CSIRT Panamá Aviso 2023-may-11 Actualizaciones de seguridad de Microsoft para Mayo.
Gravedad: Alta
Fecha de publicación: mayo 12, 2023
Última revisión: agosto 11, 2023
https://msrc.microsoft.com/update-guide/releaseNote/2023-May
Sistemas Afectados:
Microsoft Teams
Windows SMB
Microsoft Graphics Component
Windows NTLM
Windows NFS Portmapper
Windows Win32K
Windows Secure Socket Tunneling Protocol (SSTP)
Windows Installer
Remote Desktop Client
Windows Secure Boot
Windows NFS Portmapper
Reliable Multicast Transport Driver (RMCAST)
Windows Network File System
Windows Remote Procedure Call Runtime
Reliable Multicast Transport Driver (RMCAST)
Microsoft Bluetooth Driver
Windows iSCSI Target Service
Windows Backup Engine
Microsoft Bluetooth Driver
Microsoft Bluetooth Driver
Windows Kernel
Microsoft Office SharePoint
Microsoft Office Excel
Microsoft Office SharePoint
Microsoft Office SharePoint
Windows Secure Boot
Windows LDAP – Lightweight Directory Access Protocol
Windows RDP Client
Windows MSHTML Platform
Windows OLE
Microsoft Office Access
Microsoft Office Word
Windows Win32K
Visual Studio Code
Microsoft Windows Codecs Library
Microsoft Windows Codecs Library
SysInternals
Microsoft Office
Microsoft Edge (Chromium-based)
Microsoft Edge (Chromium-based)
I. Descripción
Microsoft ha liberado sus actualizaciones de seguridad correspondientes al mes de mayo.
Este conjunto de actualizaciones remedia 40 CVEs.
II. Detalle
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| Microsoft Bluetooth Driver | CVE-2023-24947 | Windows Bluetooth Driver Remote Code Execution Vulnerability | Important |
| Microsoft Bluetooth Driver | CVE-2023-24948 | Windows Bluetooth Driver Elevation of Privilege Vulnerability | Important |
| Microsoft Bluetooth Driver | CVE-2023-24944 | Windows Bluetooth Driver Information Disclosure Vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2023-29354 | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | Moderate |
| Microsoft Edge (Chromium-based) | CVE-2023-2468 | Chromium: CVE-2023-2468 Inappropriate implementation in PictureInPicture | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-2459 | Chromium: CVE-2023-2459 Inappropriate implementation in Prompts | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-29350 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2023-2467 | Chromium: CVE-2023-2467 Inappropriate implementation in Prompts | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-2463 | Chromium: CVE-2023-2463 Inappropriate implementation in Full Screen Mode | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-2462 | Chromium: CVE-2023-2462 Inappropriate implementation in Prompts | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-2460 | Chromium: CVE-2023-2460 Insufficient validation of untrusted input in Extensions | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-2465 | Chromium: CVE-2023-2465 Inappropriate implementation in CORS | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-2466 | Chromium: CVE-2023-2466 Inappropriate implementation in Prompts | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-2464 | Chromium: CVE-2023-2464 Inappropriate implementation in PictureInPicture | Unknown |
| Microsoft Graphics Component | CVE-2023-24899 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
| Microsoft Office | CVE-2023-29344 | Microsoft Office Remote Code Execution Vulnerability | Important |
| Microsoft Office Access | CVE-2023-29333 | Microsoft Access Denial of Service Vulnerability | Important |
| Microsoft Office Excel | CVE-2023-24953 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2023-24955 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Critical |
| Microsoft Office SharePoint | CVE-2023-24954 | Microsoft SharePoint Server Information Disclosure Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2023-24950 | Microsoft SharePoint Server Spoofing Vulnerability | Important |
| Microsoft Office Word | CVE-2023-29335 | Microsoft Word Security Feature Bypass Vulnerability | Important |
| Microsoft Teams | CVE-2023-24881 | Microsoft Teams Information Disclosure Vulnerability | Important |
| Microsoft Windows Codecs Library | CVE-2023-29340 | AV1 Video Extension Remote Code Execution Vulnerability | Important |
| Microsoft Windows Codecs Library | CVE-2023-29341 | AV1 Video Extension Remote Code Execution Vulnerability | Important |
| Remote Desktop Client | CVE-2023-24905 | Remote Desktop Client Remote Code Execution Vulnerability | Important |
| SysInternals | CVE-2023-29343 | SysInternals Sysmon for Windows Elevation of Privilege Vulnerability | Important |
| Visual Studio Code | CVE-2023-29338 | Visual Studio Code Information Disclosure Vulnerability | Important |
| Windows Backup Engine | CVE-2023-24946 | Windows Backup Service Elevation of Privilege Vulnerability | Important |
| Windows Installer | CVE-2023-24904 | Windows Installer Elevation of Privilege Vulnerability | Important |
| Windows iSCSI Target Service | CVE-2023-24945 | Windows iSCSI Target Service Information Disclosure Vulnerability | Important |
| Windows Kernel | CVE-2023-24949 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows LDAP – Lightweight Directory Access Protocol | CVE-2023-28283 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | Critical |
| Windows MSHTML Platform | CVE-2023-29324 | Windows MSHTML Platform Security Feature Bypass Vulnerability | Important |
| Windows Network File System | CVE-2023-24941 | Windows Network File System Remote Code Execution Vulnerability | Critical |
| Windows NFS Portmapper | CVE-2023-24901 | Windows NFS Portmapper Information Disclosure Vulnerability | Important |
| Windows NFS Portmapper | CVE-2023-24939 | Server for NFS Denial of Service Vulnerability | Important |
| Windows NTLM | CVE-2023-24900 | Windows NTLM Security Support Provider Information Disclosure Vulnerability | Important |
| Windows OLE | CVE-2023-29325 | Windows OLE Remote Code Execution Vulnerability | Critical |
| Windows PGM | CVE-2023-24940 | Windows Pragmatic General Multicast (PGM) Denial of Service Vulnerability | Important |
| Windows PGM | CVE-2023-24943 | Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | Critical |
| Windows RDP Client | CVE-2023-28290 | Microsoft Remote Desktop app for Windows Information Disclosure Vulnerability | Important |
| Windows Remote Procedure Call Runtime | CVE-2023-24942 | Remote Procedure Call Runtime Denial of Service Vulnerability | Important |
| Windows Secure Boot | CVE-2023-28251 | Windows Driver Revocation List Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2023-24932 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Socket Tunneling Protocol (SSTP) | CVE-2023-24903 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | Critical |
| Windows SMB | CVE-2023-24898 | Windows SMB Denial of Service Vulnerability | Important |
| Windows Win32K | CVE-2023-29336 | Win32k Elevation of Privilege Vulnerability | Important |
| Windows Win32K | CVE-2023-24902 | Win32k Elevation of Privilege Vulnerability | Important |
III. Referencia a soluciones, herramientas e información
Actualizar utilizando Microsoft Windows Update o herramientas de administracion de actualizaciones centralizadas.
IV. Información de contacto
CSIRT PANAMA
Computer Security Incident Response Team Autoridad Nacional para la Innovacion Gubernamental
E-Mail: info@cert.pa
Phone: +507 520-CERT (2378)
Web: https://cert.pa
Twitter: @CSIRTPanama
Key ID: 16F2B124