CSIRT Panamá Aviso 2020-06-12 Actualizaciones de Microsoft corrigen 129 Vulnerabilidades

TOPICS:

Posted By: CSIRT Panamá June 12, 2020

CSIRT Panamá Aviso 2020-06-12 Actualizaciones de Microsoft corrigen 129 Vulnerabilidades
Gravedad: Alta
Fecha de publicación: Junio 12, 2020
Última revisión: Junio 11, 2020
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Jun

Sistemas Afectados:
Microsoft Windows
Microsoft Edge (EdgeHTML-based)
Microsoft Edge (Chromium-based) in IE Mode
Microsoft ChakraCore
Internet Explorer
Microsoft Office and Microsoft Office Services and Web Apps
Windows Defender
Microsoft Dynamics
Visual Studio
Azure DevOps
HoloLens
Adobe Flash Player
Microsoft Apps for Android
Windows App Store
System Center
Android App

I. Descripción
Microsoft ha publicado un aviso de seguridad para abordar 129 vulnerabilidades. Estas estan divididas en 11 criticas, 109 importantes, 7 moderadas y 2 como bajas.

II. Detalle

TagCVE IDCVE TitleSeverity
Adobe Flash PlayerADV200010June 2020 Adobe Flash Security UpdateCritical
Android AppCVE-2020-1223Word for Android Remote Code Execution VulnerabilityImportant
AppsCVE-2020-1329Microsoft Bing Search Spoofing VulnerabilityImportant
Azure DevOpsCVE-2020-1327Azure DevOps Server HTML Injection VulnerabilityImportant
Diagnostics HubCVE-2020-1278Diagnostics Hub Standard Collector Elevation of Privilege VulnerabilityImportant
Diagnostics HubCVE-2020-1203Diagnostic Hub Standard Collector Elevation of Privilege VulnerabilityImportant
Diagnostics HubCVE-2020-1202Diagnostic Hub Standard Collector Elevation of Privilege VulnerabilityImportant
HoloLensCVE-2020-1199Windows Feedback Hub Elevation of Privilege VulnerabilityImportant
Internet ExplorerCVE-2020-1315Internet Explorer Information Disclosure VulnerabilityImportant
Microsoft BrowsersCVE-2020-1219Microsoft Browser Memory Corruption VulnerabilityCritical
Microsoft EdgeCVE-2020-1242Microsoft Edge Information Disclosure VulnerabilityImportant
Microsoft Edge (Chromium-based) in IE ModeCVE-2020-1220Microsoft Edge (Chromium-based) in IE Mode Spoofing VulnerabilityImportant
Microsoft Graphics ComponentCVE-2020-1207Win32k Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2020-1258DirectX Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2020-1251Win32k Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2020-1160Microsoft Graphics Component Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2020-0915Windows GDI Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2020-1253Win32k Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2020-1348Windows GDI Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2020-0986Windows Kernel Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2020-0916Windows GDI Elevation of Privilege VulnerabilityImportant
Microsoft JET Database EngineCVE-2020-1236Jet Database Engine Remote Code Execution VulnerabilityImportant
Microsoft JET Database EngineCVE-2020-1208Jet Database Engine Remote Code Execution VulnerabilityImportant
Microsoft Malware Protection EngineCVE-2020-1163Microsoft Windows Defender Elevation of Privilege VulnerabilityImportant
Microsoft Malware Protection EngineCVE-2020-1170Microsoft Windows Defender Elevation of Privilege VulnerabilityImportant
Microsoft OfficeCVE-2020-1226Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2020-1225Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2020-1229Microsoft Outlook Security Feature Bypass VulnerabilityImportant
Microsoft OfficeCVE-2020-1321Microsoft Office Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2020-1322Microsoft Project Information Disclosure VulnerabilityImportant
Microsoft Office SharePointCVE-2020-1289Microsoft SharePoint Spoofing VulnerabilityImportant
Microsoft Office SharePointCVE-2020-1181Microsoft SharePoint Server Remote Code Execution VulnerabilityCritical
Microsoft Office SharePointCVE-2020-1148Microsoft SharePoint Spoofing VulnerabilityImportant
Microsoft Office SharePointCVE-2020-1183Microsoft Office SharePoint XSS VulnerabilityImportant
Microsoft Office SharePointCVE-2020-1318Microsoft Office SharePoint XSS VulnerabilityImportant
Microsoft Office SharePointCVE-2020-1295Microsoft SharePoint Elevation of Privilege VulnerabilityImportant
Microsoft Office SharePointCVE-2020-1298Microsoft Office SharePoint XSS VulnerabilityImportant
Microsoft Office SharePointCVE-2020-1323SharePoint Open Redirect VulnerabilityImportant
Microsoft Office SharePointCVE-2020-1297Microsoft Office SharePoint XSS VulnerabilityImportant
Microsoft Office SharePointCVE-2020-1178Microsoft SharePoint Server Elevation of Privilege VulnerabilityImportant
Microsoft Office SharePointCVE-2020-1177Microsoft Office SharePoint XSS VulnerabilityImportant
Microsoft Office SharePointCVE-2020-1320Microsoft Office SharePoint XSS VulnerabilityImportant
Microsoft Scripting EngineCVE-2020-1260VBScript Remote Code Execution VulnerabilityModerate
Microsoft Scripting EngineCVE-2020-1215VBScript Remote Code Execution VulnerabilityLow
Microsoft Scripting EngineCVE-2020-1230VBScript Remote Code Execution VulnerabilityLow
Microsoft Scripting EngineCVE-2020-1073Scripting Engine Memory Corruption VulnerabilityCritical
Microsoft Scripting EngineCVE-2020-1214VBScript Remote Code Execution VulnerabilityImportant
Microsoft Scripting EngineCVE-2020-1216VBScript Remote Code Execution VulnerabilityCritical
Microsoft Scripting EngineCVE-2020-1213VBScript Remote Code Execution VulnerabilityCritical
Microsoft WindowsCVE-2020-1324Windows Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1162Windows Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1305Windows State Repository Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1313Windows Update Orchestrator Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1316Windows Kernel Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1309Microsoft Store Runtime Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1312Windows Installer Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1306Windows Runtime Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1296Windows Diagnostics & feedback Information Disclosure VulnerabilityImportant
Microsoft WindowsCVE-2020-1270Windows WLAN Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1255Windows Background Intelligent Transfer Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1283Windows Denial of Service VulnerabilityImportant
Microsoft WindowsCVE-2020-1263Windows Error Reporting Information Disclosure VulnerabilityImportant
Microsoft WindowsCVE-2020-1259Windows Host Guardian Service Security Feature Bypass VulnerabilityImportant
Microsoft WindowsCVE-2020-1268Windows Service Information Disclosure VulnerabilityImportant
Microsoft WindowsCVE-2020-1290Win32k Information Disclosure VulnerabilityImportant
Microsoft WindowsCVE-2020-1291Windows Network Connections Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1292OpenSSH for Windows Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1317Group Policy Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1244Connected User Experiences and Telemetry Service Denial of Service VulnerabilityImportant
Microsoft WindowsCVE-2020-1241Windows Kernel Security Feature Bypass VulnerabilityImportant
Microsoft WindowsCVE-2020-1314Windows Text Service Framework Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1271Windows Backup Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1222Microsoft Store Runtime Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1120Connected User Experiences and Telemetry Service Denial of Service VulnerabilityImportant
Microsoft WindowsCVE-2020-1201Windows Now Playing Session Manager Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1233Windows Runtime Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1246Windows Kernel Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1235Windows Runtime Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1234Windows Error Reporting Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1197Windows Error Reporting Manager Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1194Windows Registry Denial of Service VulnerabilityImportant
Microsoft WindowsCVE-2020-1231Windows Runtime Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1209Windows Network List Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1204Windows Mobile Device Management Diagnostics Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1307Windows Kernel Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1211Connected Devices Platform Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1196Windows Print Configuration Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1334Windows Runtime Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1217Windows Runtime Information Disclosure VulnerabilityImportant
Microsoft Windows PDFCVE-2020-1248GDI+ Remote Code Execution VulnerabilityCritical
Open Source SoftwareCVE-2020-1340NuGetGallery Spoofing VulnerabilityImportant
System CenterCVE-2020-1331System Center Operations Manager Spoofing VulnerabilityImportant
Visual StudioCVE-2020-1343Visual Studio Code Live Share Information Disclosure VulnerabilityImportant
Windows COMCVE-2020-1311Component Object Model Elevation of Privilege VulnerabilityImportant
Windows Diagnostic HubCVE-2020-1293Diagnostics Hub Standard Collector Elevation of Privilege VulnerabilityImportant
Windows Diagnostic HubCVE-2020-1257Diagnostics Hub Standard Collector Elevation of Privilege VulnerabilityImportant
Windows Error ReportingCVE-2020-1261Windows Error Reporting Information Disclosure VulnerabilityImportant
Windows InstallerCVE-2020-1272Windows Installer Elevation of Privilege VulnerabilityImportant
Windows InstallerCVE-2020-1302Windows Installer Elevation of Privilege VulnerabilityImportant
Windows InstallerCVE-2020-1277Windows Installer Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2020-1276Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2020-1310Win32k Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2020-1273Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2020-1280Windows Bluetooth Service Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2020-1275Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2020-1247Win32k Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2020-1274Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2020-1262Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2020-1237Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2020-1266Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2020-1269Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2020-1282Windows Runtime Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2020-1264Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2020-1265Windows Runtime Elevation of Privilege VulnerabilityImportant
Windows Lock ScreenCVE-2020-1279Windows Lockscreen Elevation of Privilege VulnerabilityImportant
Windows MediaCVE-2020-1238Media Foundation Memory Corruption VulnerabilityImportant
Windows MediaCVE-2020-1304Windows Runtime Elevation of Privilege VulnerabilityImportant
Windows Media PlayerCVE-2020-1239Media Foundation Memory Corruption VulnerabilityImportant
Windows Media PlayerCVE-2020-1232Media Foundation Information Disclosure VulnerabilityImportant
Windows OLECVE-2020-1281Windows OLE Remote Code Execution VulnerabilityCritical
Windows OLECVE-2020-1212OLE Automation Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2020-1300Windows Remote Code Execution VulnerabilityCritical
Windows ShellCVE-2020-1299LNK Remote Code Execution VulnerabilityCritical
Windows ShellCVE-2020-1286Windows Shell Remote Code Execution VulnerabilityCritical
Windows SMBCVE-2020-1206Windows SMBv3 Client/Server Information Disclosure VulnerabilityImportant
Windows SMBCVE-2020-1284Windows SMBv3 Client/Server Denial of Service VulnerabilityImportant
Windows SMBCVE-2020-1301Windows SMB Remote Code Execution VulnerabilityImportant
Windows Update StackCVE-2020-1254Windows Modules Installer Service Elevation of Privilege VulnerabilityImportant
Windows Wallet ServiceCVE-2020-1294Windows WalletService Elevation of Privilege VulnerabilityImportant
Windows Wallet ServiceCVE-2020-1287Windows WalletService Elevation of Privilege VulnerabilityImportant

III. Referencia a soluciones, herramientas e información
Se recomienda actualizar en lo posible utilizando Windows Update o herramientas de gestion de actualizaciones.

IV. Información de contacto
CSIRT PANAMA
Computer Security Incident Response Team Autoridad Nacional para la Innovacion Gubernamental
E-Mail: info@cert.pa
Phone: +507 520-CERT (2378)
Web: https://cert.pa
Twitter: @CSIRTPanama
Facebook: http://www.facebook.com/CSIRTPanama
Key ID: 16F2B124