CSIRT Panamá Aviso 2019-10-11 Microsoft Libera sus actualizaciones de seguridad para Octubre
Gravedad: Alta
Fecha de publicación: Octubre 11, 2019
Última revisión: Agosto 10, 2019
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/28ef0a64-489c-e911-a994-000d3a33c573
Sistemas Afectados:
Microsoft Windows
Internet Explorer
Microsoft Edge (EdgeHTML-based)
ChakraCore
Microsoft Office and Microsoft Office Services and Web Apps
SQL Server Management Studio
Open Source Software
Microsoft Dynamics 365
Windows Update Assistant
I. Descripción
Microsoft publicó las siguientes actualizaciones de seguridad correspondientes este mes.
II. Problemas Conocidos
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| Azure | CVE-2019-1372 | Azure App Service Remote Code Execution Vulnerability | Critical |
| Internet Explorer | CVE-2019-1371 | Internet Explorer Memory Corruption Vulnerability | Important |
| Microsoft Browsers | CVE-2019-0608 | Microsoft Browser Spoofing Vulnerability | Important |
| Microsoft Browsers | CVE-2019-1357 | Microsoft Browser Spoofing Vulnerability | Important |
| Microsoft Devices | CVE-2019-1314 | Windows 10 Mobile Security Feature Bypass Vulnerability | Important |
| Microsoft Dynamics | CVE-2019-1375 | Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability | Important |
| Microsoft Edge | CVE-2019-1356 | Microsoft Edge based on Edge HTML Information Disclosure Vulnerability | Important |
| Microsoft Graphics Component | CVE-2019-1361 | Microsoft Graphics Components Information Disclosure Vulnerability | Important |
| Microsoft Graphics Component | CVE-2019-1362 | Win32k Elevation of Privilege Vulnerability | Important |
| Microsoft Graphics Component | CVE-2019-1364 | Win32k Elevation of Privilege Vulnerability | Important |
| Microsoft Graphics Component | CVE-2019-1363 | Windows GDI Information Disclosure Vulnerability | Important |
| Microsoft JET Database Engine | CVE-2019-1358 | Jet Database Engine Remote Code Execution Vulnerability | Important |
| Microsoft JET Database Engine | CVE-2019-1359 | Jet Database Engine Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2019-1331 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2019-1327 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2019-1330 | Microsoft SharePoint Elevation of Privilege Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2019-1329 | Microsoft SharePoint Elevation of Privilege Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2019-1328 | Microsoft SharePoint Spoofing Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2019-1070 | Microsoft Office SharePoint XSS Vulnerability | Important |
| Microsoft Scripting Engine | CVE-2019-1366 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical |
| Microsoft Scripting Engine | CVE-2019-1060 | MS XML Remote Code Execution Vulnerability | Critical |
| Microsoft Scripting Engine | CVE-2019-1307 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical |
| Microsoft Scripting Engine | CVE-2019-1308 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical |
| Microsoft Scripting Engine | CVE-2019-1335 | Chakra Scripting Engine Memory Corruption Vulnerability | Moderate |
| Microsoft Scripting Engine | CVE-2019-1239 | VBScript Remote Code Execution Vulnerability | Critical |
| Microsoft Scripting Engine | CVE-2019-1238 | VBScript Remote Code Execution Vulnerability | Critical |
| Microsoft Windows | CVE-2019-1325 | Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability | Moderate |
| Microsoft Windows | CVE-2019-1340 | Microsoft Windows Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2019-1338 | Windows NTLM Security Feature Bypass Vulnerability | Important |
| Microsoft Windows | CVE-2019-1339 | Windows Error Reporting Manager Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2019-1316 | Microsoft Windows Setup Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2019-1342 | Windows Error Reporting Manager Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2019-1311 | Windows Imaging API Remote Code Execution Vulnerability | Important |
| Microsoft Windows | CVE-2019-1344 | Windows Code Integrity Module Information Disclosure Vulnerability | Important |
| Microsoft Windows | CVE-2019-1347 | Windows Denial of Service Vulnerability | Important |
| Microsoft Windows | CVE-2019-1315 | Windows Error Reporting Manager Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2019-1346 | Windows Denial of Service Vulnerability | Important |
| Microsoft Windows | CVE-2019-1317 | Microsoft Windows Denial of Service Vulnerability | Important |
| Microsoft Windows | CVE-2019-1321 | Microsoft Windows CloudStore Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2019-1322 | Microsoft Windows Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2019-1341 | Windows Power Service Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2019-1319 | Windows Error Reporting Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2019-1318 | Microsoft Windows Transport Layer Security Spoofing Vulnerability | Important |
| Microsoft Windows | CVE-2019-1320 | Microsoft Windows Elevation of Privilege Vulnerability | Important |
| Open Source Software | CVE-2019-1369 | Open Enclave SDK Information Disclosure Vulnerability | Important |
| Secure Boot | CVE-2019-1368 | Windows Secure Boot Security Feature Bypass Vulnerability | Important |
| Servicing Stack Updates | ADV990001 | Latest Servicing Stack Updates | Critical |
| SQL Server | CVE-2019-1376 | SQL Server Management Studio Information Disclosure Vulnerability | Important |
| SQL Server | CVE-2019-1313 | SQL Server Management Studio Information Disclosure Vulnerability | Important |
| Windows Hyper-V | CVE-2019-1230 | Hyper-V Information Disclosure Vulnerability | Important |
| Windows IIS | CVE-2019-1365 | Microsoft IIS Server Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2019-1343 | Windows Denial of Service Vulnerability | Important |
| Windows Kernel | CVE-2019-1334 | Windows Kernel Information Disclosure Vulnerability | Important |
| Windows Kernel | CVE-2019-1345 | Windows Kernel Information Disclosure Vulnerability | Important |
| Windows NTLM | CVE-2019-1166 | Windows NTLM Tampering Vulnerability | Important |
| Windows RDP | CVE-2019-1326 | Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability | Important |
| Windows RDP | CVE-2019-1333 | Remote Desktop Client Remote Code Execution Vulnerability | Critical |
| Windows Update Stack | CVE-2019-1323 | Microsoft Windows Update Client Elevation of Privilege Vulnerability | Important |
| Windows Update Stack | CVE-2019-1337 | Windows Update Client Information Disclosure Vulnerability | Important |
| Windows Update Stack | CVE-2019-1336 | Microsoft Windows Update Client Elevation of Privilege Vulnerability | Important |
III. Referencia a soluciones, herramientas e información
Actualizar utilizando Windows Update
IV. Información de contacto
CSIRT PANAMA
Computer Security Incident Response Team Autoridad Nacional para la Innovacion Gubernamental
E-Mail: info@cert.pa
Phone: +507 520-CERT (2378)
Web: https://cert.pa
Twitter: @CSIRTPanama
Facebook: http://www.facebook.com/CSIRTPanama
Key ID: 16F2B124