4 vulnerabilità critiche per Microsoft a Ottobre
Microsoft ha reso disponibile una serie di aggiornamenti per i propri sistemi operativi all'interno del proprio pacchetto che viene rilasciato con cadenza mensile. Sono 4 le vulnerabilitò di tipo critico che vengono segnalate, assieme a 6 di livello importante e 1 moderato.
Di seguito i dettagli dei 4 security fix di livello critico, per il quali è ovviamente consigliato di aggiornare il proprio sistema qualora si sia scelto di non abilitare gli aggiornamenti automatici:
Microsoft Security Bulletin MS08-060
This security update resolves a privately reported vulnerability in implementations of Active Directory on Microsoft Windows 2000 Server. The vulnerability could allow remote code execution if an attacker gains access to an affected network. This vulnerability only affects Microsoft Windows 2000 servers configured to be domain controllers. If a Microsoft Windows 2000 server has not been promoted to a domain controller, it will not be listening to Lightweight Directory Access Protocol (LDAP) or LDAP over SSL (LDAPS) queries, and will not be exposed to this vulnerability.
Microsoft Security Bulletin MS08-058
This security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability. The vulnerabilities could allow information disclosure or remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Microsoft Security Bulletin MS08-059
This security update resolves a privately reported vulnerability in Microsoft Host Integration Server. The vulnerability could allow remote code execution if an attacker sent a specially crafted Remote Procedure Call (RPC) request to an affected system. Customers who follow best practices and configure the SNA RPC service account to have fewer user rights on the system could be less impacted than customers who configure the SNA RPC service account to have administrative user rights.
Microsoft Security Bulletin MS08-057
This security update resolves three privately reported vulnerabilities in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
L'elenco completo degli aggiornamenti è disponibile sul sito Microsoft a questo indirizzo.