CSIRT Panamá Aviso 2019-07-10 Microsoft Libera sus actualizaciones de seguridad para Julio
Gravedad: Alta
Fecha de publicación: Julio 10, 2019
Última revisión: Julio 09, 2019
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/48293f19-d662-e911-a98e-000d3a33c573
Sistemas Afectados:
Microsoft Windows
Internet Explorer
Microsoft Edge
Microsoft Office and Microsoft Office Services and Web Apps
Azure DevOps
Open Source Software
.NET Framework
Azure
SQL Server
ASP.NET
Visual Studio
Microsoft Exchange Server
I. Descripción
Microsoft publicó las siguientes actualizaciones de seguridad y de otra índole para Office en Julio de 2019.
II. Problemas Conocidos
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| .NET Framework | CVE-2019-1083 | .NET Denial of Service Vulnerability | Important |
| .NET Framework | CVE-2019-1113 | .NET Framework Remote Code Execution Vulnerability | Critical |
| .NET Framework | CVE-2019-1006 | WCF/WIF SAML Token Authentication Bypass Vulnerability | Important |
| ASP.NET | CVE-2019-1075 | ASP.NET Core Spoofing Vulnerability | Moderate |
| Azure | CVE-2019-0962 | Azure Automation Elevation of Privilege Vulnerability | Important |
| Azure DevOps | CVE-2019-1076 | Team Foundation Server Cross-site Scripting Vulnerability | Important |
| Azure DevOps | CVE-2019-1072 | Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability | Critical |
| Internet Explorer | CVE-2019-1063 | Internet Explorer Memory Corruption Vulnerability | Critical |
| Microsoft Browsers | CVE-2019-1104 | Microsoft Browser Memory Corruption Vulnerability | Critical |
| Microsoft Exchange Server | ADV190021 | Outlook on the web Cross-Site Scripting Vulnerability | Important |
| Microsoft Exchange Server | CVE-2019-1136 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Important |
| Microsoft Exchange Server | CVE-2019-1137 | Microsoft Exchange Server Spoofing Vulnerability | Important |
| Microsoft Graphics Component | CVE-2019-1118 | DirectWrite Remote Code Execution Vulnerability | Important |
| Microsoft Graphics Component | CVE-2019-1119 | DirectWrite Remote Code Execution Vulnerability | Important |
| Microsoft Graphics Component | CVE-2019-1117 | DirectWrite Remote Code Execution Vulnerability | Important |
| Microsoft Graphics Component | CVE-2019-1127 | DirectWrite Remote Code Execution Vulnerability | Important |
| Microsoft Graphics Component | CVE-2019-1116 | Windows GDI Information Disclosure Vulnerability | Important |
| Microsoft Graphics Component | CVE-2019-1120 | DirectWrite Remote Code Execution Vulnerability | Important |
| Microsoft Graphics Component | CVE-2019-1124 | DirectWrite Remote Code Execution Vulnerability | Important |
| Microsoft Graphics Component | CVE-2019-0999 | DirectX Elevation of Privilege Vulnerability | Important |
| Microsoft Graphics Component | CVE-2019-1128 | DirectWrite Remote Code Execution Vulnerability | Important |
| Microsoft Graphics Component | CVE-2019-1121 | DirectWrite Remote Code Execution Vulnerability | Important |
| Microsoft Graphics Component | CVE-2019-1122 | DirectWrite Remote Code Execution Vulnerability | Important |
| Microsoft Graphics Component | CVE-2019-1123 | DirectWrite Remote Code Execution Vulnerability | Important |
| Microsoft Graphics Component | CVE-2019-1097 | DirectWrite Information Disclosure Vulnerability | Important |
| Microsoft Graphics Component | CVE-2019-1096 | Win32k Information Disclosure Vulnerability | Important |
| Microsoft Graphics Component | CVE-2019-1101 | Windows GDI Information Disclosure Vulnerability | Important |
| Microsoft Graphics Component | CVE-2019-1098 | Windows GDI Information Disclosure Vulnerability | Important |
| Microsoft Graphics Component | CVE-2019-1095 | Windows GDI Information Disclosure Vulnerability | Important |
| Microsoft Graphics Component | CVE-2019-1102 | GDI+ Remote Code Execution Vulnerability | Critical |
| Microsoft Graphics Component | CVE-2019-1100 | Windows GDI Information Disclosure Vulnerability | Important |
| Microsoft Graphics Component | CVE-2019-1094 | Windows GDI Information Disclosure Vulnerability | Important |
| Microsoft Graphics Component | CVE-2019-1093 | DirectWrite Information Disclosure Vulnerability | Important |
| Microsoft Office | CVE-2019-1084 | Microsoft Exchange Information Disclosure Vulnerability | Important |
| Microsoft Office | CVE-2019-1111 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2019-1110 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2019-1109 | Microsoft Office Spoofing Vulnerability | Important |
| Microsoft Office | CVE-2019-1112 | Microsoft Excel Information Disclosure Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2019-1134 | Microsoft Office SharePoint XSS Vulnerability | Important |
| Microsoft Scripting Engine | CVE-2019-1062 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical |
| Microsoft Scripting Engine | CVE-2019-1004 | Scripting Engine Memory Corruption Vulnerability | Critical |
| Microsoft Scripting Engine | CVE-2019-1001 | Scripting Engine Memory Corruption Vulnerability | Critical |
| Microsoft Scripting Engine | CVE-2019-1059 | Scripting Engine Memory Corruption Vulnerability | Moderate |
| Microsoft Scripting Engine | CVE-2019-1056 | Scripting Engine Memory Corruption Vulnerability | Critical |
| Microsoft Scripting Engine | CVE-2019-1106 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical |
| Microsoft Scripting Engine | CVE-2019-1092 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical |
| Microsoft Scripting Engine | CVE-2019-1103 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical |
| Microsoft Scripting Engine | CVE-2019-1107 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical |
| Microsoft Windows | CVE-2019-1067 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2019-1074 | Microsoft Windows Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2019-1091 | Microsoft unistore.dll Information Disclosure Vulnerability | Important |
| Microsoft Windows | CVE-2019-1082 | Microsoft Windows Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2019-0975 | ADFS Security Feature Bypass Vulnerability | Important |
| Microsoft Windows | CVE-2019-1130 | Windows Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2019-1129 | Windows Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2019-1037 | Windows Error Reporting Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2019-0880 | Microsoft splwow64 Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2019-0865 | SymCrypt Denial of Service Vulnerability | Important |
| Microsoft Windows | CVE-2019-0785 | Windows DHCP Server Remote Code Execution Vulnerability | Critical |
| Microsoft Windows | CVE-2019-0887 | Remote Desktop Services Remote Code Execution Vulnerability | Important |
| Microsoft Windows | CVE-2019-0966 | Windows Hyper-V Denial of Service Vulnerability | Important |
| Microsoft Windows | CVE-2019-1126 | ADFS Security Feature Bypass Vulnerability | Important |
| Microsoft Windows DNS | CVE-2019-1090 | Windows dnsrlvr.dll Elevation of Privilege Vulnerability | Important |
| Microsoft Windows DNS | CVE-2019-0811 | Windows DNS Server Denial of Service Vulnerability | Important |
| Open Source Software | CVE-2018-15664 | Docker Elevation of Privilege Vulnerability | Important |
| Servicing Stack Updates | ADV990001 | Latest Servicing Stack Updates | Critical |
| SQL Server | CVE-2019-1068 | Microsoft SQL Server Remote Code Execution Vulnerability | Important |
| Visual Studio | CVE-2019-1077 | Visual Studio Elevation of Privilege Vulnerability | Important |
| Visual Studio | CVE-2019-1079 | Visual Studio Information Disclosure Vulnerability | Important |
| Windows Kernel | CVE-2019-1073 | Windows Kernel Information Disclosure Vulnerability | Important |
| Windows Kernel | CVE-2019-1132 | Win32k Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2019-1071 | Windows Kernel Information Disclosure Vulnerability | Important |
| Windows Kernel | CVE-2019-1089 | Windows RPCSS Elevation of Privilege Vulnerability | Important |
| Windows Media | CVE-2019-1086 | Windows Audio Service Elevation of Privilege Vulnerability | Important |
| Windows Media | CVE-2019-1088 | Windows Audio Service Elevation of Privilege Vulnerability | Important |
| Windows Media | CVE-2019-1087 | Windows Audio Service Elevation of Privilege Vulnerability | Important |
| Windows Media | CVE-2019-1085 | Windows WLAN Service Elevation of Privilege Vulnerability | Important |
| Windows RDP | CVE-2019-1108 | Remote Desktop Protocol Client Information Disclosure Vulnerability | Important |
| Windows Shell | CVE-2019-1099 | Windows GDI Information Disclosure Vulnerability | Important |
III. Referencia a soluciones, herramientas e información
Actualizar utilizando Windows Update
IV. Información de contacto
CSIRT PANAMA
Computer Security Incident Response Team Autoridad Nacional para la Innovacion Gubernamental
E-Mail: info@cert.pa
Phone: +507 520-CERT (2378)
Web: https://cert.pa
Twitter: @CSIRTPanama
Facebook: http://www.facebook.com/CSIRTPanama
Key ID: 16F2B124