CSIRT Panamá Aviso 2019-05-15 Microsoft publica 79 actualizaciones de seguridad

TOPICS:

Posted By: CSIRT Panamá May 15, 2019

CSIRT Panamá Aviso 2019-05-15 Microsoft publica 79 actualizaciones de seguridad
Gravedad: Alta
Fecha de publicación: Marzo 15, 2019
Última revisión: Marzo 14, 2019
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/e5989c8b-7046-e911-a98e-000d3a33a34d


Sistemas Afectados:
Adobe Flash Player
Microsoft Windows
Internet Explorer
Microsoft Edge
Microsoft Office and Microsoft Office Services and Web Apps
Team Foundation Server
Visual Studio
Azure DevOps Server
SQL Server
.NET Framework
.NET Core
ASP.NET Core
ChakraCore
Online Services
Azure
NuGet
Skype for Android

I. Descripción
El paquete de actualizaciones para este mes cubre los siguientes puntos:

TagCVE IDCVE TitleSeverity
.NET CoreCVE-2019-0982ASP.NET Core Denial of Service VulnerabilityImportant
.NET CoreCVE-2019-0981.Net Framework and .Net Core Denial of Service VulnerabilityImportant
.NET CoreCVE-2019-0980.Net Framework and .Net Core Denial of Service VulnerabilityImportant
.NET FrameworkCVE-2019-0864.NET Framework Denial of Service VulnerabilityImportant
.NET FrameworkCVE-2019-0820.NET Framework and .NET Core Denial of Service VulnerabilityImportant
Adobe Flash PlayerADV190012May 2019 Adobe Flash Security UpdateCritical
AzureCVE-2019-1000Microsoft Azure AD Connect Elevation of Privilege VulnerabilityImportant
Internet ExplorerCVE-2019-0929Internet Explorer Memory Corruption VulnerabilityCritical
Internet ExplorerCVE-2019-0995Internet Explorer Security Feature Bypass VulnerabilityImportant
Internet ExplorerCVE-2019-0930Internet Explorer Information Disclosure VulnerabilityImportant
Internet ExplorerCVE-2019-0921Internet Explorer Spoofing VulnerabilityImportant
KerberosCVE-2019-0734Windows Elevation of Privilege VulnerabilityImportant
Microsoft BrowsersCVE-2019-0940Microsoft Browser Memory Corruption VulnerabilityModerate
Microsoft DynamicsCVE-2019-1008Microsoft Dynamics On-Premise Security Feature BypassImportant
Microsoft EdgeCVE-2019-0938Microsoft Edge Elevation of Privilege VulnerabilityImportant
Microsoft EdgeCVE-2019-0926Microsoft Edge Memory Corruption VulnerabilityCritical
Microsoft Graphics ComponentCVE-2019-0892Win32k Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2019-0961Windows GDI Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2019-0758Windows GDI Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2019-0903GDI+ Remote Code Execution VulnerabilityCritical
Microsoft Graphics ComponentCVE-2019-0882Windows GDI Information Disclosure VulnerabilityImportant
Microsoft JET Database EngineCVE-2019-0898Jet Database Engine Remote Code Execution VulnerabilityImportant
Microsoft JET Database EngineCVE-2019-0895Jet Database Engine Remote Code Execution VulnerabilityImportant
Microsoft JET Database EngineCVE-2019-0897Jet Database Engine Remote Code Execution VulnerabilityImportant
Microsoft JET Database EngineCVE-2019-0889Jet Database Engine Remote Code Execution VulnerabilityImportant
Microsoft JET Database EngineCVE-2019-0890Jet Database Engine Remote Code Execution VulnerabilityImportant
Microsoft JET Database EngineCVE-2019-0891Jet Database Engine Remote Code Execution VulnerabilityImportant
Microsoft JET Database EngineCVE-2019-0896Jet Database Engine Remote Code Execution VulnerabilityImportant
Microsoft JET Database EngineCVE-2019-0893Jet Database Engine Remote Code Execution VulnerabilityImportant
Microsoft JET Database EngineCVE-2019-0894Jet Database Engine Remote Code Execution VulnerabilityImportant
Microsoft JET Database EngineCVE-2019-0901Jet Database Engine Remote Code Execution VulnerabilityImportant
Microsoft JET Database EngineCVE-2019-0899Jet Database Engine Remote Code Execution VulnerabilityImportant
Microsoft JET Database EngineCVE-2019-0900Jet Database Engine Remote Code Execution VulnerabilityImportant
Microsoft JET Database EngineCVE-2019-0902Jet Database Engine Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2019-0947Microsoft Office Access Connectivity Engine Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2019-0953Microsoft Word Remote Code Execution VulnerabilityCritical
Microsoft OfficeCVE-2019-0945Microsoft Office Access Connectivity Engine Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2019-0946Microsoft Office Access Connectivity Engine Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2019-0957Microsoft SharePoint Elevation of Privilege VulnerabilityImportant
Microsoft Office SharePointCVE-2019-0956Microsoft SharePoint Server Information Disclosure VulnerabilityImportant
Microsoft Office SharePointCVE-2019-0949Microsoft SharePoint Spoofing VulnerabilityImportant
Microsoft Office SharePointCVE-2019-0950Microsoft SharePoint Spoofing VulnerabilityImportant
Microsoft Office SharePointCVE-2019-0952Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2019-0951Microsoft SharePoint Spoofing VulnerabilityImportant
Microsoft Office SharePointCVE-2019-0963Microsoft Office SharePoint XSS VulnerabilityImportant
Microsoft Office SharePointCVE-2019-0958Microsoft SharePoint Elevation of Privilege VulnerabilityImportant
Microsoft Scripting EngineCVE-2019-0924Chakra Scripting Engine Memory Corruption VulnerabilityCritical
Microsoft Scripting EngineCVE-2019-0923Chakra Scripting Engine Memory Corruption VulnerabilityImportant
Microsoft Scripting EngineCVE-2019-0927Chakra Scripting Engine Memory Corruption VulnerabilityCritical
Microsoft Scripting EngineCVE-2019-0922Chakra Scripting Engine Memory Corruption VulnerabilityCritical
Microsoft Scripting EngineCVE-2019-0884Scripting Engine Memory Corruption VulnerabilityCritical
Microsoft Scripting EngineCVE-2019-0933Chakra Scripting Engine Memory Corruption VulnerabilityModerate
Microsoft Scripting EngineCVE-2019-0925Chakra Scripting Engine Memory Corruption VulnerabilityCritical
Microsoft Scripting EngineCVE-2019-0937Chakra Scripting Engine Memory Corruption VulnerabilityCritical
Microsoft Scripting EngineCVE-2019-0918Scripting Engine Memory Corruption VulnerabilityCritical
Microsoft Scripting EngineCVE-2019-0913Chakra Scripting Engine Memory Corruption VulnerabilityCritical
Microsoft Scripting EngineCVE-2019-0912Chakra Scripting Engine Memory Corruption VulnerabilityModerate
Microsoft Scripting EngineCVE-2019-0911Scripting Engine Memory Corruption VulnerabilityCritical
Microsoft Scripting EngineCVE-2019-0914Chakra Scripting Engine Memory Corruption VulnerabilityCritical
Microsoft Scripting EngineCVE-2019-0917Chakra Scripting Engine Memory Corruption VulnerabilityCritical
Microsoft Scripting EngineCVE-2019-0916Chakra Scripting Engine Memory Corruption VulnerabilityCritical
Microsoft Scripting EngineCVE-2019-0915Chakra Scripting Engine Memory Corruption VulnerabilityCritical
Microsoft WindowsCVE-2019-0733Windows Defender Application Control Security Feature Bypass VulnerabilityImportant
Microsoft WindowsCVE-2019-0936Windows Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2019-0886Windows Hyper-V Information Disclosure VulnerabilityImportant
Microsoft WindowsCVE-2019-0863Windows Error Reporting Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2019-0942Unified Write Filter Elevation of Privilege VulnerabilityImportant
Microsoft WindowsADV190013Microsoft Guidance to mitigate Microarchitectural Data Sampling vulnerabilitiesImportant
Microsoft WindowsCVE-2019-0931Windows Storage Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2019-0885Windows OLE Remote Code Execution VulnerabilityImportant
NuGetCVE-2019-0976NuGet Package Manager Tampering VulnerabilityImportant
Servicing Stack UpdatesADV990001Latest Servicing Stack UpdatesCritical
Skype for AndroidCVE-2019-0932Skype for Android Information Disclosure VulnerabilityImportant
SQL ServerCVE-2019-0819Microsoft SQL Server Analysis Services Information Disclosure VulnerabilityImportant
Team Foundation ServerCVE-2019-0971Azure DevOps Server and Team Foundation Server Information Disclosure VulnerabilityImportant
Team Foundation ServerCVE-2019-0979Azure DevOps Server and Team Foundation Server Cross-site Scripting VulnerabilityImportant
Team Foundation ServerCVE-2019-0872Azure DevOps Server and Team Foundation Server Cross-site Scripting VulnerabilityImportant
Windows DHCP ServerCVE-2019-0725Windows DHCP Server Remote Code Execution VulnerabilityCritical
Windows Diagnostic HubCVE-2019-0727Diagnostic Hub Standard Collector, Visual Studio Standard Collector Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2019-0881Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows NDISCVE-2019-0707Windows NDIS Elevation of Privilege VulnerabilityImportant
Windows RDPCVE-2019-0708Remote Desktop Services Remote Code Execution VulnerabilitCritical

II. Referencia a soluciones, herramientas e información
Se recomienda actualizar los equipos utilizando windows update.

III. Información de contacto
CSIRT PANAMA
Computer Security Incident Response Team Autoridad Nacional para la Innovacion Gubernamental
E-Mail: info@cert.pa
Phone: +507 520-CERT (2378)
Web: https://cert.pa
Twitter: @CSIRTPanama
Facebook: http://www.facebook.com/CSIRTPanama
Key ID: 16F2B124