CSIRT Panamá Aviso 2018-05-09 Microsoft libera actualizaciones para 67 Vulnerabilidades.
Gravedad: Alta
Fecha de publicación: Mayo 9, 2018
Última revisión: Mayo l9, 2018
https://technet.microsoft.com/en-us/security/bulletins.aspx
Sistemas Afectados:
Adobe Flash Player
.NET Framework
Azure
Common Log File System Driver
Device Guard
GitHub
Internet Explorer
Microsoft Browsers
Microsoft Edge
Microsoft Exchange Server
Microsoft Graphics Component
Microsoft Office
Microsoft Scripting Engine
Microsoft Windows
Windows COM
Windows Hyper-V
Windows Kernel
I. Descripción
Microsoft ha lanzado actualizaciones para 67 vulnerabilidades que afectan a múltiples productos.
II. Impacto
| Tag | CVE ID | CVE Title |
|---|---|---|
| Adobe Flash Player | ADV180008 | May 2018 Adobe Flash Security Update |
| .NET Framework | CVE-2018-1039 | .NET Framework Device Guard Security Feature Bypass Vulnerability |
| .NET Framework | CVE-2018-0765 | .NET and .NET Core Denial of Service Vulnerability |
| Azure | CVE-2018-8119 | Azure IoT SDK Spoofing Vulnerability |
| Common Log File System Driver | CVE-2018-8167 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| Device Guard | CVE-2018-8129 | Windows Security Feature Bypass Vulnerability |
| Device Guard | CVE-2018-8132 | Windows Security Feature Bypass Vulnerability |
| Device Guard | CVE-2018-0854 | Windows Security Feature Bypass Vulnerability |
| GitHub | CVE-2018-8115 | Windows Host Compute Service Shim Remote Code Execution Vulnerability |
| Internet Explorer | CVE-2018-8126 | Internet Explorer Security Feature Bypass Vulnerability |
| Microsoft Browsers | CVE-2018-8178 | Microsoft Browser Memory Corruption Vulnerability |
| Microsoft Browsers | CVE-2018-1025 | Microsoft Browser Information Disclosure Vulnerability |
| Microsoft Edge | CVE-2018-1021 | Microsoft Edge Information Disclosure Vulnerability |
| Microsoft Edge | CVE-2018-8123 | Microsoft Edge Memory Corruption Vulnerability |
| Microsoft Edge | CVE-2018-8179 | Microsoft Edge Memory Corruption Vulnerability |
| Microsoft Edge | CVE-2018-8112 | Microsoft Edge Security Feature Bypass Vulnerability |
| Microsoft Exchange Server | CVE-2018-8151 | Microsoft Exchange Memory Corruption Vulnerability |
| Microsoft Exchange Server | CVE-2018-8152 | Microsoft Exchange Server Elevation of Privilege Vulnerability |
| Microsoft Exchange Server | CVE-2018-8154 | Microsoft Exchange Memory Corruption Vulnerability |
| Microsoft Exchange Server | CVE-2018-8159 | Microsoft Exchange Elevation of Privilege Vulnerability |
| Microsoft Exchange Server | CVE-2018-8153 | Microsoft Exchange Spoofing Vulnerability |
| Microsoft Graphics Component | CVE-2018-8165 | DirectX Graphics Kernel Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2018-8120 | Win32k Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2018-8164 | Win32k Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2018-8124 | Win32k Elevation of Privilege Vulnerability |
| Microsoft Office | CVE-2018-8148 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2018-8157 | Microsoft Office Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2018-8158 | Microsoft Office Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2018-8173 | Microsoft InfoPath Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2018-8168 | Microsoft SharePoint Elevation of Privilege Vulnerability |
| Microsoft Office | CVE-2018-8150 | Microsoft Outlook Security Feature Bypass Vulnerability |
| Microsoft Office | CVE-2018-8155 | Microsoft SharePoint Elevation of Privilege Vulnerability |
| Microsoft Office | CVE-2018-8147 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2018-8149 | Microsoft SharePoint Elevation of Privilege Vulnerability |
| Microsoft Office | CVE-2018-8156 | Microsoft SharePoint Elevation of Privilege Vulnerability |
| Microsoft Office | CVE-2018-8162 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2018-8163 | Microsoft Excel Information Disclosure Vulnerability |
| Microsoft Office | CVE-2018-8160 | Microsoft Outlook Information Disclosure Vulnerability |
| Microsoft Office | CVE-2018-8161 | Microsoft Office Remote Code Execution Vulnerability |
| Microsoft Scripting Engine | CVE-2018-0955 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-1022 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8114 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8122 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-0954 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8130 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8128 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8177 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8133 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8137 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8139 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8145 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-0946 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-0945 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-0951 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-0953 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-0943 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Windows | CVE-2018-0958 | Windows Security Feature Bypass Vulnerability |
| Microsoft Windows | CVE-2018-8170 | Windows Image Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2018-8136 | Windows Remote Code Execution Vulnerability |
| Microsoft Windows | CVE-2018-8174 | Windows VBScript Engine Remote Code Execution Vulnerability |
| Windows COM | CVE-2018-0824 | Microsoft COM for Windows Remote Code Execution Vulnerability |
| Windows Hyper-V | CVE-2018-0961 | Hyper-V vSMB Remote Code Execution Vulnerability |
| Windows Hyper-V | CVE-2018-0959 | Hyper-V Remote Code Execution Vulnerability |
| Windows Kernel | CVE-2018-8166 | Win32k Elevation of Privilege Vulnerability |
| Windows Kernel | CVE-2018-8127 | Windows Kernel Information Disclosure Vulnerability |
| Windows Kernel | CVE-2018-8897 | Windows Kernel Elevation of Privilege Vulnerability |
| Windows Kernel | CVE-2018-8134 | Windows Elevation of Privilege Vulnerability |
| Windows Kernel | CVE-2018-8141 | Windows Kernel Information Disclosure Vulnerability |
III. Referencia a soluciones, herramientas e información
Se recomienda actualizar los equipos utilizando windows update.
IV. Información de contacto
CSIRT PANAMA
Computer Security Incident Response Team Autoridad Nacional para la Innovacion Gubernamental
E-Mail: info@cert.pa
Phone: +507 520-CERT (2378)
Web: https://cert.pa
Twitter: @CSIRTPanama
Facebook: http://www.facebook.com/CSIRTPanama
Key ID: 16F2B124