[SECURITY-L] CAIS-Alerta: Vulnerabilidades no Microsoft Internet Explorer (MS09-034)

Qua Jul 29 16:58:37 -03 2009

----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br> -----

From: Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br>
Subject:  CAIS-Alerta: Vulnerabilidades no Microsoft Internet Explorer (MS09-034)
To: pop-seg em cais.rnp.br, rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br
Date: Wed, 29 Jul 2009 11:58:38 -0300 (BRT)

-----BEGIN PGP SIGNED MESSAGE-----

Prezados,

O CAIS está repassando o alerta da Microsoft, intitulado "MS09-034 - 
Cumulative Security Update for Internet Explorer (972260)", que trata de 
três vulnerabilidades em diversas versões do navegador Internet Explorer.

Esta atualização de segurança resolve três vulnerabilidades no Internet 
Explorer. Estas vulnerabilidades permitem a execução remota de código se 
um atacante conseguir convencer um usuário de um sistema vulnerável a 
abrir uma página especialmente preparada.

Esta atualização está relacionada com a vulnerabilidade descrita no 
Microsoft Security Advisory (973882), que descreve uma vulnerabilidade no 
Microsoft Active Template Library (ATL). ATL é um conjunto de classes C++ 
baseadas em template, usada no desenvolvimento de objetos Component Object 
Model (COM).

Este boletim de segurança foi divulgado fora do ciclo mensal de boletins 
de segurança por se tratarem de vulnerabilidades de severidade crítica, 
relacionadas com as vulnerabilidades no ATL e o boletim de segurança 
MS09-032 (ActiveX Kill Bits), publicado em 14 de julho. Por estas razões o 
CAIS recomenda a aplicação imediata da atualização.

CORREÇÕES DISPONÍVEIS

Recomenda-se atualizar os sistemas para as versões disponíveis em:

. Microsoft Internet Explorer 5.01 Service Pack 4
  http://www.microsoft.com/downloads/details.aspx?FamilyID=50ffc8f4-7ab7-4e64-9965-5767db5f53cd

. Microsoft Internet Explorer 6 Service Pack 1
  http://www.microsoft.com/downloads/details.aspx?FamilyID=93bd1baa-e2fb-4e8c-9dd7-738efef32282

. Internet Explorer 6

  - Windows XP Service Pack 2
    http://www.microsoft.com/downloads/details.aspx?FamilyID=22bed634-5227-4a22-8df5-801f3e2e232a

  - Windows XP Service Pack 3
    http://www.microsoft.com/downloads/details.aspx?FamilyID=22bed634-5227-4a22-8df5-801f3e2e232a

  - Windows XP Professional x64 Edition Service Pack 2
    http://www.microsoft.com/downloads/details.aspx?familyid=35ab0c5e-df3d-4873-8139-d1d98b3ac350

  - Windows Server 2003 Service Pack 2
    http://www.microsoft.com/downloads/details.aspx?familyid=44852619-58ad-48f2-bc55-e8e1c72b1ba9

  - Windows Server 2003 x64 Edition Service Pack 2
    http://www.microsoft.com/downloads/details.aspx?familyid=bd7f36c6-c5c5-4f19-ab59-39f1aaba7fe2

  - Windows Server 2003 com SP2 para Sistemas baseados em Itanium
    http://www.microsoft.com/downloads/details.aspx?familyid=cdb70acf-77c3-40a4-b6a3-0fbc0fc0d7fc

. Internet Explorer 7

  - Windows XP Service Pack 2
    http://www.microsoft.com/downloads/details.aspx?FamilyID=c874c8f8-0449-42b1-8d8b-901040069568

  - Windows XP Service Pack 3
    http://www.microsoft.com/downloads/details.aspx?FamilyID=c874c8f8-0449-42b1-8d8b-901040069568

  - Windows XP Professional x64 Edition Service Pack 2
    http://www.microsoft.com/downloads/details.aspx?familyid=113cc76a-c434-42ff-b594-4834989ad5ba

  - Windows Server 2003 Service Pack 2
    http://www.microsoft.com/downloads/details.aspx?familyid=f4112c25-9e6f-473a-bdbc-3df6dd66e6af

  - Windows Server 2003 x64 Edition Service Pack 2
    http://www.microsoft.com/downloads/details.aspx?familyid=a594ee0d-ec8f-47df-9125-89d0bbf2115d

  - Windows Server 2003 com SP2 para Sistemas baseados em Itanium
    http://www.microsoft.com/downloads/details.aspx?FamilyID=adb6bad2-9931-4ede-856e-bb43bb0f6071

  - Windows Vista
    http://www.microsoft.com/downloads/details.aspx?familyid=d3be9a13-1a5b-4b74-9649-449df923f573

  - Windows Vista Service Pack 1
    http://www.microsoft.com/downloads/details.aspx?familyid=d3be9a13-1a5b-4b74-9649-449df923f573

  - Windows Vista Service Pack 2
    http://www.microsoft.com/downloads/details.aspx?familyid=d3be9a13-1a5b-4b74-9649-449df923f573

  - Windows Vista x64 Edition
    http://www.microsoft.com/downloads/details.aspx?familyid=2b23cd74-6cf1-413b-82a7-b602347e3ce6

  - Windows Vista x64 Edition Service Pack 1
    http://www.microsoft.com/downloads/details.aspx?familyid=2b23cd74-6cf1-413b-82a7-b602347e3ce6

  - Windows Vista x64 Edition Service Pack 2
    http://www.microsoft.com/downloads/details.aspx?familyid=2b23cd74-6cf1-413b-82a7-b602347e3ce6

  - Windows Server 2008 para Sistemas 32 bits
    http://www.microsoft.com/downloads/details.aspx?familyid=92e3af41-71b0-4a28-afc7-123733180ead

  - Windows Server 2008 para Sistemas 32 bits Service Pack 2
    http://www.microsoft.com/downloads/details.aspx?familyid=92e3af41-71b0-4a28-afc7-123733180ead

  - Windows Server 2008 para Sistemas baseados em x64
    http://www.microsoft.com/downloads/details.aspx?familyid=1958ec40-3b7b-43a9-9fdc-742735dcf516

  - Windows Server 2008 para Sistemas baseados em x64 Service Pack 2
    http://www.microsoft.com/downloads/details.aspx?familyid=1958ec40-3b7b-43a9-9fdc-742735dcf516

  - Windows Server 2008 para Sistemas baseados em Itanium
    http://www.microsoft.com/downloads/details.aspx?familyid=470387ac-6d75-4b7e-8ca5-376b67a8bd4d

  - Windows Server 2008 para Sistemas baseados em Itanium Service Pack 2
    http://www.microsoft.com/downloads/details.aspx?familyid=470387ac-6d75-4b7e-8ca5-376b67a8bd4d

. Internet Explorer 8

  - Windows XP Service Pack
    http://www.microsoft.com/downloads/details.aspx?familyid=0acc8aaa-0ae1-412a-9f2b-dc7c707cae00

  - Windows XP Service Pack 3
    http://www.microsoft.com/downloads/details.aspx?familyid=0acc8aaa-0ae1-412a-9f2b-dc7c707cae00

  - Windows XP Professional x64 Edition Service Pack 2
    http://www.microsoft.com/downloads/details.aspx?familyid=29c8d9e6-2cb8-42b6-b0a6-2510fdb49eab

  - Windows Server 2003 Service Pack 2
    http://www.microsoft.com/downloads/details.aspx?familyid=f4ae65a7-142f-4953-a542-315dac2ac606

  - Windows Server 2003 x64 Edition Service Pack 2
    http://www.microsoft.com/downloads/details.aspx?familyid=3bc0e17b-898b-4f29-aa29-607527e1c1cd

  - Windows Vista
    http://www.microsoft.com/downloads/details.aspx?familyid=b05a19f7-7412-4c2b-ad11-34396e54ca43

  - Windows Vista Service Pack 1
    http://www.microsoft.com/downloads/details.aspx?familyid=b05a19f7-7412-4c2b-ad11-34396e54ca43

  - Windows Vista Service Pack 2
    http://www.microsoft.com/downloads/details.aspx?familyid=b05a19f7-7412-4c2b-ad11-34396e54ca43

  - Windows Vista x64 Edition
    http://www.microsoft.com/downloads/details.aspx?familyid=900e9a05-2f71-42de-b603-47e4ac061bcb

  - Windows Vista x64 Edition Service Pack 1
    http://www.microsoft.com/downloads/details.aspx?familyid=900e9a05-2f71-42de-b603-47e4ac061bcb

  - Windows Vista x64 Edition Service Pack 2
    http://www.microsoft.com/downloads/details.aspx?familyid=900e9a05-2f71-42de-b603-47e4ac061bcb

  - Windows Server 2008 para Sistemas 32 bits
    http://www.microsoft.com/downloads/details.aspx?familyid=30f99bda-9107-4969-90af-2a30e12acdae

  - Windows Server 2008 para Sistemas 32 bits Service Pack 2
    http://www.microsoft.com/downloads/details.aspx?familyid=30f99bda-9107-4969-90af-2a30e12acdae

  - Windows Server 2008 para Sistemas baseados em x64
    http://www.microsoft.com/downloads/details.aspx?familyid=acd3667b-6676-4010-b23b-e8372dd55f93

  - Windows Server 2008 para Sistemas baseados em x64 Service Pack 2
    http://www.microsoft.com/downloads/details.aspx?familyid=acd3667b-6676-4010-b23b-e8372dd55f93

  - Windows Server 2008 para Sistemas baseados em Itanium
    http://www.microsoft.com/downloads/details.aspx?familyid=d223766f-2728-451d-98dd-c250ca52a76f  

  - Windows Server 2008 para Sistemas baseados em Itanium Service Pack 2
    http://www.microsoft.com/downloads/details.aspx?familyid=d223766f-2728-451d-98dd-c250ca52a76

MAIS INFORMAÇÕES

. MS09-034: Cumulative Security Update for Internet Explorer (972260)
  http://www.microsoft.com/technet/security/bulletin/ms09-034.mspx

. Microsoft Security Advisory (973882): Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution
  http://www.microsoft.com/technet/security/advisory/973882.mspx

. MS09-032: Cumulative Security Update of ActiveX Kill Bits (973346)
  http://www.microsoft.com/technet/security/bulletin/ms09-032.mspx

. Microsoft TechCenter de Segurança
  http://technet.microsoft.com/pt-br/security/

. Microsoft Security Response Center - MSRC
  http://www.microsoft.com/security/msrc/

. Microsoft Security Research & Defense - MSRD
  http://blogs.technet.com/srd/

. Segurança Microsoft
  http://www.microsoft.com/brasil/security/

Identificador CVE (http://cve.mitre.org):
CVE-2009-1917, CVE-2009-1918, CVE-2009-1919

O CAIS recomenda que os administradores mantenham seus sistemas e 
aplicativos sempre atualizados, de acordo com as últimas versões e 
correções oferecidas pelos fabricantes.

Os Alertas do CAIS também são oferecidos no formato RSS/RDF:
http://www.rnp.br/cais/alertas/rss.xml

Atenciosamente,

################################################################
#   CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS)     #
#       Rede Nacional de Ensino e Pesquisa (RNP)               #
#                                                              #
# cais em cais.rnp.br       http://www.cais.rnp.br                #
# Tel. 019-37873300      Fax. 019-37873301                     #
# Chave PGP disponivel   http://www.rnp.br/cais/cais-pgp.key   #
################################################################

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Made with pgp4pine 1.76

iQCVAwUBSnBjpekli63F4U8VAQE7sQQAlK9HH09plPkQwIDiuCkqc8dFDecoDZLD
D6K2hEpZP2acJjVJ96Jgc5/ltn89Soo/ME0OZ315s2T7oguY/1JDGUcUd9CVo7H9
shqwGDEvXW1pccCdaxGJQQE/SPpax74csLS002FwHuBu5xmexfZjA4HYyNo2Xt2k
Re212bkFmY8=
=yyT4
-----END PGP SIGNATURE-----

----- End forwarded message -----