CSIRT Panamá Aviso 2018-sep-13 Microsoft libera actualizaciones para 62 Vulnerabilidades.
Gravedad: Alta
Fecha de publicación: Septiembre 13, 2018
Última revisión: Septiembre 12, 2018
https://technet.microsoft.com/en-us/security/bulletins.aspx
Sistemas Afectados:
.NET Core
.NET Framework
Adobe Flash Player
Azure
Device Guard
Internet Explorer
Microsoft Edge
Microsoft Graphics Component
Microsoft Identity Services
Microsoft JET Database Engine
Microsoft Office
Microsoft Scripting Engine
Microsoft Windows
Microsoft XML Core Services
Windows Hyper-V
Windows Kernel
Windows Media
Windows Shell
Windows SMB Server
Windows Subsystem for Linux
I. Descripción
Microsoft ha lanzado actualizaciones para 62 vulnerabilidades que afectan a múltiples productos.
II. Impacto
| Tag | CVE ID | CVE Title |
|---|---|---|
| .NET Core | CVE-2018-8409 | System.IO.Pipelines Denial of Service |
| .NET Framework | CVE-2018-8421 | .NET Framework Remote Code Execution Vulnerability |
| Adobe Flash Player | ADV180023 | September 2018 Adobe Flash Security Update |
| Azure | CVE-2018-8479 | Azure IoT SDK Spoofing Vulnerability |
| Device Guard | CVE-2018-8449 | Device Guard Security Feature Bypass Vulnerability |
| Internet Explorer | CVE-2018-8470 | Internet Explorer Security Feature Bypass Vulnerability |
| Internet Explorer | CVE-2018-8447 | Internet Explorer Memory Corruption Vulnerability |
| Internet Explorer | CVE-2018-8461 | Internet Explorer Memory Corruption Vulnerability |
| Microsoft Edge | CVE-2018-8366 | Microsoft Edge Information Disclosure Vulnerability |
| Microsoft Edge | CVE-2018-8469 | Microsoft Edge Elevation of Privilege Vulnerability |
| Microsoft Edge | CVE-2018-8463 | Microsoft Edge Elevation of Privilege Vulnerability |
| Microsoft Edge | CVE-2018-8425 | Microsoft Edge Spoofing Vulnerability |
| Microsoft Edge | CVE-2018-8464 | Microsoft Edge PDF Remote Code Execution Vulnerability |
| Microsoft Graphics Component | CVE-2018-8332 | Win32k Graphics Remote Code Execution Vulnerability |
| Microsoft Graphics Component | CVE-2018-8475 | Windows Remote Code Execution Vulnerability |
| Microsoft Graphics Component | CVE-2018-8462 | DirectX Graphics Kernel Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2018-8424 | Windows GDI Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2018-8433 | Microsoft Graphics Component Information Disclosure Vulnerability |
| Microsoft Identity Services | CVE-2018-8269 | OData Denial of Service Vulnerability |
| Microsoft JET Database Engine | CVE-2018-8392 | Microsoft JET Database Engine Remote Code Execution Vulnerability |
| Microsoft JET Database Engine | CVE-2018-8393 | Microsoft JET Database Engine Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2018-8428 | Microsoft SharePoint Elevation of Privilege Vulnerability |
| Microsoft Office | CVE-2018-8426 | Microsoft Office SharePoint XSS Vulnerability |
| Microsoft Office | CVE-2018-8429 | Microsoft Excel Information Disclosure Vulnerability |
| Microsoft Office | CVE-2018-8431 | Microsoft SharePoint Elevation of Privilege Vulnerability |
| Microsoft Office | CVE-2018-8430 | Word PDF Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2018-8474 | Lync for Mac 2011 Security Feature Bypass Vulnerability |
| Microsoft Office | CVE-2018-8331 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8457 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8459 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8465 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8456 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8367 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8391 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8452 | Scripting Engine Information Disclosure Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8315 | Microsoft Scripting Engine Information Disclosure Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8354 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8466 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8467 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Windows | CVE-2018-8438 | Windows Hyper-V Denial of Service Vulnerability |
| Microsoft Windows | CVE-2018-8271 | Windows Information Disclosure Vulnerability |
| Microsoft Windows | ADV180022 | Windows Denial of Service Vulnerability |
| Microsoft Windows | CVE-2018-8440 | Windows ALPC Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2018-8410 | Windows Registry Elevation of Privilege Vulnerability |
| Microsoft XML Core Services | CVE-2018-8420 | MS XML Remote Code Execution Vulnerability |
| Windows Hyper-V | CVE-2018-0965 | Windows Hyper-V Remote Code Execution Vulnerability |
| Windows Hyper-V | CVE-2018-8435 | Windows Hyper-V Security Feature Bypass Vulnerability |
| Windows Hyper-V | CVE-2018-8436 | Windows Hyper-V Denial of Service Vulnerability |
| Windows Hyper-V | CVE-2018-8439 | Windows Hyper-V Remote Code Execution Vulnerability |
| Windows Hyper-V | CVE-2018-8437 | Windows Hyper-V Denial of Service Vulnerability |
| Windows Hyper-V | CVE-2018-8434 | Windows Hyper-V Information Disclosure Vulnerability |
| Windows Kernel | CVE-2018-8336 | Windows Kernel Information Disclosure Vulnerability |
| Windows Kernel | CVE-2018-8446 | Windows Kernel Information Disclosure Vulnerability |
| Windows Kernel | CVE-2018-8443 | Windows Kernel Information Disclosure Vulnerability |
| Windows Kernel | CVE-2018-8445 | Windows Kernel Information Disclosure Vulnerability |
| Windows Kernel | CVE-2018-8455 | Windows Kernel Elevation of Privilege Vulnerability |
| Windows Kernel | CVE-2018-8442 | Windows Kernel Information Disclosure Vulnerability |
| Windows Media | CVE-2018-8419 | Windows Kernel Information Disclosure Vulnerability |
| Windows Shell | CVE-2018-8468 | Windows Elevation of Privilege Vulnerability |
| Windows SMB Server | CVE-2018-8444 | Windows SMB Information Disclosure Vulnerability |
| Windows SMB Server | CVE-2018-8335 | Windows SMB Denial of Service Vulnerability |
| Windows Subsystem for Linux | CVE-2018-8441 | Windows Subsystem for Linux Elevation of Privilege Vulnerability |
| Windows Subsystem for Linux | CVE-2018-8337 | Windows Subsystem for Linux Security Feature Bypass Vulnerability |
III. Referencia a soluciones, herramientas e información
Se recomienda actualizar los equipos utilizando windows update.
IV. Información de contacto
CSIRT PANAMA
Computer Security Incident Response Team Autoridad Nacional para la Innovacion Gubernamental
E-Mail: info@cert.pa
Phone: +507 520-CERT (2378)
Web: https://cert.pa
Twitter: @CSIRTPanama
Facebook: http://www.facebook.com/CSIRTPanama
Key ID: 16F2B124