Windows Server 2003 x64 Edition Service Pack 2
http://www.microsoft.com/downloads/details.aspx?FamilyId=4BB99AFC-BE14-4F2E-9570-B7FE09E39131
- Windows Server 2003 com SP1 para sistemas baseados em Itanium
http://www.microsoft.com/downloads/details.aspx?FamilyId=6FA80E2C-5E91-4B33-ACD9-33F156660AE7
- Windows Server 2003 com SP2 para sistemas baseados em Itanium
http://www.microsoft.com/downloads/details.aspx?FamilyId=6FA80E2C-5E91-4B33-ACD9-33F156660AE7
- Windows Vista
http://www.microsoft.com/downloads/details.aspx?FamilyId=0DE25B98-F443-4874-A06F-4DAAE14C16B0
- Windows Vista x64 Edition
http://www.microsoft.com/downloads/details.aspx?FamilyId=C08EBBE7-639B-4EA2-8304-FAB531930ABF
Mais informacoes:
. MS08-010 - Cumulative Security Update for Internet Explorer (944533)
http://www.microsoft.com/technet/security/bulletin/ms08-010.mspx
. SANS ISC Handler's Diary 2008-02-12: February Black Tuesday overview
http://isc.incidents.org/diary.html?storyid=3973
. Microsoft Brasil Security
http://www.microsoft.com/brasil/security
. Technet Brasil - Central de Seguranca
http://www.technetbrasil.com.br/seguranca
. Windows Live OneCare
http://safety.live.com/site/pt-BR/default.htm
Identificador CVE (http://cve.mitre.org): CVE-2007-4790, CVE-2008-0078,
CVE-2008-0077, CVE-2008-0076
O CAIS recomenda que os administradores mantenham seus sistemas e
aplicativos sempre atualizados, de acordo com as ultimas versoes e
correcoes oferecidas pelos fabricantes.
Os Alertas do CAIS tambem sao oferecidos no formato RSS/RDF:
http://www.rnp.br/cais/alertas/rss.xml
Atenciosamente,
################################################################
# CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) #
# Rede Nacional de Ensino e Pesquisa (RNP) #
# #
# cais em cais.rnp.br http://www.cais.rnp.br #
# Tel. 019-37873300 Fax. 019-37873301 #
# Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key #
################################################################
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Made with pgp4pine 1.76
iQCVAwUBR7H8S+kli63F4U8VAQGgxgQAuT1+j2YBysJeXMZaNOlXVl43C3XGz353
Uty1u/7TiqAXtrCsJkfMCsO79uFCAYxtPg9YGoL0DHjPN6O0xXXczjDdK0yB71ZX
KIBcftKB0zoAi7EOrmFhI3W1PWWP6bTzQ030dJGIXui9TVwGqVyjnk7vitp/NRTc
iJn8i0ZvOw0=
=6kKQ
-----END PGP SIGNATURE-----
----- End forwarded message -----
Mais detalhes sobre a lista de discussão SECURITY-L