CSIRT Panamá Aviso 2019-02-13 Microsoft publica 70 actualizaciones de seguridad
Gravedad: Alta
Fecha de publicación: Febrero 14, 2019
Última revisión: Febrero 13, 2019
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/51503ac5-e6d2-e811-a983-000d3a33c573
Sistemas Afectados:
Adobe Flash Player
Internet Explorer
Microsoft Edge
Microsoft Windows
Microsoft Office and Microsoft Office Services and Web Apps
ChakraCore
.NET Framework
Microsoft Exchange Server
Microsoft Visual Studio
Azure IoT SDK
Microsoft Dynamics
Team Foundation Server
Visual Studio Code
I. Descripción
La versión de seguridad de Febrero consiste en actualizaciones de seguridad para los siguientes software:
| CVE Title | CVE ID | Severity |
|---|---|---|
| Latest Servicing Stack Updates | ADV990001 | Critica |
| February 2019 Adobe Flash Security Update | ADV190003 | Critica |
| February 2019 Oracle Outside In Library Security Update | ADV190004 | Desconocido |
| Guidance to mitigate unconstrained delegation vulnerabilities | ADV190006 | N/A |
| Guidance for “PrivExchange” Elevation of Privilege Vulnerability | ADV190007 | N/A |
| Microsoft Office Security Feature Bypass Vulnerability | CVE-2019-0540 | Importante |
| Scripting Engine Memory Corruption Vulnerability | CVE-2019-0590 | Critica |
| Scripting Engine Memory Corruption Vulnerability | CVE-2019-0591 | Critica |
| Scripting Engine Memory Corruption Vulnerability | CVE-2019-0593 | Critica |
| Microsoft SharePoint Remote Code Execution Vulnerability | CVE-2019-0594 | Critica |
| Jet Database Engine Remote Code Execution Vulnerability | CVE-2019-0595 | Importante |
| Jet Database Engine Remote Code Execution Vulnerability | CVE-2019-0596 | Importante |
| Jet Database Engine Remote Code Execution Vulnerability | CVE-2019-0597 | Importante |
| Jet Database Engine Remote Code Execution Vulnerability | CVE-2019-0598 | Importante |
| Jet Database Engine Remote Code Execution Vulnerability | CVE-2019-0599 | Importante |
| HID Information Disclosure Vulnerability | CVE-2019-0600 | Importante |
| HID Information Disclosure Vulnerability | CVE-2019-0601 | Importante |
| Windows GDI Information Disclosure Vulnerability | CVE-2019-0602 | Importante |
| Microsoft SharePoint Remote Code Execution Vulnerability | CVE-2019-0604 | Critica |
| Scripting Engine Memory Corruption Vulnerability | CVE-2019-0605 | Critica |
| Internet Explorer Memory Corruption Vulnerability | CVE-2019-0606 | Critica |
| Scripting Engine Memory Corruption Vulnerability | CVE-2019-0607 | Critica |
| Scripting Engine Memory Corruption Vulnerability | CVE-2019-0610 | Importante |
| .NET Framework and Visual Studio Remote Code Execution Vulnerability | CVE-2019-0613 | Importante |
| Windows GDI Information Disclosure Vulnerability | CVE-2019-0615 | Importante |
| Windows GDI Information Disclosure Vulnerability | CVE-2019-0616 | Importante |
| GDI+ Remote Code Execution Vulnerability | CVE-2019-0618 | Critica |
| Windows GDI Information Disclosure Vulnerability | CVE-2019-0619 | Importante |
| Windows Kernel Information Disclosure Vulnerability | CVE-2019-0621 | Importante |
| Win32k Elevation of Privilege Vulnerability | CVE-2019-0623 | Importante |
| Jet Database Engine Remote Code Execution Vulnerability | CVE-2019-0625 | Importante |
| Windows DHCP Server Remote Code Execution Vulnerability | CVE-2019-0626 | Critica |
| Windows Security Feature Bypass Vulnerability | CVE-2019-0627 | Importante |
| Win32k Information Disclosure Vulnerability | CVE-2019-0628 | Importante |
| Windows SMB Remote Code Execution Vulnerability | CVE-2019-0630 | Importante |
| Windows Security Feature Bypass Vulnerability | CVE-2019-0631 | Importante |
| Windows Security Feature Bypass Vulnerability | CVE-2019-0632 | Importante |
| Windows SMB Remote Code Execution Vulnerability | CVE-2019-0633 | Importante |
| Microsoft Edge Memory Corruption Vulnerability | CVE-2019-0634 | Critica |
| Windows Hyper-V Information Disclosure Vulnerability | CVE-2019-0635 | Importante |
| Windows Information Disclosure Vulnerability | CVE-2019-0636 | Importante |
| Windows Defender Firewall Security Feature Bypass Vulnerability | CVE-2019-0637 | Importante |
| Scripting Engine Memory Corruption Vulnerability | CVE-2019-0640 | Critica |
| Microsoft Edge Security Feature Bypass Vulnerability | CVE-2019-0641 | Moderada |
| Scripting Engine Memory Corruption Vulnerability | CVE-2019-0642 | Critica |
| Microsoft Edge Information Disclosure Vulnerability | CVE-2019-0643 | Moderada |
| Scripting Engine Memory Corruption Vulnerability | CVE-2019-0644 | Critica |
| Microsoft Edge Memory Corruption Vulnerability | CVE-2019-0645 | Critica |
| Scripting Engine Information Disclosure Vulnerability | CVE-2019-0648 | Importante |
| Scripting Engine Elevation of Privileged Vulnerability | CVE-2019-0649 | Importante |
| Microsoft Edge Memory Corruption Vulnerability | CVE-2019-0650 | Critica |
| Scripting Engine Memory Corruption Vulnerability | CVE-2019-0651 | Critica |
| Scripting Engine Memory Corruption Vulnerability | CVE-2019-0652 | Critica |
| Microsoft Browser Spoofing Vulnerability | CVE-2019-0654 | Importante |
| Scripting Engine Memory Corruption Vulnerability | CVE-2019-0655 | Critica |
| Windows Kernel Elevation of Privilege Vulnerability | CVE-2019-0656 | Importante |
| .NET Framework and Visual Studio Spoofing Vulnerability | CVE-2019-0657 | Importante |
| Scripting Engine Information Disclosure Vulnerability | CVE-2019-0658 | Importante |
| Windows Storage Service Elevation of Privilege Vulnerability | CVE-2019-0659 | Importante |
| Windows GDI Information Disclosure Vulnerability | CVE-2019-0660 | Importante |
| Windows Kernel Information Disclosure Vulnerability | CVE-2019-0661 | Importante |
| GDI+ Remote Code Execution Vulnerability | CVE-2019-0662 | Critica |
| Windows GDI Information Disclosure Vulnerability | CVE-2019-0664 | Importante |
| Microsoft SharePoint Elevation of Privilege Vulnerability | CVE-2019-0668 | Importante |
| Microsoft Excel Information Disclosure Vulnerability | CVE-2019-0669 | Importante |
| Microsoft SharePoint Spoofing Vulnerability | CVE-2019-0670 | Moderada |
| Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability | CVE-2019-0671 | Importante |
| Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability | CVE-2019-0672 | Importante |
| Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability | CVE-2019-0673 | Importante |
| Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability | CVE-2019-0674 | Importante |
| Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability | CVE-2019-0675 | Importante |
| Internet Explorer Information Disclosure Vulnerability | CVE-2019-0676 | Importante |
| Microsoft Exchange Server Elevation of Privilege Vulnerability | CVE-2019-0686 | Importante |
| Microsoft Exchange Server Elevation of Privilege Vulnerability | CVE-2019-0724 | Importante |
| Visual Studio Code Remote Code Execution Vulnerability | CVE-2019-0728 | Importante |
| Azure IoT Java SDK Elevation of Privilege Vulnerability | CVE-2019-0729 | Importante |
| Azure IoT Java SDK Information Disclosure Vulnerability | CVE-2019-0741 | Importante |
| Team Foundation Server Cross-site Scripting Vulnerability | CVE-2019-0742 | Importante |
| Team Foundation Server Cross-site Scripting Vulnerability | CVE-2019-0743 | Importante |
II. Referencia a soluciones, herramientas e información
Se recomienda actualizar los equipos utilizando windows update.
III. Información de contacto
CSIRT PANAMA
Computer Security Incident Response Team Autoridad Nacional para la Innovacion Gubernamental
E-Mail: info@cert.pa
Phone: +507 520-CERT (2378)
Web: https://cert.pa
Twitter: @CSIRTPanama
Facebook: http://www.facebook.com/CSIRTPanama
Key ID: 16F2B124