CSIRT Panamá Aviso 2018-07-11 Microsoft publica 60 actualizaciones de seguridad de Agosto 2018
Gravedad: Alta
Fecha de publicación: Agosto 17, 2018
Última revisión: Agosto 15, 2018
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/ecb26425-583f-e811-a96f-000d3a33c573
Sistemas Afectados:
Internet Explorer
Microsoft Edge
Microsoft Windows
Microsoft Office and Microsoft Office Services and Web Apps
ChakraCore
Adobe Flash Player
.NET Framework
Microsoft Exchange Server
Microsoft SQL Server
Visual Studio
I. Descripción
La versión de seguridad de Agosto consiste en actualizaciones de seguridad para los siguientes componentes:
| Tag | CVE ID | CVE Title |
|---|---|---|
| Microsoft Windows | ADV180018 | Microsoft Guidance to mitigate L1TF variant |
| Adobe Flash Player | ADV180020 | August 2018 Adobe Flash Security Update |
| Microsoft Office | ADV180021 | Microsoft Office Defense in Depth Update |
| .NET Framework | CVE-2018-8360 | .NET Framework Information Disclosure Vulnerability |
| Device Guard | CVE-2018-8200 | Device Guard Code Integrity Policy Security Feature Bypass Vulnerability |
| Device Guard | CVE-2018-8204 | Device Guard Code Integrity Policy Security Feature Bypass Vulnerability |
| Internet Explorer | CVE-2018-8316 | Internet Explorer Remote Code Execution Vulnerability |
| Microsoft Browsers | CVE-2018-8351 | Microsoft Browser Information Disclosure Vulnerability |
| Microsoft Browsers | CVE-2018-8403 | Microsoft Browser Memory Corruption Vulnerability |
| Microsoft Browsers | CVE-2018-8357 | Microsoft Browser Elevation of Privilege Vulnerability |
| Microsoft Edge | CVE-2018-8388 | Microsoft Edge Spoofing Vulnerability |
| Microsoft Edge | CVE-2018-8377 | Microsoft Edge Memory Corruption Vulnerability |
| Microsoft Edge | CVE-2018-8383 | Microsoft Edge Spoofing Vulnerability |
| Microsoft Edge | CVE-2018-8387 | Microsoft Edge Memory Corruption Vulnerability |
| Microsoft Edge | CVE-2018-8370 | Microsoft Edge Information Disclosure Vulnerability |
| Microsoft Edge | CVE-2018-8358 | Microsoft Edge Security Feature Bypass Vulnerability |
| Microsoft Exchange Server | CVE-2018-8374 | Microsoft Exchange Server Tampering Vulnerability |
| Microsoft Exchange Server | CVE-2018-8302 | Microsoft Exchange Memory Corruption Vulnerability |
| Microsoft Graphics Component | CVE-2018-8397 | GDI+ Remote Code Execution Vulnerability |
| Microsoft Graphics Component | CVE-2018-8400 | DirectX Graphics Kernel Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2018-8398 | Windows GDI Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2018-8406 | DirectX Graphics Kernel Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2018-8405 | DirectX Graphics Kernel Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2018-8401 | DirectX Graphics Kernel Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2018-8344 | Microsoft Graphics Remote Code Execution Vulnerability |
| Microsoft Graphics Component | CVE-2018-8396 | Windows GDI Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2018-8394 | Windows GDI Information Disclosure Vulnerability |
| Microsoft Office | CVE-2018-8375 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2018-8376 | Microsoft PowerPoint Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2018-8379 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2018-8378 | Microsoft Office Information Disclosure Vulnerability |
| Microsoft Office | CVE-2018-8382 | Microsoft Excel Information Disclosure Vulnerability |
| Microsoft Office | CVE-2018-8412 | Microsoft (MAU) Office Elevation of Privilege Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8389 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8385 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8355 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8371 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8372 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8353 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8373 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8380 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8390 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8381 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8266 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8359 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8384 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Windows | CVE-2018-8346 | LNK Remote Code Execution Vulnerability |
| Microsoft Windows | CVE-2018-8345 | LNK Remote Code Execution Vulnerability |
| Microsoft Windows PDF | CVE-2018-8350 | Windows PDF Remote Code Execution Vulnerability |
| SQL Server | CVE-2018-8273 | Microsoft SQL Server Remote Code Execution Vulnerability |
| Windows Authentication Methods | CVE-2018-8340 | AD FS Security Feature Bypass Vulnerability |
| Windows COM | CVE-2018-8349 | Microsoft COM for Windows Remote Code Execution Vulnerability |
| Windows Diagnostic Hub | CVE-2018-0952 | Diagnostic Hub Standard Collector Elevation Of Privilege Vulnerability |
| Windows Installer | CVE-2018-8339 | Windows Installer Elevation of Privilege Vulnerability |
| Windows Kernel | CVE-2018-8341 | Windows Kernel Information Disclosure Vulnerability |
| Windows Kernel | CVE-2018-8404 | Win32k Elevation of Privilege Vulnerability |
| Windows Kernel | CVE-2018-8347 | Windows Kernel Elevation of Privilege Vulnerability |
| Windows Kernel | CVE-2018-8348 | Windows Kernel Information Disclosure Vulnerability |
| Windows Kernel | CVE-2018-8399 | Win32k Elevation of Privilege Vulnerability |
| Windows NDIS | CVE-2018-8343 | Windows NDIS Elevation of Privilege Vulnerability |
| Windows RNDIS | CVE-2018-8342 | Windows NDIS Elevation of Privilege Vulnerability |
| Windows Shell | CVE-2018-8414 | Windows Shell Remote Code Execution Vulnerability |
| Windows Shell | CVE-2018-8253 | Microsoft Cortana Elevation of Privilege Vulnerability |
II. Referencia a soluciones, herramientas e información
Se recomienda actualizar los equipos utilizando windows update.
III. Información de contacto
CSIRT PANAMA
Computer Security Incident Response Team Autoridad Nacional para la Innovacion Gubernamental
E-Mail: info@cert.pa
Phone: +507 520-CERT (2378)
Web: https://cert.pa
Twitter: @CSIRTPanama
Facebook: http://www.facebook.com/CSIRTPanama
Key ID: 16F2B124