CSIRT Panamá Aviso 2022-sep-15 Microsoft Libera actualizaciones que corrigen 63 fallas.

TOPICS:

Posted By: CSIRT Panamá September 16, 2022

CSIRT Panamá Aviso 2022-sep-15 Microsoft Libera actualizaciones que corrigen 63 fallas.
Gravedad: Alta
Fecha de publicación: septiembre 16, 2022
Última revisión: septiembre 16, 2022
https://msrc.microsoft.com/update-guide/releaseNote/2022-Sep

Sistemas Afectados:
.NET and Visual Studio
.NET Framework
Azure Arc
Cache Speculation
HTTP.sys
Microsoft Dynamics
Microsoft Edge (Chromium-based)
Microsoft Graphics Component
Microsoft Office
Microsoft Office SharePoint
Microsoft Office Visio
Microsoft Windows ALPC
Microsoft Windows Codecs Library
Network Device Enrollment Service (NDES)
Role: DNS Server
Role: Windows Fax Service
SPNEGO Extended Negotiation
Visual Studio Code
Windows Common Log File System Driver
Windows Credential Roaming Service
Windows Defender
Windows Distributed File System (DFS)
Windows DPAPI (Data Protection Application Programming Interface)
Windows Enterprise App Management
Windows Event Tracing
Windows Group Policy
Windows IKE Extension
Windows Kerberos
Windows Kernel
Windows LDAP – Lightweight Directory Access Protocol
Windows ODBC Driver
Windows OLE
Windows Photo Import API
Windows Print Spooler Components
Windows Remote Access Connection Manager
Windows Remote Procedure Call
Windows TCP/IP
Windows Transport Security Layer (TLS)

I. Descripción
Con el lanzamiento de las actualizaciones de seguridad de septiembre de 2022, Microsoft lanzó correcciones para 63 vulnerabilidades en los productos de Microsoft.

II. Detalle

TagCVE IDCVE TitleSeverity
.NET and Visual StudioCVE-2022-38013.NET Core and Visual Studio Denial of Service VulnerabilityImportant
.NET FrameworkCVE-2022-26929.NET Framework Remote Code Execution VulnerabilityImportant
Azure ArcCVE-2022-38007Azure Guest Configuration and Azure Arc-enabled servers Elevation of Privilege VulnerabilityImportant
Cache SpeculationCVE-2022-23960Arm: CVE-2022-23960 Cache Speculation Restriction VulnerabilityImportant
HTTP.sysCVE-2022-35838HTTP V3 Denial of Service VulnerabilityImportant
Microsoft DynamicsCVE-2022-35805Microsoft Dynamics CRM (on-premises) Remote Code Execution VulnerabilityCritical
Microsoft DynamicsCVE-2022-34700Microsoft Dynamics CRM (on-premises) Remote Code Execution VulnerabilityCritical
Microsoft Edge (Chromium-based)CVE-2022-3053Chromium: CVE-2022-3053 Inappropriate implementation in Pointer LockUnknown
Microsoft Edge (Chromium-based)CVE-2022-3047Chromium: CVE-2022-3047 Insufficient policy enforcement in Extensions APIUnknown
Microsoft Edge (Chromium-based)CVE-2022-3054Chromium: CVE-2022-3054 Insufficient policy enforcement in DevToolsUnknown
Microsoft Edge (Chromium-based)CVE-2022-3041Chromium: CVE-2022-3041 Use after free in WebSQLUnknown
Microsoft Edge (Chromium-based)CVE-2022-3040Chromium: CVE-2022-3040 Use after free in LayoutUnknown
Microsoft Edge (Chromium-based)CVE-2022-3046Chromium: CVE-2022-3046 Use after free in Browser TagUnknown
Microsoft Edge (Chromium-based)CVE-2022-3039Chromium: CVE-2022-3039 Use after free in WebSQLUnknown
Microsoft Edge (Chromium-based)CVE-2022-3045Chromium: CVE-2022-3045 Insufficient validation of untrusted input in V8Unknown
Microsoft Edge (Chromium-based)CVE-2022-3044Chromium: CVE-2022-3044 Inappropriate implementation in Site IsolationUnknown
Microsoft Edge (Chromium-based)CVE-2022-3057Chromium: CVE-2022-3057 Inappropriate implementation in iframe SandboxUnknown
Microsoft Edge (Chromium-based)CVE-2022-3075Chromium: CVE-2022-3075 Insufficient data validation in MojoUnknown
Microsoft Edge (Chromium-based)CVE-2022-3058Chromium: CVE-2022-3058 Use after free in Sign-In FlowUnknown
Microsoft Edge (Chromium-based)CVE-2022-3038Chromium: CVE-2022-3038 Use after free in Network ServiceUnknown
Microsoft Edge (Chromium-based)CVE-2022-3056Chromium: CVE-2022-3056 Insufficient policy enforcement in Content Security PolicyUnknown
Microsoft Edge (Chromium-based)CVE-2022-3055Chromium: CVE-2022-3055 Use after free in PasswordsUnknown
Microsoft Edge (Chromium-based)CVE-2022-38012Microsoft Edge (Chromium-based) Remote Code Execution VulnerabilityLow
Microsoft Graphics ComponentCVE-2022-37954DirectX Graphics Kernel Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2022-38006Windows Graphics Component Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2022-34729Windows GDI Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2022-34728Windows Graphics Component Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2022-35837Windows Graphics Component Information Disclosure VulnerabilityImportant
Microsoft OfficeCVE-2022-37962Microsoft PowerPoint Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2022-35823Microsoft SharePoint Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2022-38009Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2022-38008Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2022-37961Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
Microsoft Office VisioCVE-2022-37963Microsoft Office Visio Remote Code Execution VulnerabilityImportant
Microsoft Office VisioCVE-2022-38010Microsoft Office Visio Remote Code Execution VulnerabilityImportant
Microsoft Windows ALPCCVE-2022-34725Windows ALPC Elevation of Privilege VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2022-38011Raw Image Extension Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2022-38019AV1 Video Extension Remote Code Execution VulnerabilityImportant
Network Device Enrollment Service (NDES)CVE-2022-37959Network Device Enrollment Service (NDES) Security Feature Bypass VulnerabilityImportant
Role: DNS ServerCVE-2022-34724Windows DNS Server Denial of Service VulnerabilityImportant
Role: Windows Fax ServiceCVE-2022-38004Windows Fax Service Remote Code Execution VulnerabilityImportant
SPNEGO Extended NegotiationCVE-2022-37958SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Information Disclosure VulnerabilityImportant
Visual Studio CodeCVE-2022-38020Visual Studio Code Elevation of Privilege VulnerabilityImportant
Windows Common Log File System DriverCVE-2022-35803Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
Windows Common Log File System DriverCVE-2022-37969Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
Windows Credential Roaming ServiceCVE-2022-30170Windows Credential Roaming Service Elevation of Privilege VulnerabilityImportant
Windows DefenderCVE-2022-35828Microsoft Defender for Endpoint for Mac Elevation of Privilege VulnerabilityImportant
Windows Distributed File System (DFS)CVE-2022-34719Windows Distributed File System (DFS) Elevation of Privilege VulnerabilityImportant
Windows DPAPI (Data Protection Application Programming Interface)CVE-2022-34723Windows DPAPI (Data Protection Application Programming Interface) Information Disclosure VulnerabilityImportant
Windows Enterprise App ManagementCVE-2022-35841Windows Enterprise App Management Service Remote Code Execution VulnerabilityImportant
Windows Event TracingCVE-2022-35832Windows Event Tracing Denial of Service VulnerabilityImportant
Windows Group PolicyCVE-2022-37955Windows Group Policy Elevation of Privilege VulnerabilityImportant
Windows IKE ExtensionCVE-2022-34722Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution VulnerabilityCritical
Windows IKE ExtensionCVE-2022-34720Windows Internet Key Exchange (IKE) Extension Denial of Service VulnerabilityImportant
Windows IKE ExtensionCVE-2022-34721Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution VulnerabilityCritical
Windows KerberosCVE-2022-33647Windows Kerberos Elevation of Privilege VulnerabilityImportant
Windows KerberosCVE-2022-33679Windows Kerberos Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2022-37964Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2022-37956Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2022-37957Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows LDAP – Lightweight Directory Access ProtocolCVE-2022-30200Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution VulnerabilityImportant
Windows ODBC DriverCVE-2022-34726Microsoft ODBC Driver Remote Code Execution VulnerabilityImportant
Windows ODBC DriverCVE-2022-34730Microsoft ODBC Driver Remote Code Execution VulnerabilityImportant
Windows ODBC DriverCVE-2022-34727Microsoft ODBC Driver Remote Code Execution VulnerabilityImportant
Windows ODBC DriverCVE-2022-34732Microsoft ODBC Driver Remote Code Execution VulnerabilityImportant
Windows ODBC DriverCVE-2022-34734Microsoft ODBC Driver Remote Code Execution VulnerabilityImportant
Windows OLECVE-2022-35834Microsoft OLE DB Provider for SQL Server Remote Code Execution VulnerabilityImportant
Windows OLECVE-2022-35835Microsoft OLE DB Provider for SQL Server Remote Code Execution VulnerabilityImportant
Windows OLECVE-2022-35836Microsoft OLE DB Provider for SQL Server Remote Code Execution VulnerabilityImportant
Windows OLECVE-2022-35840Microsoft OLE DB Provider for SQL Server Remote Code Execution VulnerabilityImportant
Windows OLECVE-2022-34733Microsoft OLE DB Provider for SQL Server Remote Code Execution VulnerabilityImportant
Windows OLECVE-2022-34731Microsoft OLE DB Provider for SQL Server Remote Code Execution VulnerabilityImportant
Windows Photo Import APICVE-2022-26928Windows Photo Import API Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2022-38005Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Remote Access Connection ManagerCVE-2022-35831Windows Remote Access Connection Manager Information Disclosure VulnerabilityImportant
Windows Remote Procedure CallCVE-2022-35830Remote Procedure Call Runtime Remote Code Execution VulnerabilityImportant
Windows TCP/IPCVE-2022-34718Windows TCP/IP Remote Code Execution VulnerabilityCritical
Windows Transport Security Layer (TLS)CVE-2022-35833Windows Secure Channel Denial of Service VulnerabilityImportant
Windows Transport Security Layer (TLS)CVE-2022-30196Windows Secure Channel Denial of Service VulnerabilityImportant

III. Referencia a soluciones, herramientas e información
Actualizar utilizando Microsoft Windows Update o herramientas de administracion de actualizaciones centralizadas.

IV. Información de contacto
CSIRT PANAMA
Computer Security Incident Response Team Autoridad Nacional para la Innovacion Gubernamental
E-Mail: info@cert.pa
Phone: +507 520-CERT (2378)
Web: https://cert.pa
Twitter: @CSIRTPanama
Facebook: http://www.facebook.com/CSIRTPanama
Key ID: 16F2B124