CSIRT Panamá Aviso 2024-sep-10 Actualizaciones de seguridad de Microsoft para Septiembre 2024.

CSIRT Panamá Aviso 2024-sep-10 Actualizaciones de seguridad de Microsoft para Septiembre 2024.
Gravedad: Alta
Fecha de publicación: septiembre 10, 2024
Última revisión: septiembre 10, 2024
https://msrc.microsoft.com/update-guide/releaseNote/2024-Sep

Sistemas Afectados:
Windows TCP/IP
SQL Server
Windows Security Zone Mapping
Windows Installer
Microsoft Office SharePoint
Windows PowerShell
Windows Network Address Translation (NAT)
Azure Network Watcher
Azure Web Apps
Azure Stack
Windows Mark of the Web (MOTW)
Dynamics Business Central
Microsoft Office Publisher
Windows Standards-Based Storage Management Service
Windows Remote Desktop Licensing Service
Windows Network Virtualization
Role: Windows Hyper-V
Windows DHCP Server
Microsoft Streaming Service
Windows Kerberos
Windows Remote Access Connection Manager
Windows Win32K – GRFX
Microsoft Graphics Component
Windows Storage
Windows Win32K – ICOMP
Windows Authentication Methods
Windows Kernel-Mode Drivers
Windows AllJoyn API
Microsoft Management Console
Windows Setup and Deployment
Windows MSHTML Platform
Microsoft Office Visio
Microsoft Office Excel
Azure CycleCloud
Windows Admin Center
Microsoft Dynamics 365 (on-premises)
Power Automate
Microsoft Outlook for iOS
Windows Update
Microsoft AutoUpdate (MAU)
Windows Libarchive

I. Descripción
Microsoft ha liberado sus actualizaciones de seguridad correspondientes al mes de septiembre de 2024.
Este conjunto de actualizaciones remedia 79 fallas y 4 dia cero.

II. Detalle

Tag	CVE ID	CVE Title	Severity
Azure CycleCloud	CVE-2024-43469	Azure CycleCloud Remote Code Execution Vulnerability	Important
Azure Network Watcher	CVE-2024-38188	Azure Network Watcher VM Agent Elevation of Privilege Vulnerability	Important
Azure Network Watcher	CVE-2024-43470	Azure Network Watcher VM Agent Elevation of Privilege Vulnerability	Important
Azure Stack	CVE-2024-38216	Azure Stack Hub Elevation of Privilege Vulnerability	Critical
Azure Stack	CVE-2024-38220	Azure Stack Hub Elevation of Privilege Vulnerability	Critical
Azure Web Apps	CVE-2024-38194	Azure Web Apps Elevation of Privilege Vulnerability	Critical
Dynamics Business Central	CVE-2024-38225	Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability	Important
Microsoft AutoUpdate (MAU)	CVE-2024-43492	Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability	Important
Microsoft Dynamics 365 (on-premises)	CVE-2024-43476	Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability	Important
Microsoft Graphics Component	CVE-2024-38247	Windows Graphics Component Elevation of Privilege Vulnerability	Important
Microsoft Graphics Component	CVE-2024-38250	Windows Graphics Component Elevation of Privilege Vulnerability	Important
Microsoft Graphics Component	CVE-2024-38249	Windows Graphics Component Elevation of Privilege Vulnerability	Important
Microsoft Management Console	CVE-2024-38259	Microsoft Management Console Remote Code Execution Vulnerability	Important
Microsoft Office Excel	CVE-2024-43465	Microsoft Excel Elevation of Privilege Vulnerability	Important
Microsoft Office Publisher	CVE-2024-38226	Microsoft Publisher Security Feature Bypass Vulnerability	Important
Microsoft Office SharePoint	CVE-2024-38227	Microsoft SharePoint Server Remote Code Execution Vulnerability	Important
Microsoft Office SharePoint	CVE-2024-43464	Microsoft SharePoint Server Remote Code Execution Vulnerability	Critical
Microsoft Office SharePoint	CVE-2024-38018	Microsoft SharePoint Server Remote Code Execution Vulnerability	Critical
Microsoft Office SharePoint	CVE-2024-38228	Microsoft SharePoint Server Remote Code Execution Vulnerability	Important
Microsoft Office SharePoint	CVE-2024-43466	Microsoft SharePoint Server Denial of Service Vulnerability	Important
Microsoft Office Visio	CVE-2024-43463	Microsoft Office Visio Remote Code Execution Vulnerability	Important
Microsoft Outlook for iOS	CVE-2024-43482	Microsoft Outlook for iOS Information Disclosure Vulnerability	Important
Microsoft Streaming Service	CVE-2024-38245	Kernel Streaming Service Driver Elevation of Privilege Vulnerability	Important
Microsoft Streaming Service	CVE-2024-38241	Kernel Streaming Service Driver Elevation of Privilege Vulnerability	Important
Microsoft Streaming Service	CVE-2024-38242	Kernel Streaming Service Driver Elevation of Privilege Vulnerability	Important
Microsoft Streaming Service	CVE-2024-38244	Kernel Streaming Service Driver Elevation of Privilege Vulnerability	Important
Microsoft Streaming Service	CVE-2024-38243	Kernel Streaming Service Driver Elevation of Privilege Vulnerability	Important
Microsoft Streaming Service	CVE-2024-38237	Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability	Important
Microsoft Streaming Service	CVE-2024-38238	Kernel Streaming Service Driver Elevation of Privilege Vulnerability	Important
Power Automate	CVE-2024-43479	Microsoft Power Automate Desktop Remote Code Execution Vulnerability	Important
Role: Windows Hyper-V	CVE-2024-38235	Windows Hyper-V Denial of Service Vulnerability	Important
SQL Server	CVE-2024-37338	Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability	Important
SQL Server	CVE-2024-37980	Microsoft SQL Server Elevation of Privilege Vulnerability	Important
SQL Server	CVE-2024-26191	Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability	Important
SQL Server	CVE-2024-37339	Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability	Important
SQL Server	CVE-2024-37337	Microsoft SQL Server Native Scoring Information Disclosure Vulnerability	Important
SQL Server	CVE-2024-26186	Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability	Important
SQL Server	CVE-2024-37342	Microsoft SQL Server Native Scoring Information Disclosure Vulnerability	Important
SQL Server	CVE-2024-43474	Microsoft SQL Server Information Disclosure Vulnerability	Important
SQL Server	CVE-2024-37335	Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability	Important
SQL Server	CVE-2024-37966	Microsoft SQL Server Native Scoring Information Disclosure Vulnerability	Important
SQL Server	CVE-2024-37340	Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability	Important
SQL Server	CVE-2024-37965	Microsoft SQL Server Elevation of Privilege Vulnerability	Important
SQL Server	CVE-2024-37341	Microsoft SQL Server Elevation of Privilege Vulnerability	Important
Windows Admin Center	CVE-2024-43475	Microsoft Windows Admin Center Information Disclosure Vulnerability	Important
Windows AllJoyn API	CVE-2024-38257	Microsoft AllJoyn API Information Disclosure Vulnerability	Important
Windows Authentication Methods	CVE-2024-38254	Windows Authentication Information Disclosure Vulnerability	Important
Windows DHCP Server	CVE-2024-38236	DHCP Server Service Denial of Service Vulnerability	Important
Windows Installer	CVE-2024-38014	Windows Installer Elevation of Privilege Vulnerability	Important
Windows Kerberos	CVE-2024-38239	Windows Kerberos Elevation of Privilege Vulnerability	Important
Windows Kernel-Mode Drivers	CVE-2024-38256	Windows Kernel-Mode Driver Information Disclosure Vulnerability	Important
Windows Libarchive	CVE-2024-43495	Windows libarchive Remote Code Execution Vulnerability	Important
Windows Mark of the Web (MOTW)	CVE-2024-38217	Windows Mark of the Web Security Feature Bypass Vulnerability	Important
Windows Mark of the Web (MOTW)	CVE-2024-43487	Windows Mark of the Web Security Feature Bypass Vulnerability	Moderate
Windows MSHTML Platform	CVE-2024-43461	Windows MSHTML Platform Spoofing Vulnerability	Important
Windows Network Address Translation (NAT)	CVE-2024-38119	Windows Network Address Translation (NAT) Remote Code Execution Vulnerability	Critical
Windows Network Virtualization	CVE-2024-38232	Windows Networking Denial of Service Vulnerability	Important
Windows Network Virtualization	CVE-2024-38233	Windows Networking Denial of Service Vulnerability	Important
Windows Network Virtualization	CVE-2024-38234	Windows Networking Denial of Service Vulnerability	Important
Windows Network Virtualization	CVE-2024-43458	Windows Networking Information Disclosure Vulnerability	Important
Windows PowerShell	CVE-2024-38046	PowerShell Elevation of Privilege Vulnerability	Important
Windows Remote Access Connection Manager	CVE-2024-38240	Windows Remote Access Connection Manager Elevation of Privilege Vulnerability	Important
Windows Remote Desktop Licensing Service	CVE-2024-38231	Windows Remote Desktop Licensing Service Denial of Service Vulnerability	Important
Windows Remote Desktop Licensing Service	CVE-2024-38258	Windows Remote Desktop Licensing Service Information Disclosure Vulnerability	Important
Windows Remote Desktop Licensing Service	CVE-2024-43467	Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability	Important
Windows Remote Desktop Licensing Service	CVE-2024-43454	Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability	Important
Windows Remote Desktop Licensing Service	CVE-2024-38263	Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability	Important
Windows Remote Desktop Licensing Service	CVE-2024-38260	Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability	Important
Windows Remote Desktop Licensing Service	CVE-2024-43455	Windows Remote Desktop Licensing Service Spoofing Vulnerability	Important
Windows Security Zone Mapping	CVE-2024-30073	Windows Security Zone Mapping Security Feature Bypass Vulnerability	Important
Windows Setup and Deployment	CVE-2024-43457	Windows Setup and Deployment Elevation of Privilege Vulnerability	Important
Windows Standards-Based Storage Management Service	CVE-2024-38230	Windows Standards-Based Storage Management Service Denial of Service Vulnerability	Important
Windows Storage	CVE-2024-38248	Windows Storage Elevation of Privilege Vulnerability	Important
Windows TCP/IP	CVE-2024-21416	Windows TCP/IP Remote Code Execution Vulnerability	Important
Windows TCP/IP	CVE-2024-38045	Windows TCP/IP Remote Code Execution Vulnerability	Important
Windows Update	CVE-2024-43491	Microsoft Windows Update Remote Code Execution Vulnerability	Critical
Windows Win32K – GRFX	CVE-2024-38246	Win32k Elevation of Privilege Vulnerability	Important
Windows Win32K – ICOMP	CVE-2024-38252	Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability	Important
Windows Win32K – ICOMP	CVE-2024-38253	Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability	Important

III. Referencia a soluciones, herramientas e información
Actualizar utilizando Microsoft Windows Update o herramientas de administracion de actualizaciones centralizadas.

IV. Información de contacto
CSIRT PANAMA
Computer Security Incident Response Team Autoridad Nacional para la Innovacion Gubernamental
E-Mail: info@cert.pa
Phone: +507 520-CERT (2378)
Web: https://cert.pa
Twitter: @CSIRTPanama
Key ID: 16F2B124