CSIRT Panamá Aviso 2018-07-11 Microsoft publica 53 actualizaciones de seguridad de julio 2018
Gravedad: Alta
Fecha de publicación: Julio 11, 2018
Última revisión: Julio 11, 2018
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/7d4489d6-573f-e811-a96f-000d3a33c573
Sistemas Afectados:
Adobe Flash Player
.NET Framework
Active Directory
ASP.NET
Device Guard
Internet Explorer
Microsoft Devices
Microsoft Edge
Microsoft Office
Microsoft PowerShell
Microsoft Scripting Engine
Microsoft Windows
Microsoft Windows DNS
Microsoft WordPad
Skype for Business and Microsoft Lync
Visual Studio
Windows Kernel
Windows Shell
I. Descripción
La versión de seguridad de julio consiste en actualizaciones de seguridad para los siguientes software:
| Tag | CVE ID | CVE Title |
|---|---|---|
| Adobe Flash Player | ADV180017 | July 2018 Adobe Flash Security Update |
| .NET Framework | CVE-2018-8284 | .NET Framework Remote Code Injection Vulnerability |
| .NET Framework | CVE-2018-8260 | .NET Framework Remote Code Execution Vulnerability |
| .NET Framework | CVE-2018-8202 | .NET Framework Elevation of Privilege Vulnerability |
| .NET Framework | CVE-2018-8356 | .NET Framework Security Feature Bypass Vulnerability |
| Active Directory | CVE-2018-8326 | Open Source Customization for Active Directory Federation Services XSS Vulnerability |
| ASP.NET | CVE-2018-8171 | ASP.NET Security Feature Bypass Vulnerability |
| Device Guard | CVE-2018-8222 | Device Guard Code Integrity Policy Security Feature Bypass Vulnerability |
| Internet Explorer | CVE-2018-0949 | Internet Explorer Security Feature Bypass Vulnerability |
| Microsoft Devices | CVE-2018-8306 | Microsoft Wireless Display Adapter Command Injection Vulnerability |
| Microsoft Edge | CVE-2018-8289 | Microsoft Edge Information Disclosure Vulnerability |
| Microsoft Edge | CVE-2018-8301 | Microsoft Edge Memory Corruption Vulnerability |
| Microsoft Edge | CVE-2018-8325 | Microsoft Edge Information Disclosure Vulnerability |
| Microsoft Edge | CVE-2018-8324 | Microsoft Edge Information Disclosure Vulnerability |
| Microsoft Edge | CVE-2018-8297 | Microsoft Edge Information Disclosure Vulnerability |
| Microsoft Edge | CVE-2018-8274 | Microsoft Edge Memory Corruption Vulnerability |
| Microsoft Edge | CVE-2018-8278 | Microsoft Edge Spoofing Vulnerability |
| Microsoft Edge | CVE-2018-8262 | Microsoft Edge Memory Corruption Vulnerability |
| Microsoft Office | CVE-2018-8281 | Microsoft Office Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2018-8323 | Microsoft SharePoint Elevation of Privilege Vulnerability |
| Microsoft Office | CVE-2018-8300 | Microsoft SharePoint Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2018-8312 | Microsoft Access Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2018-8299 | Microsoft SharePoint Elevation of Privilege Vulnerability |
| Microsoft Office | CVE-2018-8310 | Microsoft Office Tampering Vulnerability |
| Microsoft PowerShell | CVE-2018-8327 | PowerShell Editor Services Remote Code Execution Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8294 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8280 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8242 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8125 | Microsoft Edge Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8298 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8287 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8288 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8290 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8279 | Microsoft Edge Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8283 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8286 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8275 | Microsoft Edge Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8296 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8291 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8276 | Scripting Engine Security Feature Bypass Vulnerability |
| Microsoft Windows | CVE-2018-8308 | Windows Kernel Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2018-8309 | Windows Denial of Service Vulnerability |
| Microsoft Windows | CVE-2018-8305 | Windows Mail Client Information Disclosure Vulnerability |
| Microsoft Windows | CVE-2018-8206 | Windows FTP Server Denial of Service Vulnerability |
| Microsoft Windows | CVE-2018-8319 | MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability |
| Microsoft Windows | CVE-2018-8313 | Windows Elevation of Privilege Vulnerability |
| Microsoft Windows DNS | CVE-2018-8304 | Windows DNSAPI Denial of Service Vulnerability |
| Microsoft WordPad | CVE-2018-8307 | WordPad Security Feature Bypass Vulnerability |
| Skype for Business and Microsoft Lync | CVE-2018-8238 | Skype for Business and Lync Security Feature Bypass Vulnerability |
| Skype for Business and Microsoft Lync | CVE-2018-8311 | Remote Code Execution Vulnerability in Skype For Business and Lync |
| Visual Studio | CVE-2018-8172 | Visual Studio Remote Code Execution Vulnerability |
| Visual Studio | CVE-2018-8232 | Microsoft Macro Assembler Tampering Vulnerability |
| Windows Kernel | CVE-2018-8282 | Win32k Elevation of Privilege Vulnerability |
| Windows Shell | CVE-2018-8314 | Windows Elevation of Privilege Vulnerability |
II. Referencia a soluciones, herramientas e información
Se recomienda actualizar los equipos utilizando windows update.
III. Información de contacto
CSIRT PANAMA
Computer Security Incident Response Team Autoridad Nacional para la Innovacion Gubernamental
E-Mail: info@cert.pa
Phone: +507 520-CERT (2378)
Web: https://cert.pa
Twitter: @CSIRTPanama
Facebook: http://www.facebook.com/CSIRTPanama
Key ID: 16F2B124