CSIRT Panamá Aviso 2020-03-12 Microsoft libera actualizaciones que corrige 115 fallas

TOPICS:

Posted By: CSIRT Panamá March 12, 2020

CSIRT Panamá Aviso 2020-03-12 Microsoft libera actualizaciones que corrige 115 fallas
Gravedad: Alta
Fecha de publicación: Marzo 12, 2020
Última revisión: Marzo 11, 2020
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Mar

Sistemas Afectados:
Microsoft Windows
Microsoft Edge (EdgeHTML-based)
Microsoft Edge (Chromium-based)
ChakraCore
Internet Explorer
Microsoft Exchange Server
Microsoft Office and Microsoft Office Services and Web Apps
Azure DevOps
Windows Defender
Visual Studio
Open Source Software
Azure
Microsoft Dynamics

I. Descripción
Microsoft libera sus actualizaciones que corrigen 115 fallas en su sistema operativo. Estas actualizaciones corresponden al mes de Febrero del 2020.

II. Impacto

TagCVE IDCVE TitleSeverity
AzureCVE-2020-0902Service Fabric Elevation of PrivilegeImportant
Azure DevOpsCVE-2020-0758Azure DevOps Server and Team Foundation Services Elevation of Privilege VulnerabilityImportant
Azure DevOpsCVE-2020-0815Azure DevOps Server and Team Foundation Services Elevation of Privilege VulnerabilityImportant
Azure DevOpsCVE-2020-0700Azure DevOps Server Cross-site Scripting VulnerabilityImportant
Internet ExplorerCVE-2020-0824Internet Explorer Memory Corruption VulnerabilityCritical
Microsoft BrowsersCVE-2020-0768Scripting Engine Memory Corruption VulnerabilityCritical
Microsoft DynamicsCVE-2020-0905Dynamics Business Central Remote Code Execution VulnerabilityCritical
Microsoft EdgeCVE-2020-0816Microsoft Edge Memory Corruption VulnerabilityCritical
Microsoft Exchange ServerCVE-2020-0903Microsoft Exchange Server Spoofing VulnerabilityImportant
Microsoft Graphics ComponentCVE-2020-0774Windows GDI Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2020-0788Win32k Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2020-0791Windows Graphics Component Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2020-0690DirectX Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2020-0853Windows Imaging Component Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2020-0877Win32k Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2020-0882Windows GDI Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2020-0883GDI+ Remote Code Execution VulnerabilityCritical
Microsoft Graphics ComponentCVE-2020-0881GDI+ Remote Code Execution VulnerabilityCritical
Microsoft Graphics ComponentCVE-2020-0880Windows GDI Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2020-0887Win32k Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2020-0898Windows Graphics Component Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2020-0885Windows Graphics Component Information Disclosure VulnerabilityImportant
Microsoft OfficeCVE-2020-0850Microsoft Word Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2020-0852Microsoft Word Remote Code Execution VulnerabilityCritical
Microsoft OfficeCVE-2020-0892Microsoft Word Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2020-0851Microsoft Word Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2020-0855Microsoft Word Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2020-0795Microsoft SharePoint Reflective XSS VulnerabilityImportant
Microsoft Office SharePointCVE-2020-0891Microsoft SharePoint Reflective XSS VulnerabilityImportant
Microsoft Office SharePointCVE-2020-0893Microsoft Office SharePoint XSS VulnerabilityImportant
Microsoft Office SharePointCVE-2020-0894Microsoft Office SharePoint XSS VulnerabilityImportant
Microsoft Scripting EngineCVE-2020-0830Scripting Engine Memory Corruption VulnerabilityCritical
Microsoft Scripting EngineCVE-2020-0829Scripting Engine Memory Corruption VulnerabilityCritical
Microsoft Scripting EngineCVE-2020-0813Scripting Engine Information Disclosure VulnerabilityImportant
Microsoft Scripting EngineCVE-2020-0826Scripting Engine Memory Corruption VulnerabilityCritical
Microsoft Scripting EngineCVE-2020-0827Scripting Engine Memory Corruption VulnerabilityCritical
Microsoft Scripting EngineCVE-2020-0825Scripting Engine Memory Corruption VulnerabilityCritical
Microsoft Scripting EngineCVE-2020-0831Scripting Engine Memory Corruption VulnerabilityCritical
Microsoft Scripting EngineCVE-2020-0847VBScript Remote Code Execution VulnerabilityModerate
Microsoft Scripting EngineCVE-2020-0811Chakra Scripting Engine Memory Corruption VulnerabilityCritical
Microsoft Scripting EngineCVE-2020-0828Scripting Engine Memory Corruption VulnerabilityCritical
Microsoft Scripting EngineCVE-2020-0848Scripting Engine Memory Corruption VulnerabilityCritical
Microsoft Scripting EngineCVE-2020-0823Scripting Engine Memory Corruption VulnerabilityCritical
Microsoft Scripting EngineCVE-2020-0832Scripting Engine Memory Corruption VulnerabilityModerate
Microsoft Scripting EngineCVE-2020-0812Chakra Scripting Engine Memory Corruption VulnerabilityCritical
Microsoft Scripting EngineCVE-2020-0833Scripting Engine Memory Corruption VulnerabilityCritical
Microsoft WindowsCVE-2020-0897Windows Work Folder Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0896Windows Hard Link Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0871Windows Network Connections Service Information Disclosure VulnerabilityImportant
Microsoft WindowsCVE-2020-0874Windows GDI Information Disclosure VulnerabilityImportant
Microsoft WindowsCVE-2020-0876Win32k Information Disclosure VulnerabilityImportant
Microsoft WindowsCVE-2020-0775Windows Error Reporting Information Disclosure VulnerabilityImportant
Microsoft WindowsCVE-2020-0879Windows GDI Information Disclosure VulnerabilityImportant
Microsoft WindowsCVE-2020-0793Diagnostics Hub Standard Collector Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0776Windows Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0869Media Foundation Memory Corruption VulnerabilityCritical
Microsoft WindowsCVE-2020-0861Windows Network Driver Interface Specification (NDIS) Information Disclosure VulnerabilityImportant
Microsoft WindowsCVE-2020-0863Connected User Experiences and Telemetry Service Information Disclosure VulnerabilityImportant
Microsoft WindowsCVE-2020-0860Windows ActiveX Installer Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0857Windows Search Indexer Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0858Windows Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0865Windows Work Folder Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0866Windows Work Folder Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0864Windows Work Folder Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0820Media Foundation Information Disclosure VulnerabilityImportant
Microsoft WindowsCVE-2020-0819Windows Device Setup Manager Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0804Windows Network Connections Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0779Windows Installer Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0802Windows Network Connections Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0803Windows Network Connections Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0778Windows Network Connections Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0809Media Foundation Memory Corruption VulnerabilityCritical
Microsoft WindowsCVE-2020-0810Diagnostic Hub Standard Collector Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0807Media Foundation Memory Corruption VulnerabilityCritical
Microsoft WindowsCVE-2020-0808Provisioning Runtime Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0797Windows Work Folder Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0785Windows User Profile Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0786Windows Tile Object Service Denial of Service VulnerabilityImportant
Microsoft WindowsCVE-2020-0787Windows Background Intelligent Transfer Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0783Windows UPnP Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0800Windows Work Folder Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0801Media Foundation Memory Corruption VulnerabilityCritical
Microsoft WindowsCVE-2020-0781Windows UPnP Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0780Windows Network List Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0777Windows Work Folder Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0772Windows Error Reporting Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0849Windows Hard Link Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0845Windows Network Connections Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0684LNK Remote Code Execution VulnerabilityCritical
Microsoft WindowsCVE-2020-0769Windows CSC Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0771Windows CSC Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0841Windows Hard Link Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0840Windows Hard Link Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0806Windows Error Reporting Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0843Windows Installer Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0844Connected User Experiences and Telemetry Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0842Windows Installer Elevation of Privilege VulnerabilityImportant
Open Source SoftwareCVE-2020-0872Remote Code Execution Vulnerability in Application InspectorImportant
OtherCVE-2020-0765Remote Desktop Connection Manager Information Disclosure VulnerabilityModerate
Visual StudioCVE-2020-0789Visual Studio Extension Installer Service Denial of Service VulnerabilityImportant
Visual StudioCVE-2020-0884Microsoft Visual Studio Spoofing VulnerabilityImportant
Windows DefenderCVE-2020-0763Windows Defender Security Center Elevation of Privilege VulnerabilityImportant
Windows DefenderCVE-2020-0762Windows Defender Security Center Elevation of Privilege VulnerabilityImportant
Windows Diagnostic HubCVE-2020-0854Windows Mobile Device Management Diagnostics Elevation of Privilege VulnerabilityImportant
Windows IISCVE-2020-0645Microsoft IIS Server Tampering VulnerabilityImportant
Windows InstallerCVE-2020-0814Windows Installer Elevation of Privilege VulnerabilityImportant
Windows InstallerCVE-2020-0773Windows ActiveX Installer Service Elevation of Privilege VulnerabilityImportant
Windows InstallerCVE-2020-0770Windows ActiveX Installer Service Elevation of Privilege VulnerabilityImportant
Windows InstallerCVE-2020-0822Windows Language Pack Installer Elevation of Privilege VulnerabilityImportant
Windows InstallerCVE-2020-0859Windows Modules Installer Service Information Disclosure VulnerabilityImportant
Windows InstallerCVE-2020-0868Windows Update Orchestrator Service Elevation of Privilege VulnerabilityImportant
Windows InstallerCVE-2020-0798Windows Installer Elevation of Privilege VulnerabilityImportant
Windows InstallerCVE-2020-0867Windows Update Orchestrator Service Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2020-0834Windows ALPC Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2020-0799Windows Kernel Elevation of Privilege VulnerabilityImportant

III. Referencia a soluciones, herramientas e información
Se recomienda actualizar el sistema operativo utilizando Windows Update.

IV. Información de contacto
CSIRT PANAMA
Computer Security Incident Response Team Autoridad Nacional para la Innovacion Gubernamental
E-Mail: info@cert.pa
Phone: +507 520-CERT (2378)
Web: https://cert.pa
Twitter: @CSIRTPanama
Facebook: http://www.facebook.com/CSIRTPanama
Key ID: 16F2B124