CSIRT Panamá Aviso 2023-sep-14 Microsoft libera actualizaciones para septiembre y corrige 2 zero-days y 59 fallas

TOPICS:

Posted By: CSIRT Panamá September 14, 2023

Gravedad: Alta
Fecha de publicación: Septiembre 14, 2023
Última revisión: Septiembre 13, 2023
https://msrc.microsoft.com/update-guide/releaseNote/2023-Sep

Sistemas Afectados:
Microsoft Azure Kubernetes Service
Azure DevOps
Windows Cloud Files Mini Filter Driver
Microsoft Identity Linux Broker
3D Viewer
Visual Studio Code
Microsoft Exchange Server
Visual Studio
Microsoft Office Word
Microsoft Office Outlook
Microsoft Office SharePoint
Microsoft Office
Microsoft Office Excel
3D Builder
.NET Framework
.NET and Visual Studio
.NET Core & Visual Studio
Microsoft Dynamics Finance & Operations
Windows DHCP Server
Microsoft Streaming Service
Windows Kernel
Windows GDI
Windows Scripting
Microsoft Dynamics
Windows Common Log File System Driver
Windows Themes
Microsoft Windows Codecs Library
Windows Internet Connection Sharing (ICS)
Windows TCP/IP
Azure HDInsights
Windows Defender

I. Descripción
Microsoft ha liberado sus actualizaciones correspondientes al mes de Septiembre. En este caso corrige 59 fallas y 2 zero day.

II. Detalles

TagCVE IDCVE TitleSeverity
.NET and Visual StudioCVE-2023-36794Visual Studio Remote Code Execution VulnerabilityImportant
.NET and Visual StudioCVE-2023-36796Visual Studio Remote Code Execution VulnerabilityCritical
.NET and Visual StudioCVE-2023-36792Visual Studio Remote Code Execution VulnerabilityCritical
.NET and Visual StudioCVE-2023-36793Visual Studio Remote Code Execution VulnerabilityCritical
.NET Core & Visual StudioCVE-2023-36799.NET Core and Visual Studio Denial of Service VulnerabilityImportant
.NET FrameworkCVE-2023-36788.NET Framework Remote Code Execution VulnerabilityImportant
3D BuilderCVE-2023-367723D Builder Remote Code Execution VulnerabilityImportant
3D BuilderCVE-2023-367713D Builder Remote Code Execution VulnerabilityImportant
3D BuilderCVE-2023-367703D Builder Remote Code Execution VulnerabilityImportant
3D BuilderCVE-2023-367733D Builder Remote Code Execution VulnerabilityImportant
3D ViewerCVE-2022-41303AutoDesk: CVE-2022-41303 use-after-free vulnerability in Autodesk® FBX® SDK 2020 or priorImportant
3D ViewerCVE-2023-367603D Viewer Remote Code Execution VulnerabilityImportant
3D ViewerCVE-2023-367403D Viewer Remote Code Execution VulnerabilityImportant
3D ViewerCVE-2023-367393D Viewer Remote Code Execution VulnerabilityImportant
Azure DevOpsCVE-2023-33136Azure DevOps Server Remote Code Execution VulnerabilityImportant
Azure DevOpsCVE-2023-38155Azure DevOps Server Remote Code Execution VulnerabilityImportant
Azure HDInsightsCVE-2023-38156Azure HDInsight Apache Ambari Elevation of Privilege VulnerabilityImportant
Microsoft Azure Kubernetes ServiceCVE-2023-29332Microsoft Azure Kubernetes Service Elevation of Privilege VulnerabilityCritical
Microsoft DynamicsCVE-2023-38164Microsoft Dynamics 365 (on-premises) Cross-site Scripting VulnerabilityImportant
Microsoft DynamicsCVE-2023-36886Microsoft Dynamics 365 (on-premises) Cross-site Scripting VulnerabilityImportant
Microsoft Dynamics Finance & OperationsCVE-2023-36800Dynamics Finance and Operations Cross-site Scripting VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2023-4863Chromium: CVE-2023-4863 Heap buffer overflow in WebPUnknown
Microsoft Edge (Chromium-based)CVE-2023-4763Chromium: CVE-2023-4763 Use after free in NetworksUnknown
Microsoft Edge (Chromium-based)CVE-2023-4761Chromium: CVE-2023-4761 Out of bounds memory access in FedCMUnknown
Microsoft Edge (Chromium-based)CVE-2023-4764Chromium: CVE-2023-4764 Incorrect security UI in BFCacheUnknown
Microsoft Edge (Chromium-based)CVE-2023-4762Chromium: CVE-2023-4762 Type Confusion in V8Unknown
Microsoft Exchange ServerCVE-2023-36744Microsoft Exchange Server Remote Code Execution VulnerabilityImportant
Microsoft Exchange ServerCVE-2023-36756Microsoft Exchange Server Remote Code Execution VulnerabilityImportant
Microsoft Exchange ServerCVE-2023-36745Microsoft Exchange Server Remote Code Execution VulnerabilityImportant
Microsoft Exchange ServerCVE-2023-36777Microsoft Exchange Server Information Disclosure VulnerabilityImportant
Microsoft Exchange ServerCVE-2023-36757Microsoft Exchange Server Spoofing VulnerabilityImportant
Microsoft Identity Linux BrokerCVE-2023-36736Microsoft Identity Linux Broker Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2023-36767Microsoft Office Security Feature Bypass VulnerabilityImportant
Microsoft OfficeCVE-2023-36765Microsoft Office Elevation of Privilege VulnerabilityImportant
Microsoft OfficeCVE-2023-41764Microsoft Office Spoofing VulnerabilityModerate
Microsoft Office ExcelCVE-2023-36766Microsoft Excel Information Disclosure VulnerabilityImportant
Microsoft Office OutlookCVE-2023-36763Microsoft Outlook Information Disclosure VulnerabilityImportant
Microsoft Office SharePointCVE-2023-36764Microsoft SharePoint Server Elevation of Privilege VulnerabilityImportant
Microsoft Office WordCVE-2023-36761Microsoft Word Information Disclosure VulnerabilityImportant
Microsoft Office WordCVE-2023-36762Microsoft Word Remote Code Execution VulnerabilityImportant
Microsoft Streaming ServiceCVE-2023-36802Microsoft Streaming Service Proxy Elevation of Privilege VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2023-38147Windows Miracast Wireless Display Remote Code Execution VulnerabilityImportant
Visual StudioCVE-2023-36758Visual Studio Elevation of Privilege VulnerabilityImportant
Visual StudioCVE-2023-36759Visual Studio Elevation of Privilege VulnerabilityImportant
Visual Studio CodeCVE-2023-36742Visual Studio Code Remote Code Execution VulnerabilityImportant
Visual Studio CodeCVE-2023-39956Electron: CVE-2023-39956 -Visual Studio Code Remote Code Execution VulnerabilityImportant
Windows Cloud Files Mini Filter DriverCVE-2023-35355Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityImportant
Windows Common Log File System DriverCVE-2023-38143Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
Windows Common Log File System DriverCVE-2023-38144Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
Windows DefenderCVE-2023-38163Windows Defender Attack Surface Reduction Security Feature BypassImportant
Windows DHCP ServerCVE-2023-38152DHCP Server Service Information Disclosure VulnerabilityImportant
Windows DHCP ServerCVE-2023-38162DHCP Server Service Denial of Service VulnerabilityImportant
Windows DHCP ServerCVE-2023-36801DHCP Server Service Information Disclosure VulnerabilityImportant
Windows GDICVE-2023-36804Windows GDI Elevation of Privilege VulnerabilityImportant
Windows GDICVE-2023-38161Windows GDI Elevation of Privilege VulnerabilityImportant
Windows Internet Connection Sharing (ICS)CVE-2023-38148Internet Connection Sharing (ICS) Remote Code Execution VulnerabilityCritical
Windows KernelCVE-2023-38141Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2023-38142Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2023-38139Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2023-38140Windows Kernel Information Disclosure VulnerabilityImportant
Windows KernelCVE-2023-38150Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2023-36803Windows Kernel Information Disclosure VulnerabilityImportant
Windows ScriptingCVE-2023-36805Windows MSHTML Platform Security Feature Bypass VulnerabilityImportant
Windows TCP/IPCVE-2023-38160Windows TCP/IP Information Disclosure VulnerabilityImportant
Windows TCP/IPCVE-2023-38149Windows TCP/IP Denial of Service VulnerabilityImportant
Windows ThemesCVE-2023-38146Windows Themes Remote Code Execution VulnerabilityImportant

III. Referencia a soluciones, herramientas e información
Actualizar su sistema operativo windows utilizando windows update o herramientas para gestionar la automatizacion.

IV. Información de contacto
CSIRT PANAMA
Computer Security Incident Response Team Autoridad Nacional para la Innovacion Gubernamental
E-Mail: info@cert.pa
Phone: +507 520-CERT (2378)
Web: https://cert.pa
Twitter: @CSIRTPanama
Facebook: http://www.facebook.com/CSIRTPanama
Key ID: 16F2B124