CSIRT Panamá Aviso 2019-11-14 Microsoft publica 74 actualizaciones de seguridad

Posted By: CSIRT Panamá November 14, 2019

CSIRT Panamá Aviso 2019-11-14 Microsoft publica 74 actualizaciones de seguridad
Gravedad: Alta
Fecha de publicación: Noviembre 14, 2019
Última revisión: Noviembre 14, 2019
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/164aa83e-499c-e911-a994-000d3a33c573

Sistemas Afectados:
Microsoft Windows
Internet Explorer
Microsoft Edge (EdgeHTML-based)
ChakraCore
Microsoft Office and Microsoft Office Services and Web Apps
Open Source Software
Microsoft Exchange Server
Visual Studio
Azure Stack

I. Descripción

La versión de seguridad de Febrero consiste en actualizaciones de seguridad para los siguientes software:

TagCVE IDCVE TitleSeverity
Azure StackCVE-2019-1234Azure Stack Spoofing VulnerabilityImportant
ChipsetsADV190024Microsoft Guidance for Vulnerability in Trusted Platform Module (TPM)Unknown
Graphic FontsCVE-2019-1456OpenType Font Parsing Remote Code Execution VulnerabilityImportant
Microsoft EdgeCVE-2019-1413Microsoft Edge Security Feature Bypass VulnerabilityLow
Microsoft Exchange ServerCVE-2019-1373Microsoft Exchange Remote Code Execution VulnerabilityCritical
Microsoft Graphics ComponentCVE-2019-1441Win32k Graphics Remote Code Execution VulnerabilityCritical
Microsoft Graphics ComponentCVE-2019-1408Win32k Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2019-1439Windows GDI Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2019-1438Windows Graphics Component Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2019-1407Windows Graphics Component Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2019-1394Win32k Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2019-1393Win32k Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2019-1396Win32k Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2019-1395Win32k Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2019-1437Windows Graphics Component Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2019-1432DirectWrite Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2019-1411DirectWrite Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2019-1440Win32k Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2019-1419OpenType Font Parsing Remote Code Execution VulnerabilityCritical
Microsoft Graphics ComponentCVE-2019-1433Windows Graphics Component Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2019-1436Win32k Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2019-1412OpenType Font Driver Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2019-1434Win32k Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2019-1435Windows Graphics Component Elevation of Privilege VulnerabilityImportant
Microsoft JET Database EngineCVE-2019-1406Jet Database Engine Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2019-1445Microsoft Office Online Spoofing VulnerabilityImportant
Microsoft OfficeCVE-2019-1449Microsoft Office ClickToRun Security Feature Bypass VulnerabilityImportant
Microsoft OfficeCVE-2019-1446Microsoft Excel Information Disclosure VulnerabilityImportant
Microsoft OfficeCVE-2019-1447Microsoft Office Online Spoofing VulnerabilityImportant
Microsoft OfficeCVE-2019-1402Microsoft Office Information Disclosure VulnerabilityImportant
Microsoft OfficeCVE-2019-1448Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2019-1457Microsoft Office Excel Security Feature BypassImportant
Microsoft Office SharePointCVE-2019-1443Microsoft SharePoint Information Disclosure VulnerabilityImportant
Microsoft Office SharePointCVE-2019-1442Microsoft Office Security Feature Bypass VulnerabilityImportant
Microsoft RPCCVE-2019-1409Windows Remote Procedure Call Information Disclosure VulnerabilityImportant
Microsoft Scripting EngineCVE-2019-1426Scripting Engine Memory Corruption VulnerabilityCritical
Microsoft Scripting EngineCVE-2019-1429Scripting Engine Memory Corruption VulnerabilityCritical
Microsoft Scripting EngineCVE-2019-1427Scripting Engine Memory Corruption VulnerabilityCritical
Microsoft Scripting EngineCVE-2019-1428Scripting Engine Memory Corruption VulnerabilityModerate
Microsoft Scripting EngineCVE-2019-1390VBScript Remote Code Execution VulnerabilityModerate
Microsoft WindowsCVE-2019-1383Windows Data Sharing Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2019-1418Windows Modules Installer Service Information Disclosure VulnerabilityImportant
Microsoft WindowsCVE-2018-12207Windows Denial of Service VulnerabilityImportant
Microsoft WindowsCVE-2019-1420Windows Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2019-1417Windows Data Sharing Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2019-1415Windows Installer Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2019-1374Windows Error Reporting Information Disclosure VulnerabilityImportant
Microsoft WindowsCVE-2019-1422Windows Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2019-1423Windows Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2019-1424NetLogon Security Feature Bypass VulnerabilityImportant
Microsoft WindowsCVE-2019-1382Microsoft ActiveX Installer Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2019-1385Windows AppX Deployment Extensions Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2019-1380Microsoft splwow64 Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2019-1388Windows Certificate Dialog Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2019-1391Windows Denial of Service VulnerabilityImportant
Microsoft WindowsCVE-2019-1384Microsoft Windows Security Feature Bypass VulnerabilityImportant
Microsoft WindowsCVE-2019-1405Windows UPnP Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2019-1381Microsoft Windows Information Disclosure VulnerabilityImportant
Microsoft WindowsCVE-2019-1379Windows Data Sharing Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2019-1324Windows TCP/IP Information Disclosure VulnerabilityImportant
Open Source SoftwareCVE-2019-1370Open Enclave SDK Information Disclosure VulnerabilityImportant
Servicing Stack UpdatesADV990001Latest Servicing Stack UpdatesCritical
Visual StudioCVE-2019-1425Visual Studio Elevation of Privilege VulnerabilityImportant
Windows Hyper-VCVE-2019-1398Windows Hyper-V Remote Code Execution VulnerabilityCritical
Windows Hyper-VCVE-2019-1310Windows Hyper-V Denial of Service VulnerabilityImportant
Windows Hyper-VCVE-2019-0719Hyper-V Remote Code Execution VulnerabilityCritical
Windows Hyper-VCVE-2019-1399Windows Hyper-V Denial of Service VulnerabilityImportant
Windows Hyper-VCVE-2019-1397Windows Hyper-V Remote Code Execution VulnerabilityCritical
Windows Hyper-VCVE-2019-0712Windows Hyper-V Denial of Service VulnerabilityImportant
Windows Hyper-VCVE-2019-0721Hyper-V Remote Code Execution VulnerabilityCritical
Windows Hyper-VCVE-2019-1389Windows Hyper-V Remote Code Execution VulnerabilityCritical
Windows Hyper-VCVE-2019-1309Windows Hyper-V Denial of Service VulnerabilityImportant
Windows KernelCVE-2019-1392Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2019-11135Windows Kernel Information Disclosure VulnerabilityImportant
Windows Media PlayerCVE-2019-1430Microsoft Windows Media Foundation Remote Code Execution VulnerabilityCritical
Windows Subsystem for LinuxCVE-2019-1416Windows Subsystem for Linux Elevation of Privilege VulnerabilityImportant

II. Referencia a soluciones, herramientas e información

Se recomienda actualizar los equipos utilizando windows update.

III. Información de contacto
CSIRT PANAMA
Computer Security Incident Response Team Autoridad Nacional para la Innovacion Gubernamental
E-Mail: info@cert.pa
Phone: +507 520-CERT (2378)
Web: https://cert.pa
Twitter: @CSIRTPanama
Facebook: http://www.facebook.com/CSIRTPanama
Key ID: 16F2B124