Title: CAIS-Alerta: Atualizacao Oficial da Microsoft para a vulnerabilidade no VML
Post by: insanity on 26 de September , 2006, 06:33:05 PM
Post by: insanity on 26 de September , 2006, 06:33:05 PM
Prezados,
O CAIS esta' repassando o alerta da Microsoft, intitulado "MS06-055 -
Vulnerability in Vector Markup Language Could Allow Remote Code Execution
(925486)", que trata de uma vulnerabilidade no recurso Vector Markup
Language (VML) presente no Internet Explorer.
Um atacante pode explorar esta vulnerabilidade atraves de uma pagina web
ou uma mensagem de correio HTML maliciosa. Esta mensagem ou pagina, caso
visitada pelo usuario, pode permitir a execucao remota de codigo no
sistema afetado. Um atacante explorando esta vulnerabilidade com sucesso
pode obter controle total sobre um sistema vulneravel.
O CAIS nao recomenda a instalacao de atualizacoes oferecidas por
terceiros, uma vez que a Microsoft nao oferece garantias para estas
atualizacoes.
Este alerta complementa as informacoes do alerta "Vulnerabilidade no
Microsoft Internet Explorer VML (925568)" publicado pelo CAIS em 21/09/06,
cujo link encontra-se na secao mais informacoes.
Sistemas Afetados:
. Microsoft Windows XP Service Pack 1
. Microsoft Windows XP Service Pack 2
. Microsoft Windows XP Professional x64 Edition
. Microsoft Windows Server 2003
. Microsoft Windows Server 2003 Service Pack 1
. Microsoft Windows Server 2003 para sistemas baseados em Itanium
. Microsoft Windows Server 2003 com SP1 para sistemas baseados em Itanium
. Microsoft Windows Server 2003 x64 Edition
Correcoes Disponiveis:
Recomenda-se fazer a atualizacao para as versoes disponiveis em:
. Microsoft Windows XP Service Pack 1
http://www.microsoft.com/downloads/deta ... 1A1A3DE98F (http://www.microsoft.com/downloads/details.aspx?FamilyId=383C13DC-51A9-4B12-89E3-871A1A3DE98F)
. Microsoft Windows XP Service Pack 2
http://www.microsoft.com/downloads/deta ... 823FF6D0A9 (http://www.microsoft.com/downloads/details.aspx?FamilyId=B5F19858-4E86-4FD4-A264-E4823FF6D0A9)
. Microsoft Windows XP Professional x64 Edition
http://www.microsoft.com/downloads/deta ... B56EE4C7F1 (http://www.microsoft.com/downloads/details.aspx?FamilyId=AFD3279C-6171-4F20-A36E-B9B56EE4C7F1)
. Microsoft Windows Server 2003
http://www.microsoft.com/downloads/deta ... 9DDFDC3E27 (http://www.microsoft.com/downloads/details.aspx?FamilyId=AF8F3A58-BA7A-41BF-BB1B-3A9DDFDC3E27)
. Microsoft Windows Server 2003 Service Pack 1
http://www.microsoft.com/downloads/deta ... 9DDFDC3E27 (http://www.microsoft.com/downloads/details.aspx?FamilyId=AF8F3A58-BA7A-41BF-BB1B-3A9DDFDC3E27)
. Microsoft Windows Server 2003 para sistemas baseados em Itanium
http://www.microsoft.com/downloads/deta ... FD6D51E643 (http://www.microsoft.com/downloads/details.aspx?FamilyId=271E9C78-1C6A-443E-924D-43FD6D51E643)
. Microsoft Windows Server 2003 com SP1 para sistemas baseados em Itanium
http://www.microsoft.com/downloads/deta ... FD6D51E643 (http://www.microsoft.com/downloads/details.aspx?FamilyId=271E9C78-1C6A-443E-924D-43FD6D51E643)
. Microsoft Windows Server 2003 x64 Edition
http://www.microsoft.com/downloads/deta ... A1528C6743 (http://www.microsoft.com/downloads/details.aspx?FamilyId=E2CB474F-FC1B-4B7D-A607-02A1528C6743)
Mais Informacoes:
. MS06-055 - Vulnerability in Vector Markup Language Could Allow Remote CodeExecution (925486)
http://www.microsoft.com/technet/securi ... 6-055.mspx (http://www.microsoft.com/technet/security/Bulletin/MS06-055.mspx)
. Vulnerabilidade no Microsoft Internet Explorer VML (925568)
http://www.rnp.br/cais/alertas/2006/msa-925568.html (http://www.rnp.br/cais/alertas/2006/msa-925568.html)
. MSRC Blog - A quick entry on the VML issue
http://blogs.technet.com/msrc/archive/2 ... 58266.aspx (http://blogs.technet.com/msrc/archive/2006/09/22/458266.aspx)
. Zeroday Emergency Response Team (ZERT)
http://isotf.org/zert/ (http://isotf.org/zert/)
. Microsoft Brasil Security
http://www.microsoft.com/brasil/security (http://www.microsoft.com/brasil/security)
. Technet Brasil - Central de Seguranca
http://www.technetbrasil.com.br/seguranca (http://www.technetbrasil.com.br/seguranca)
. Windows Live OneCare
http://safety.live.com (http://safety.live.com)
Identificador CVE (http://cve.mitre.org (http://cve.mitre.org)): CVE-2006-4868
O CAIS recomenda que os administradores mantenham seus sistemas e
aplicativos sempre atualizados, de acordo com as ultimas versoes e
correcoes oferecidas pelos fabricantes.
O CAIS Alerta tambem e' oferecido no formato RSS/RDF:
http://www.rnp.br/cais/alertas/rss.xml (http://www.rnp.br/cais/alertas/rss.xml)
Atenciosamente,
################################################################
# CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) #
# Rede Nacional de Ensino e Pesquisa (RNP) #
# #
# http://www.cais.rnp.br (http://www.cais.rnp.br ) #
# Tel. 019-37873300 Fax. 019-37873301 #
# Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key (http://www.rnp.br/cais/cais-pgp.key ) #
################################################################
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Made with pgp4pine 1.76
iQCVAwUBRRmTwekli63F4U8VAQIXNgP+LBw68GGgq935quXWBzH2vDipN7Q0+r4U
Cdlvvu0XT70V+3nZYXjo1UTx2fnWA7qJrFckzl6EiyUgyvvl+oSmZWI5CQXlBXHV
3Ldt1ntKZauorvbUL4fFhoGGzP4uMtt6J/2HTADPpq2DWEl5fobJ7bE9ml64IH10
SRy3rgwB4B0=
=S/Aq
-----END PGP SIGNATURE-----
O CAIS esta' repassando o alerta da Microsoft, intitulado "MS06-055 -
Vulnerability in Vector Markup Language Could Allow Remote Code Execution
(925486)", que trata de uma vulnerabilidade no recurso Vector Markup
Language (VML) presente no Internet Explorer.
Um atacante pode explorar esta vulnerabilidade atraves de uma pagina web
ou uma mensagem de correio HTML maliciosa. Esta mensagem ou pagina, caso
visitada pelo usuario, pode permitir a execucao remota de codigo no
sistema afetado. Um atacante explorando esta vulnerabilidade com sucesso
pode obter controle total sobre um sistema vulneravel.
O CAIS nao recomenda a instalacao de atualizacoes oferecidas por
terceiros, uma vez que a Microsoft nao oferece garantias para estas
atualizacoes.
Este alerta complementa as informacoes do alerta "Vulnerabilidade no
Microsoft Internet Explorer VML (925568)" publicado pelo CAIS em 21/09/06,
cujo link encontra-se na secao mais informacoes.
Sistemas Afetados:
. Microsoft Windows XP Service Pack 1
. Microsoft Windows XP Service Pack 2
. Microsoft Windows XP Professional x64 Edition
. Microsoft Windows Server 2003
. Microsoft Windows Server 2003 Service Pack 1
. Microsoft Windows Server 2003 para sistemas baseados em Itanium
. Microsoft Windows Server 2003 com SP1 para sistemas baseados em Itanium
. Microsoft Windows Server 2003 x64 Edition
Correcoes Disponiveis:
Recomenda-se fazer a atualizacao para as versoes disponiveis em:
. Microsoft Windows XP Service Pack 1
http://www.microsoft.com/downloads/deta ... 1A1A3DE98F (http://www.microsoft.com/downloads/details.aspx?FamilyId=383C13DC-51A9-4B12-89E3-871A1A3DE98F)
. Microsoft Windows XP Service Pack 2
http://www.microsoft.com/downloads/deta ... 823FF6D0A9 (http://www.microsoft.com/downloads/details.aspx?FamilyId=B5F19858-4E86-4FD4-A264-E4823FF6D0A9)
. Microsoft Windows XP Professional x64 Edition
http://www.microsoft.com/downloads/deta ... B56EE4C7F1 (http://www.microsoft.com/downloads/details.aspx?FamilyId=AFD3279C-6171-4F20-A36E-B9B56EE4C7F1)
. Microsoft Windows Server 2003
http://www.microsoft.com/downloads/deta ... 9DDFDC3E27 (http://www.microsoft.com/downloads/details.aspx?FamilyId=AF8F3A58-BA7A-41BF-BB1B-3A9DDFDC3E27)
. Microsoft Windows Server 2003 Service Pack 1
http://www.microsoft.com/downloads/deta ... 9DDFDC3E27 (http://www.microsoft.com/downloads/details.aspx?FamilyId=AF8F3A58-BA7A-41BF-BB1B-3A9DDFDC3E27)
. Microsoft Windows Server 2003 para sistemas baseados em Itanium
http://www.microsoft.com/downloads/deta ... FD6D51E643 (http://www.microsoft.com/downloads/details.aspx?FamilyId=271E9C78-1C6A-443E-924D-43FD6D51E643)
. Microsoft Windows Server 2003 com SP1 para sistemas baseados em Itanium
http://www.microsoft.com/downloads/deta ... FD6D51E643 (http://www.microsoft.com/downloads/details.aspx?FamilyId=271E9C78-1C6A-443E-924D-43FD6D51E643)
. Microsoft Windows Server 2003 x64 Edition
http://www.microsoft.com/downloads/deta ... A1528C6743 (http://www.microsoft.com/downloads/details.aspx?FamilyId=E2CB474F-FC1B-4B7D-A607-02A1528C6743)
Mais Informacoes:
. MS06-055 - Vulnerability in Vector Markup Language Could Allow Remote CodeExecution (925486)
http://www.microsoft.com/technet/securi ... 6-055.mspx (http://www.microsoft.com/technet/security/Bulletin/MS06-055.mspx)
. Vulnerabilidade no Microsoft Internet Explorer VML (925568)
http://www.rnp.br/cais/alertas/2006/msa-925568.html (http://www.rnp.br/cais/alertas/2006/msa-925568.html)
. MSRC Blog - A quick entry on the VML issue
http://blogs.technet.com/msrc/archive/2 ... 58266.aspx (http://blogs.technet.com/msrc/archive/2006/09/22/458266.aspx)
. Zeroday Emergency Response Team (ZERT)
http://isotf.org/zert/ (http://isotf.org/zert/)
. Microsoft Brasil Security
http://www.microsoft.com/brasil/security (http://www.microsoft.com/brasil/security)
. Technet Brasil - Central de Seguranca
http://www.technetbrasil.com.br/seguranca (http://www.technetbrasil.com.br/seguranca)
. Windows Live OneCare
http://safety.live.com (http://safety.live.com)
Identificador CVE (http://cve.mitre.org (http://cve.mitre.org)): CVE-2006-4868
O CAIS recomenda que os administradores mantenham seus sistemas e
aplicativos sempre atualizados, de acordo com as ultimas versoes e
correcoes oferecidas pelos fabricantes.
O CAIS Alerta tambem e' oferecido no formato RSS/RDF:
http://www.rnp.br/cais/alertas/rss.xml (http://www.rnp.br/cais/alertas/rss.xml)
Atenciosamente,
################################################################
# CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) #
# Rede Nacional de Ensino e Pesquisa (RNP) #
# #
# http://www.cais.rnp.br (http://www.cais.rnp.br ) #
# Tel. 019-37873300 Fax. 019-37873301 #
# Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key (http://www.rnp.br/cais/cais-pgp.key ) #
################################################################
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Made with pgp4pine 1.76
iQCVAwUBRRmTwekli63F4U8VAQIXNgP+LBw68GGgq935quXWBzH2vDipN7Q0+r4U
Cdlvvu0XT70V+3nZYXjo1UTx2fnWA7qJrFckzl6EiyUgyvvl+oSmZWI5CQXlBXHV
3Ldt1ntKZauorvbUL4fFhoGGzP4uMtt6J/2HTADPpq2DWEl5fobJ7bE9ml64IH10
SRy3rgwB4B0=
=S/Aq
-----END PGP SIGNATURE-----
Title: Re: CAIS-Alerta: Atualizacao Oficial da Microsoft para a vulnerabilidade no VML
Post by: #phobia on 27 de September , 2006, 12:45:46 AM
Post by: #phobia on 27 de September , 2006, 12:45:46 AM
Vlw pelo alerta insanity, já estou atualizando...
Thanks!
Thanks!