CSIRT Panamá Aviso 2019-12-12 Microsoft libera sus actualizaciones de diciembre que corrigen el Zero day Win32k y 36 Fallas

TOPICS:

Posted By: CSIRT Panamá December 12, 2019

CSIRT Panamá Aviso 2019-12-12 Microsoft libera sus actualizaciones de diciembre que corrigen el Zero day Win32k y 36 Fallas
Gravedad: Alta
Fecha de publicación: Diciembre 12, 2019
Última revisión: Diciembre 12, 2019
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2019-Dec

Sistemas Afectados:
Microsoft Windows
Internet Explorer
Microsoft Office and Microsoft Office Services and Web Apps
SQL Server
Visual Studio
Skype for Business

I. Descripción
Microsoft publicó las siguientes actualizaciones de seguridad correspondientes este mes.

II. Problemas Conocidos

TagCVE IDCVE TitleSeverity
ADV190026Microsoft Guidance for cleaning up orphaned keys generated on vulnerable TPMs and used for Windows Hello for BusinessUnknown
End of Life SoftwareCVE-2019-1489Remote Desktop Protocol Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2019-1465Windows GDI Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2019-1468Win32k Graphics Remote Code Execution VulnerabilityCritical
Microsoft Graphics ComponentCVE-2019-1466Windows GDI Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2019-1467Windows GDI Information Disclosure VulnerabilityImportant
Microsoft OfficeCVE-2019-1400Microsoft Access Information Disclosure VulnerabilityImportant
Microsoft OfficeCVE-2019-1464Microsoft Excel Information Disclosure VulnerabilityImportant
Microsoft OfficeCVE-2019-1461Microsoft Word Denial of Service VulnerabilityImportant
Microsoft OfficeCVE-2019-1462Microsoft PowerPoint Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2019-1463Microsoft Access Information Disclosure VulnerabilityImportant
Microsoft Scripting EngineCVE-2019-1485VBScript Remote Code Execution VulnerabilityLow
Microsoft WindowsCVE-2019-1453Windows Remote Desktop Protocol (RDP) Denial of Service VulnerabilityImportant
Microsoft WindowsCVE-2019-1476Windows Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2019-1477Windows Printer Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2019-1474Windows Kernel Information Disclosure VulnerabilityImportant
Microsoft WindowsCVE-2019-1478Windows COM Server Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2019-1483Windows Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2019-1488Microsoft Defender Security Feature Bypass VulnerabilityImportant
Open Source SoftwareCVE-2019-1487Microsoft Authentication Library for Android Information Disclosure VulnerabilityImportant
Servicing Stack UpdatesADV990001Latest Servicing Stack UpdatesCritical
Skype for BusinessCVE-2019-1490Skype for Business Server Spoofing VulnerabilityImportant
SQL ServerCVE-2019-1332Microsoft SQL Server Reporting Services XSS VulnerabilityImportant
Visual StudioCVE-2019-1350Git for Visual Studio Remote Code Execution VulnerabilityCritical
Visual StudioCVE-2019-1349Git for Visual Studio Remote Code Execution VulnerabilityCritical
Visual StudioCVE-2019-1486Visual Studio Live Share Spoofing VulnerabilityImportant
Visual StudioCVE-2019-1387Git for Visual Studio Remote Code Execution VulnerabilityCritical
Visual StudioCVE-2019-1354Git for Visual Studio Remote Code Execution VulnerabilityCritical
Visual StudioCVE-2019-1351Git for Visual Studio Tampering VulnerabilityModerate
Visual StudioCVE-2019-1352Git for Visual Studio Remote Code Execution VulnerabilityCritical
Windows Hyper-VCVE-2019-1471Windows Hyper-V Remote Code Execution VulnerabilityCritical
Windows Hyper-VCVE-2019-1470Windows Hyper-V Information Disclosure VulnerabilityImportant
Windows KernelCVE-2019-1472Windows Kernel Information Disclosure VulnerabilityImportant
Windows KernelCVE-2019-1458Win32k Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2019-1469Win32k Information Disclosure VulnerabilityImportant
Windows Media PlayerCVE-2019-1480Windows Media Player Information Disclosure VulnerabilityImportant
Windows Media PlayerCVE-2019-1481Windows Media Player Information Disclosure VulnerabilityImportant
Windows OLECVE-2019-1484Windows OLE Remote Code Execution VulnerabilityImportant

III. Referencia a soluciones, herramientas e información
Actualizar utilizando Windows Update

IV. Información de contacto
CSIRT PANAMA
Computer Security Incident Response Team Autoridad Nacional para la Innovacion Gubernamental
E-Mail: info@cert.pa
Phone: +507 520-CERT (2378)
Web: https://cert.pa
Twitter: @CSIRTPanama
Facebook: http://www.facebook.com/CSIRTPanama
Key ID: 16F2B124