CSIRT Panamá Aviso 2018-04-12 Microsoft libera actualizaciones para 66 bugs
Gravedad: Alta
Fecha de publicación: Abril 12, 2018
Última revisión: Abril 11, 2018
https://technet.microsoft.com/en-us/security/bulletins.aspx
Sistemas Afectados:
Adobe Flash Player
Microsoft XML Core Services
Windows DirectShow
Windows DVD Maker
Active Directory Federation Services
Windows Kernel-Mode Drivers
Windows Kernel
Windows IIS
Microsoft Exchange Server
Microsoft Office
Microsoft Graphics Component
Microsoft Windows
Microsoft Uniscribe
Microsoft Windows SMB Server
Microsoft Windows PDF Library
I. Descripción
Microsoft ha lanzado actualizaciones para 66 bugs que afectan a múltiples productos.
II. Impacto
| Tag | CVE ID | CVE Title |
|---|---|---|
| Adobe Flash Player | ADV180007 | April 2018 Adobe Flash Security Update |
| Internet Explorer | CVE-2018-0870 | Internet Explorer Memory Corruption Vulnerability |
| Internet Explorer | CVE-2018-1018 | Internet Explorer Memory Corruption Vulnerability |
| Internet Explorer | CVE-2018-0997 | Internet Explorer Memory Corruption Vulnerability |
| Internet Explorer | CVE-2018-0991 | Internet Explorer Memory Corruption Vulnerability |
| Internet Explorer | CVE-2018-1020 | Internet Explorer Memory Corruption Vulnerability |
| Microsoft Browsers | CVE-2018-1023 | Microsoft Browser Memory Corruption Vulnerability |
| Microsoft Devices | CVE-2018-8117 | Microsoft Wireless Keyboard 850 Security Feature Bypass Vulnerability |
| Microsoft Edge | CVE-2018-0892 | Microsoft Edge Information Disclosure Vulnerability |
| Microsoft Edge | CVE-2018-0998 | Microsoft Edge Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2018-1009 | Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2018-1016 | Microsoft Graphics Remote Code Execution Vulnerability |
| Microsoft Graphics Component | CVE-2018-1012 | Microsoft Graphics Remote Code Execution Vulnerability |
| Microsoft Graphics Component | CVE-2018-1010 | Microsoft Graphics Remote Code Execution Vulnerability |
| Microsoft Graphics Component | CVE-2018-1015 | Microsoft Graphics Remote Code Execution Vulnerability |
| Microsoft Graphics Component | CVE-2018-1013 | Microsoft Graphics Remote Code Execution Vulnerability |
| Microsoft JET Database Engine | CVE-2018-1003 | Microsoft JET Database Engine Remote Code Execution Vulnerability |
| Microsoft Malware Protection Engine | CVE-2018-0986 | Microsoft Malware Protection Engine Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2018-1028 | Unknown |
| Microsoft Office | CVE-2018-1026 | Microsoft Office Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2018-1027 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2018-1029 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2018-1005 | Microsoft SharePoint Elevation of Privilege Vulnerability |
| Microsoft Office | CVE-2018-1034 | Microsoft SharePoint Elevation of Privilege Vulnerability |
| Microsoft Office | CVE-2018-1030 | Microsoft Office Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2018-0950 | Microsoft Office Information Disclosure Vulnerability |
| Microsoft Office | CVE-2018-0920 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2018-1007 | Microsoft Office Information Disclosure Vulnerability |
| Microsoft Office | CVE-2018-1011 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2018-1032 | Microsoft SharePoint Elevation of Privilege Vulnerability |
| Microsoft Office | CVE-2018-1014 | Microsoft SharePoint Elevation of Privilege Vulnerability |
| Microsoft Scripting Engine | CVE-2018-0981 | Scripting Engine Information Disclosure Vulnerability |
| Microsoft Scripting Engine | CVE-2018-0979 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-1019 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-0980 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-0993 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-0994 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-0990 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-0987 | Scripting Engine Information Disclosure Vulnerability |
| Microsoft Scripting Engine | CVE-2018-0988 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-0995 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-1001 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-1004 | Windows VBScript Engine Remote Code Execution Vulnerability |
| Microsoft Scripting Engine | CVE-2018-0989 | Scripting Engine Information Disclosure Vulnerability |
| Microsoft Scripting Engine | CVE-2018-1000 | Scripting Engine Information Disclosure Vulnerability |
| Microsoft Scripting Engine | CVE-2018-0996 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Windows | CVE-2018-0890 | Active Directory Security Feature Bypass Vulnerability |
| Microsoft Windows | CVE-2018-0966 | Device Guard Security Feature Bypass Vulnerability |
| Microsoft Windows | CVE-2018-0967 | Windows SNMP Service Denial of Service Vulnerability |
| Microsoft Windows | CVE-2018-0963 | Windows Kernel Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2018-0887 | Windows Kernel Information Disclosure Vulnerability |
| Microsoft Windows | CVE-2018-8116 | Microsoft Graphics Component Denial of Service Vulnerability |
| Visual Studio | CVE-2018-1037 | Microsoft Visual Studio Information Disclosure Vulnerability |
| Windows Hyper-V | CVE-2018-0964 | Hyper-V Information Disclosure Vulnerability |
| Windows Hyper-V | CVE-2018-0957 | Hyper-V Information Disclosure Vulnerability |
| Windows IIS | CVE-2018-0956 | HTTP.sys Denial of Service Vulnerability |
| Windows Kernel | CVE-2018-1008 | OpenType Font Driver Elevation of Privilege Vulnerability |
| Windows Kernel | CVE-2018-0960 | Windows Kernel Information Disclosure Vulnerability |
| Windows Kernel | CVE-2018-0973 | Windows Kernel Information Disclosure Vulnerability |
| Windows Kernel | CVE-2018-0972 | Windows Kernel Information Disclosure Vulnerability |
| Windows Kernel | CVE-2018-0975 | Windows Kernel Information Disclosure Vulnerability |
| Windows Kernel | CVE-2018-0974 | Windows Kernel Information Disclosure Vulnerability |
| Windows Kernel | CVE-2018-0971 | Windows Kernel Information Disclosure Vulnerability |
| Windows Kernel | CVE-2018-0969 | Windows Kernel Information Disclosure Vulnerability |
| Windows Kernel | CVE-2018-0968 | Windows Kernel Information Disclosure Vulnerability |
| Windows Kernel | CVE-2018-0970 | Windows Kernel Information Disclosure Vulnerability |
| Windows RDP | CVE-2018-0976 | Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability |
III. Referencia a soluciones, herramientas e información
Se recomienda actualizar los equipos.
IV. Información de contacto
CSIRT PANAMA
Computer Security Incident Response Team Autoridad Nacional para la Innovacion Gubernamental
E-Mail: info@cert.pa
Phone: +507 520-CERT (2378)
Web: https://cert.pa
Twitter: @CSIRTPanama
Facebook: http://www.facebook.com/CSIRTPanama
Key ID: 16F2B124