CSIRT Panamá Aviso 2023-jun-15 Actualizaciones de seguridad de Microsoft para Junio.

TOPICS:

Posted By: CSIRT Panamá June 15, 2023

CSIRT Panamá Aviso 2023-jun-15 Actualizaciones de seguridad de Microsoft para Junio.
Gravedad: Alta
Fecha de publicación: junio 15, 2023
Última revisión: junio 14, 2023
https://msrc.microsoft.com/update-guide/releaseNote/2023-Jun

Sistemas Afectados:
.NET and Visual Studio
.NET Core
.NET Framework
ASP .NET
Azure DevOps
Microsoft Dynamics
Microsoft Edge (Chromium-based)
Microsoft Exchange Server
Microsoft Office
Microsoft Office Excel
Microsoft Office OneNote
Microsoft Office Outlook
Microsoft Office SharePoint
Microsoft Power Apps
Microsoft Printer Drivers
Microsoft WDAC OLE DB provider for SQL
Microsoft Windows Codecs Library
NuGet Client
Remote Desktop Client
Role: DNS Server
SysInternals
Visual Studio
Visual Studio Code
Windows Authentication Methods
Windows Bus Filter Driver
Windows Cloud Files Mini Filter Driver
Windows Collaborative Translation Framework
Windows Container Manager Service
Windows CryptoAPI
Windows DHCP Server
Windows Filtering
Windows GDI
Windows Geolocation Service
Windows Group Policy
Windows Hello
Windows Hyper-V
Windows Installer
Windows iSCSI
Windows Kernel
Windows NTFS
Windows ODBC Driver
Windows OLE
Windows PGM
Windows Remote Procedure Call Runtime
Windows Resilient File System (ReFS)
Windows Server Service
Windows SMB
Windows TPM Device Driver
Windows Win32K

I. Descripción
Microsoft ha liberado sus actualizaciones de seguridad correspondientes al mes de junio.
Este conjunto de actualizaciones remedia 73 CVEs.

II. Detalle

TagCVE IDCVE TitleSeverity
.NET and Visual StudioCVE-2023-24895.NET, .NET Framework, and Visual Studio Remote Code Execution VulnerabilityImportant
.NET and Visual StudioCVE-2023-33126.NET and Visual Studio Remote Code Execution VulnerabilityImportant
.NET and Visual StudioCVE-2023-24936.NET, .NET Framework, and Visual Studio Elevation of Privilege VulnerabilityModerate
.NET and Visual StudioCVE-2023-33135.NET and Visual Studio Elevation of Privilege VulnerabilityImportant
.NET and Visual StudioCVE-2023-32032.NET and Visual Studio Elevation of Privilege VulnerabilityImportant
.NET and Visual StudioCVE-2023-32030.NET and Visual Studio Denial of Service VulnerabilityImportant
.NET and Visual StudioCVE-2023-33128.NET and Visual Studio Remote Code Execution VulnerabilityImportant
.NET and Visual StudioCVE-2023-24897.NET, .NET Framework, and Visual Studio Remote Code Execution VulnerabilityCritical
.NET CoreCVE-2023-29331.NET, .NET Framework, and Visual Studio Denial of Service VulnerabilityImportant
.NET FrameworkCVE-2023-29326.NET Framework Remote Code Execution VulnerabilityImportant
ASP .NETCVE-2023-33141Yet Another Reverse Proxy (YARP) Denial of Service VulnerabilityImportant
Azure DevOpsCVE-2023-21569Azure DevOps Server Spoofing VulnerabilityImportant
Azure DevOpsCVE-2023-21565Azure DevOps Server Spoofing VulnerabilityImportant
Microsoft DynamicsCVE-2023-24896Dynamics 365 Finance Spoofing VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2023-2941Chromium: CVE-2023-2941 Inappropriate implementation in Extensions APIUnknown
Microsoft Edge (Chromium-based)CVE-2023-33145Microsoft Edge (Chromium-based) Information Disclosure VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2023-2937Chromium: CVE-2023-2937 Inappropriate implementation in Picture In PictureUnknown
Microsoft Edge (Chromium-based)CVE-2023-2936Chromium: CVE-2023-2936 Type Confusion in V8Unknown
Microsoft Edge (Chromium-based)CVE-2023-2935Chromium: CVE-2023-2935 Type Confusion in V8Unknown
Microsoft Edge (Chromium-based)CVE-2023-2940Chromium: CVE-2023-2940 Inappropriate implementation in DownloadsUnknown
Microsoft Edge (Chromium-based)CVE-2023-2939Chromium: CVE-2023-2939 Insufficient data validation in InstallerUnknown
Microsoft Edge (Chromium-based)CVE-2023-2938Chromium: CVE-2023-2938 Inappropriate implementation in Picture In PictureUnknown
Microsoft Edge (Chromium-based)CVE-2023-2931Chromium: CVE-2023-2931 Use after free in PDFUnknown
Microsoft Edge (Chromium-based)CVE-2023-2930Chromium: CVE-2023-2930 Use after free in ExtensionsUnknown
Microsoft Edge (Chromium-based)CVE-2023-2929Chromium: CVE-2023-2929 Out of bounds write in SwiftshaderUnknown
Microsoft Edge (Chromium-based)CVE-2023-2934Chromium: CVE-2023-2934 Out of bounds memory access in MojoUnknown
Microsoft Edge (Chromium-based)CVE-2023-2933Chromium: CVE-2023-2933 Use after free in PDFUnknown
Microsoft Edge (Chromium-based)CVE-2023-2932Chromium: CVE-2023-2932 Use after free in PDFUnknown
Microsoft Edge (Chromium-based)CVE-2023-3079Chromium: CVE-2023-3079 Type Confusion in V8Unknown
Microsoft Edge (Chromium-based)CVE-2023-29345Microsoft Edge (Chromium-based) Security Feature Bypass VulnerabilityLow
Microsoft Edge (Chromium-based)CVE-2023-33143Microsoft Edge (Chromium-based) Elevation of Privilege VulnerabilityModerate
Microsoft Exchange ServerCVE-2023-32031Microsoft Exchange Server Remote Code Execution VulnerabilityImportant
Microsoft Exchange ServerCVE-2023-28310Microsoft Exchange Server Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2023-33146Microsoft Office Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2023-33133Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2023-32029Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2023-33137Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office OneNoteCVE-2023-33140Microsoft OneNote Spoofing VulnerabilityImportant
Microsoft Office OutlookCVE-2023-33131Microsoft Outlook Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2023-33142Microsoft SharePoint Server Elevation of Privilege VulnerabilityImportant
Microsoft Office SharePointCVE-2023-33129Microsoft SharePoint Denial of Service VulnerabilityImportant
Microsoft Office SharePointCVE-2023-33130Microsoft SharePoint Server Spoofing VulnerabilityImportant
Microsoft Office SharePointCVE-2023-33132Microsoft SharePoint Server Spoofing VulnerabilityImportant
Microsoft Office SharePointCVE-2023-29357Microsoft SharePoint Server Elevation of Privilege VulnerabilityCritical
Microsoft Power AppsCVE-2023-32024Microsoft Power Apps Spoofing VulnerabilityImportant
Microsoft Printer DriversCVE-2023-32017Microsoft PostScript Printer Driver Remote Code Execution VulnerabilityImportant
Microsoft WDAC OLE DB provider for SQLCVE-2023-29372Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2023-29370Windows Media Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2023-29365Windows Media Remote Code Execution VulnerabilityImportant
NuGet ClientCVE-2023-29337NuGet Client Remote Code Execution VulnerabilityImportant
Remote Desktop ClientCVE-2023-29362Remote Desktop Client Remote Code Execution VulnerabilityImportant
Remote Desktop ClientCVE-2023-29352Windows Remote Desktop Security Feature Bypass VulnerabilityImportant
Role: DNS ServerCVE-2023-32020Windows DNS Spoofing VulnerabilityImportant
SysInternalsCVE-2023-29353Sysinternals Process Monitor for Windows Denial of Service VulnerabilityLow
Visual StudioCVE-2023-29007GitHub: CVE-2023-29007 Arbitrary configuration injection via `git submodule deinit`Important
Visual StudioCVE-2023-33139Visual Studio Information Disclosure VulnerabilityImportant
Visual StudioCVE-2023-25652GitHub: CVE-2023-25652 “git apply –reject” partially-controlled arbitrary file writeImportant
Visual StudioCVE-2023-25815GitHub: CVE-2023-25815 Git looks for localized messages in an unprivileged placeImportant
Visual StudioCVE-2023-27911AutoDesk: CVE-2023-27911 Heap buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or priorImportant
Visual StudioCVE-2023-27910AutoDesk: CVE-2023-27910 stack buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or priorImportant
Visual StudioCVE-2023-29011GitHub: CVE-2023-29011 The config file of `connect.exe` is susceptible to malicious placingImportant
Visual StudioCVE-2023-29012GitHub: CVE-2023-29012 Git CMD erroneously executes `doskey.exe` in current directory, if it existsImportant
Visual StudioCVE-2023-27909AutoDesk: CVE-2023-27909 Out-Of-Bounds Write Vulnerability in Autodesk® FBX® SDK 2020 or priorImportant
Visual Studio CodeCVE-2023-33144Visual Studio Code Spoofing VulnerabilityImportant
Windows Authentication MethodsCVE-2023-29364Windows Authentication Elevation of Privilege VulnerabilityImportant
Windows Bus Filter DriverCVE-2023-32010Windows Bus Filter Driver Elevation of Privilege VulnerabilityImportant
Windows Cloud Files Mini Filter DriverCVE-2023-29361Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityImportant
Windows Collaborative Translation FrameworkCVE-2023-32009Windows Collaborative Translation Framework Elevation of Privilege VulnerabilityImportant
Windows Container Manager ServiceCVE-2023-32012Windows Container Manager Service Elevation of Privilege VulnerabilityImportant
Windows CryptoAPICVE-2023-24937Windows CryptoAPI Denial of Service VulnerabilityImportant
Windows CryptoAPICVE-2023-24938Windows CryptoAPI Denial of Service VulnerabilityImportant
Windows DHCP ServerCVE-2023-29355DHCP Server Service Information Disclosure VulnerabilityImportant
Windows FilteringCVE-2023-29368Windows Filtering Platform Elevation of Privilege VulnerabilityImportant
Windows GDICVE-2023-29358Windows GDI Elevation of Privilege VulnerabilityImportant
Windows Geolocation ServiceCVE-2023-29366Windows Geolocation Service Remote Code Execution VulnerabilityImportant
Windows Group PolicyCVE-2023-29351Windows Group Policy Elevation of Privilege VulnerabilityImportant
Windows HelloCVE-2023-32018Windows Hello Remote Code Execution VulnerabilityImportant
Windows Hyper-VCVE-2023-32013Windows Hyper-V Denial of Service VulnerabilityCritical
Windows InstallerCVE-2023-32016Windows Installer Information Disclosure VulnerabilityImportant
Windows iSCSICVE-2023-32011Windows iSCSI Discovery Service Denial of Service VulnerabilityImportant
Windows KernelCVE-2023-32019Windows Kernel Information Disclosure VulnerabilityImportant
Windows NTFSCVE-2023-29346NTFS Elevation of Privilege VulnerabilityImportant
Windows ODBC DriverCVE-2023-29373Microsoft ODBC Driver Remote Code Execution VulnerabilityImportant
Windows OLECVE-2023-29367iSCSI Target WMI Provider Remote Code Execution VulnerabilityImportant
Windows PGMCVE-2023-29363Windows Pragmatic General Multicast (PGM) Remote Code Execution VulnerabilityCritical
Windows PGMCVE-2023-32014Windows Pragmatic General Multicast (PGM) Remote Code Execution VulnerabilityCritical
Windows PGMCVE-2023-32015Windows Pragmatic General Multicast (PGM) Remote Code Execution VulnerabilityCritical
Windows Remote Procedure Call RuntimeCVE-2023-29369Remote Procedure Call Runtime Denial of Service VulnerabilityImportant
Windows Resilient File System (ReFS)CVE-2023-32008Windows Resilient File System (ReFS) Remote Code Execution VulnerabilityImportant
Windows Server ServiceCVE-2023-32022Windows Server Service Security Feature Bypass VulnerabilityImportant
Windows SMBCVE-2023-32021Windows SMB Witness Service Security Feature Bypass VulnerabilityImportant
Windows TPM Device DriverCVE-2023-29360Windows TPM Device Driver Elevation of Privilege VulnerabilityImportant
Windows Win32KCVE-2023-29371Windows GDI Elevation of Privilege VulnerabilityImportant
Windows Win32KCVE-2023-29359GDI Elevation of Privilege VulnerabilityImportant

III. Referencia a soluciones, herramientas e información
Actualizar utilizando Microsoft Windows Update o herramientas de administracion de actualizaciones centralizadas.

IV. Información de contacto
CSIRT PANAMA
Computer Security Incident Response Team Autoridad Nacional para la Innovacion Gubernamental
E-Mail: info@cert.pa
Phone: +507 520-CERT (2378)
Web: https://cert.pa
Twitter: @CSIRTPanama
Key ID: 16F2B124