Microsoft Security Update Aprile 2022

GCSA-22046
Microsoft ha rilasciato il security update mensile per aprile 2022,
questa versione risolve 128 vulnerabilita', tra cui due zero-day.
Dieci delle vulnerabilita' sono state classificate come critiche.

Maggiori dettagli sono disponibili alla sezione "Riferimenti".

:: Software interessato

.NET Framework
Active Directory Domain Services
Azure SDK
Azure Site Recovery
LDAP - Lightweight Directory Access Protocol
Microsoft Bluetooth Driver
Microsoft Dynamics
Microsoft Edge (Chromium-based)
Microsoft Graphics Component
Microsoft Local Security Authority Server (lsasrv)
Microsoft Office Excel
Microsoft Office SharePoint
Microsoft Windows ALPC
Microsoft Windows Codecs Library
Microsoft Windows Media Foundation
Power BI
Role: DNS Server
Role: Windows Hyper-V
Skype for Business
Visual Studio
Visual Studio Code
Windows Ancillary Function Driver for WinSock
Windows App Store
Windows AppX Package Manager
Windows Cluster Client Failover
Windows Cluster Shared Volume (CSV)
Windows Common Log File System Driver
Windows Defender
Windows DWM Core Library
Windows Endpoint Configuration Manager
Windows Fax Compose Form
Windows Feedback Hub
Windows File Explorer
Windows File Server
Windows Installer
Windows iSCSI Target Service
Windows Kerberos
Windows Kernel
Windows Local Security Authority Subsystem Service
Windows Media
Windows Network File System
Windows PowerShell
Windows Print Spooler Components
Windows RDP
Windows Remote Procedure Call Runtime
Windows schannel
Windows SMB
Windows Telephony Server
Windows Upgrade Assistant
Windows User Profile Service
Windows Win32K
Windows Work Folder Service
YARP reverse proxy


:: Impatto

Esecuzione remota di codice arbitrario (RCE)
Denial of Service (DoS)
Acquisizione di privilegi piu' elevati (EoP)
Provide Misleading Information (spoofing)
Information Disclosure (ID)


:: Soluzioni

Per default l'installazione degli aggiornamenti
avviene in maniera automatica.

Per installare manualmente scegliere
Start > Impostazioni > Aggiornamento e Sicurezza > Windows Update

Verificare di aver installato la versione piu' recente del
Servicing Stack Updates
https://msrc.microsoft.com/update-guide/en-us/vulnerability/ADV990001
https://docs.microsoft.com/it-it/windows/deployment/update/servicing-stack-updates

Windows Update domande frequenti
https://support.microsoft.com/en-us/help/12373/windows-update-faq

Gli aggiornamenti sono disponibili anche tramite il catalogo di Microsoft Update
https://www.catalog.update.microsoft.com/

Gli utenti che utilizzano ancora Windows 7, Windows Server 2008 o 2008 R2
devono acquistare l'Extended Security Update per continuare a ricevere gli aggiornamenti
https://support.microsoft.com/en-hk/help/4522133/procedure-to-continue-receiving-security-updates


:: Riferimenti

Microsoft Security Updates - Release Notes
https://msrc.microsoft.com/update-guide/releaseNote/2022-Apr

The Hacker News
https://thehackernews.com/2022/04/microsoft-issues-patches-for-2-windows.html

Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1125
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1127
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1128
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1129
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1130
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1131
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1133
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1134
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1135
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1136
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1137
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1138
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1139
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1143
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1145
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1146
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1232
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21983
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22008
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22009
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23257
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23259
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23268
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23292
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24472
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24473
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24475
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24482
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24483
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24485
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24487
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24490
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24491
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24492
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24493
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24495
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24497
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24498
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24500
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24523
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24527
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24528
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24532
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24533
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24534
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24536
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24537
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24539
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24540
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24541
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24543
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24545
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24765
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24767
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26783
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26785
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26807
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26808
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26809
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26811
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26812
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26813
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26814
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26815
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26816
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26817
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26818
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26819
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26820
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26821
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26822
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26823
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26824
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26825
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26826
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26827
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26828
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26829
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26830
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26891
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26894
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26895
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26896
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26897
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26898
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26900
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26901
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26903
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26904
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26907
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26908
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26909
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26910
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26911
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26912
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26916
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26917
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26918
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26919
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26920
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26924

Cambio password AAI

Si avvisano tutti gli utenti che stanno arrivando notifiche di scadenza password relative al kerberos nazionale.
La password di cui all’oggetto è quella utilizzata per i servizi legati ad AAI, quindi sia locali (ad esclusione di owncloud) che nazionali.

Il messaggio è autentico e si deve procedere nei tempi specificati.

Per il cambio password si può procedere:

– via web alla pagina https://warc.infn.it dalla rete INFN.
Il cambio via warc è possibile anche da rete esterna previa attivazione della vpn.
– in interattivo con una sessione ssh sul server di login login.pg.infn.it, con il comando kpasswd.

Per conoscere la password policy fare riferimento alla pagina del Servizio di Calcolo.

Per ulteriori informazioni contattare il Servizio di Calcolo servcalc@pg.infn.it.