CSIRT Panamá Aviso 2023-ago-15 Actualizaciones de seguridad de Microsoft para Agosto.

TOPICS:

Posted By: CSIRT Panamá August 8, 2023

CSIRT Panamá Aviso 2023-ago-15 Actualizaciones de seguridad de Microsoft para Agosto.
Gravedad: Alta
Fecha de publicación: agosto 8, 2023
Última revisión: agosto 8, 2023
https://msrc.microsoft.com/update-guide/releaseNote/2023-Aug

Sistemas Afectados:Microsoft Office
Memory Integrity System Readiness Scan Tool
Microsoft Exchange Server
Microsoft Teams
Windows Kernel
Microsoft Office Excel
Microsoft Office Visio
Windows Message Queuing
Windows Projected File System
Windows Reliability Analysis Metrics Calculation Engine
Windows Fax and Scan Service
Windows HTML Platform
Windows Bluetooth A2DP driver
Microsoft Dynamics
.NET Core
ASP.NET and Visual Studio
Azure HDInsights
Azure DevOps
.NET Framework
Reliability Analysis Metrics Calculation Engine
Microsoft WDAC OLE DB provider for SQL
Windows Group Policy
Microsoft Office SharePoint
Microsoft Office Outlook
Tablet Windows User Interface
ASP.NET
Windows Common Log File System Driver
Windows System Assessment Tool
Windows Cloud Files Mini Filter Driver
Windows Wireless Wide Area Network Service
Windows Cryptographic Services
Role: Windows Hyper-V
Windows Smart Card
Microsoft Edge (Chromium-based)
Dynamics Business Central Control
SQL Server
Microsoft Windows Codecs Library
Windows Defender
Azure Arc
ASP .NET
Windows LDAP – Lightweight Directory Access Protocol
Windows Mobile Device Management

I. Descripción
Microsoft ha liberado sus actualizaciones de seguridad correspondientes al mes de agosto.
Este conjunto de actualizaciones remedia 87 fallas y se advierte de 2 dia cero.

II. Detalle

TagCVE IDCVE TitleSeverity
.NET CoreCVE-2023-38178.NET Core and Visual Studio Denial of Service VulnerabilityImportant
.NET CoreCVE-2023-35390.NET and Visual Studio Remote Code Execution VulnerabilityImportant
.NET FrameworkCVE-2023-36873.NET Framework Spoofing VulnerabilityImportant
ASP .NETCVE-2023-38180.NET and Visual Studio Denial of Service VulnerabilityImportant
ASP.NETCVE-2023-36899ASP.NET Elevation of Privilege VulnerabilityImportant
ASP.NET and Visual StudioCVE-2023-35391ASP.NET Core SignalR and Visual Studio Information Disclosure VulnerabilityImportant
Azure ArcCVE-2023-38176Azure Arc-Enabled Servers Elevation of Privilege VulnerabilityImportant
Azure DevOpsCVE-2023-36869Azure DevOps Server Spoofing VulnerabilityImportant
Azure HDInsightsCVE-2023-38188Azure Apache Hadoop Spoofing VulnerabilityImportant
Azure HDInsightsCVE-2023-35393Azure Apache Hive Spoofing VulnerabilityImportant
Azure HDInsightsCVE-2023-35394Azure HDInsight Jupyter Notebook Spoofing VulnerabilityImportant
Azure HDInsightsCVE-2023-36881Azure Apache Ambari Spoofing VulnerabilityImportant
Azure HDInsightsCVE-2023-36877Azure Apache Oozie Spoofing VulnerabilityImportant
Dynamics Business Central ControlCVE-2023-38167Microsoft Dynamics Business Central Elevation Of Privilege VulnerabilityImportant
MarinerCVE-2023-35945UnknownUnknown
Memory Integrity System Readiness Scan ToolADV230004Memory Integrity System Readiness Scan Tool Defense in Depth UpdateModerate
Microsoft DynamicsCVE-2023-35389Microsoft Dynamics 365 On-Premises Remote Code Execution VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2023-38157Microsoft Edge (Chromium-based) Security Feature Bypass VulnerabilityModerate
Microsoft Edge (Chromium-based)CVE-2023-4068Chromium: CVE-2023-4068 Type Confusion in V8Unknown
Microsoft Edge (Chromium-based)CVE-2023-4072Chromium: CVE-2023-4072 Out of bounds read and write in WebGLUnknown
Microsoft Edge (Chromium-based)CVE-2023-4071Chromium: CVE-2023-4071 Heap buffer overflow in VisualsUnknown
Microsoft Edge (Chromium-based)CVE-2023-4073Chromium: CVE-2023-4073 Out of bounds memory access in ANGLEUnknown
Microsoft Edge (Chromium-based)CVE-2023-4075Chromium: CVE-2023-4075 Use after free in CastUnknown
Microsoft Edge (Chromium-based)CVE-2023-4074Chromium: CVE-2023-4074 Use after free in Blink Task SchedulingUnknown
Microsoft Edge (Chromium-based)CVE-2023-4076Chromium: CVE-2023-4076 Use after free in WebRTCUnknown
Microsoft Edge (Chromium-based)CVE-2023-4077Chromium: CVE-2023-4077 Insufficient data validation in ExtensionsUnknown
Microsoft Edge (Chromium-based)CVE-2023-4078Chromium: CVE-2023-4078 Inappropriate implementation in ExtensionsUnknown
Microsoft Edge (Chromium-based)CVE-2023-4070Chromium: CVE-2023-4070 Type Confusion in V8Unknown
Microsoft Edge (Chromium-based)CVE-2023-4069Chromium: CVE-2023-4069 Type Confusion in V8Unknown
Microsoft Exchange ServerCVE-2023-38185Microsoft Exchange Server Remote Code Execution VulnerabilityImportant
Microsoft Exchange ServerCVE-2023-35388Microsoft Exchange Server Remote Code Execution VulnerabilityImportant
Microsoft Exchange ServerCVE-2023-35368Microsoft Exchange Remote Code Execution VulnerabilityImportant
Microsoft Exchange ServerCVE-2023-38181Microsoft Exchange Server Spoofing VulnerabilityImportant
Microsoft Exchange ServerCVE-2023-38182Microsoft Exchange Server Remote Code Execution VulnerabilityImportant
Microsoft Exchange ServerCVE-2023-21709Microsoft Exchange Server Elevation of Privilege VulnerabilityImportant
Microsoft OfficeADV230003Microsoft Office Defense in Depth UpdateModerate
Microsoft OfficeCVE-2023-36897Visual Studio Tools for Office Runtime Spoofing VulnerabilityImportant
Microsoft Office ExcelCVE-2023-36896Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2023-35371Microsoft Office Remote Code Execution VulnerabilityImportant
Microsoft Office OutlookCVE-2023-36893Microsoft Outlook Spoofing VulnerabilityImportant
Microsoft Office OutlookCVE-2023-36895Microsoft Outlook Remote Code Execution VulnerabilityCritical
Microsoft Office SharePointCVE-2023-36891Microsoft SharePoint Server Spoofing VulnerabilityImportant
Microsoft Office SharePointCVE-2023-36894Microsoft SharePoint Server Information Disclosure VulnerabilityImportant
Microsoft Office SharePointCVE-2023-36890Microsoft SharePoint Server Information Disclosure VulnerabilityImportant
Microsoft Office SharePointCVE-2023-36892Microsoft SharePoint Server Spoofing VulnerabilityImportant
Microsoft Office VisioCVE-2023-35372Microsoft Office Visio Remote Code Execution VulnerabilityImportant
Microsoft Office VisioCVE-2023-36865Microsoft Office Visio Remote Code Execution VulnerabilityImportant
Microsoft Office VisioCVE-2023-36866Microsoft Office Visio Remote Code Execution VulnerabilityImportant
Microsoft TeamsCVE-2023-29328Microsoft Teams Remote Code Execution VulnerabilityCritical
Microsoft TeamsCVE-2023-29330Microsoft Teams Remote Code Execution VulnerabilityCritical
Microsoft WDAC OLE DB provider for SQLCVE-2023-36882Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution VulnerabilityImportant
Microsoft WindowsCVE-2023-20569AMD: CVE-2023-20569 Return Address PredictorImportant
Microsoft Windows Codecs LibraryCVE-2023-38170HEVC Video Extensions Remote Code Execution VulnerabilityImportant
Reliability Analysis Metrics Calculation EngineCVE-2023-36876Reliability Analysis Metrics Calculation (RacTask) Elevation of Privilege VulnerabilityImportant
Role: Windows Hyper-VCVE-2023-36908Windows Hyper-V Information Disclosure VulnerabilityImportant
SQL ServerCVE-2023-38169Microsoft OLE DB Remote Code Execution VulnerabilityImportant
Tablet Windows User InterfaceCVE-2023-36898Tablet Windows User Interface Application Core Remote Code Execution VulnerabilityImportant
Windows Bluetooth A2DP driverCVE-2023-35387Windows Bluetooth A2DP driver Elevation of Privilege VulnerabilityImportant
Windows Cloud Files Mini Filter DriverCVE-2023-36904Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityImportant
Windows Common Log File System DriverCVE-2023-36900Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
Windows Cryptographic ServicesCVE-2023-36907Windows Cryptographic Services Information Disclosure VulnerabilityImportant
Windows Cryptographic ServicesCVE-2023-36906Windows Cryptographic Services Information Disclosure VulnerabilityImportant
Windows DefenderCVE-2023-38175Microsoft Windows Defender Elevation of Privilege VulnerabilityImportant
Windows Fax and Scan ServiceCVE-2023-35381Windows Fax Service Remote Code Execution VulnerabilityImportant
Windows Group PolicyCVE-2023-36889Windows Group Policy Security Feature Bypass VulnerabilityImportant
Windows HTML PlatformCVE-2023-35384Windows HTML Platforms Security Feature Bypass VulnerabilityImportant
Windows KernelCVE-2023-35359Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2023-38154Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2023-35382Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2023-35386Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2023-35380Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows LDAP – Lightweight Directory Access ProtocolCVE-2023-38184Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution VulnerabilityImportant
Windows Message QueuingCVE-2023-36909Microsoft Message Queuing Denial of Service VulnerabilityImportant
Windows Message QueuingCVE-2023-35376Microsoft Message Queuing Denial of Service VulnerabilityImportant
Windows Message QueuingCVE-2023-38172Microsoft Message Queuing Denial of Service VulnerabilityImportant
Windows Message QueuingCVE-2023-35385Microsoft Message Queuing Remote Code Execution VulnerabilityCritical
Windows Message QueuingCVE-2023-35383Microsoft Message Queuing Information Disclosure VulnerabilityImportant
Windows Message QueuingCVE-2023-36913Microsoft Message Queuing Information Disclosure VulnerabilityImportant
Windows Message QueuingCVE-2023-35377Microsoft Message Queuing Denial of Service VulnerabilityImportant
Windows Message QueuingCVE-2023-38254Microsoft Message Queuing Denial of Service VulnerabilityImportant
Windows Message QueuingCVE-2023-36911Microsoft Message Queuing Remote Code Execution VulnerabilityCritical
Windows Message QueuingCVE-2023-36910Microsoft Message Queuing Remote Code Execution VulnerabilityCritical
Windows Message QueuingCVE-2023-36912Microsoft Message Queuing Denial of Service VulnerabilityImportant
Windows Mobile Device ManagementCVE-2023-38186Windows Mobile Device Management Elevation of Privilege VulnerabilityImportant
Windows Projected File SystemCVE-2023-35378Windows Projected File System Elevation of Privilege VulnerabilityImportant
Windows Reliability Analysis Metrics Calculation EngineCVE-2023-35379Reliability Analysis Metrics Calculation Engine (RACEng) Elevation of Privilege VulnerabilityImportant
Windows Smart CardCVE-2023-36914Windows Smart Card Resource Management Server Security Feature Bypass VulnerabilityImportant
Windows System Assessment ToolCVE-2023-36903Windows System Assessment Tool Elevation of Privilege VulnerabilityImportant
Windows Wireless Wide Area Network ServiceCVE-2023-36905Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure VulnerabilityImportant

III. Referencia a soluciones, herramientas e información
Actualizar utilizando Microsoft Windows Update o herramientas de administracion de actualizaciones centralizadas.

IV. Información de contacto
CSIRT PANAMA
Computer Security Incident Response Team Autoridad Nacional para la Innovacion Gubernamental
E-Mail: info@cert.pa
Phone: +507 520-CERT (2378)
Web: https://cert.pa
Twitter: @CSIRTPanama
Key ID: 16F2B124