CSIRT Panamá Aviso 2024-sep-10 Actualizaciones de seguridad de Microsoft para Septiembre 2024.
Gravedad: Alta
Fecha de publicación: septiembre 10, 2024
Última revisión: septiembre 10, 2024
https://msrc.microsoft.com/update-guide/releaseNote/2024-Sep
Sistemas Afectados:
Windows TCP/IP
SQL Server
Windows Security Zone Mapping
Windows Installer
Microsoft Office SharePoint
Windows PowerShell
Windows Network Address Translation (NAT)
Azure Network Watcher
Azure Web Apps
Azure Stack
Windows Mark of the Web (MOTW)
Dynamics Business Central
Microsoft Office Publisher
Windows Standards-Based Storage Management Service
Windows Remote Desktop Licensing Service
Windows Network Virtualization
Role: Windows Hyper-V
Windows DHCP Server
Microsoft Streaming Service
Windows Kerberos
Windows Remote Access Connection Manager
Windows Win32K – GRFX
Microsoft Graphics Component
Windows Storage
Windows Win32K – ICOMP
Windows Authentication Methods
Windows Kernel-Mode Drivers
Windows AllJoyn API
Microsoft Management Console
Windows Setup and Deployment
Windows MSHTML Platform
Microsoft Office Visio
Microsoft Office Excel
Azure CycleCloud
Windows Admin Center
Microsoft Dynamics 365 (on-premises)
Power Automate
Microsoft Outlook for iOS
Windows Update
Microsoft AutoUpdate (MAU)
Windows Libarchive
I. Descripción
Microsoft ha liberado sus actualizaciones de seguridad correspondientes al mes de septiembre de 2024.
Este conjunto de actualizaciones remedia 79 fallas y 4 dia cero.
II. Detalle
Tag | CVE ID | CVE Title | Severity |
---|---|---|---|
Azure CycleCloud | CVE-2024-43469 | Azure CycleCloud Remote Code Execution Vulnerability | Important |
Azure Network Watcher | CVE-2024-38188 | Azure Network Watcher VM Agent Elevation of Privilege Vulnerability | Important |
Azure Network Watcher | CVE-2024-43470 | Azure Network Watcher VM Agent Elevation of Privilege Vulnerability | Important |
Azure Stack | CVE-2024-38216 | Azure Stack Hub Elevation of Privilege Vulnerability | Critical |
Azure Stack | CVE-2024-38220 | Azure Stack Hub Elevation of Privilege Vulnerability | Critical |
Azure Web Apps | CVE-2024-38194 | Azure Web Apps Elevation of Privilege Vulnerability | Critical |
Dynamics Business Central | CVE-2024-38225 | Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability | Important |
Microsoft AutoUpdate (MAU) | CVE-2024-43492 | Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability | Important |
Microsoft Dynamics 365 (on-premises) | CVE-2024-43476 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important |
Microsoft Graphics Component | CVE-2024-38247 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
Microsoft Graphics Component | CVE-2024-38250 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
Microsoft Graphics Component | CVE-2024-38249 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
Microsoft Management Console | CVE-2024-38259 | Microsoft Management Console Remote Code Execution Vulnerability | Important |
Microsoft Office Excel | CVE-2024-43465 | Microsoft Excel Elevation of Privilege Vulnerability | Important |
Microsoft Office Publisher | CVE-2024-38226 | Microsoft Publisher Security Feature Bypass Vulnerability | Important |
Microsoft Office SharePoint | CVE-2024-38227 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
Microsoft Office SharePoint | CVE-2024-43464 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Critical |
Microsoft Office SharePoint | CVE-2024-38018 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Critical |
Microsoft Office SharePoint | CVE-2024-38228 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
Microsoft Office SharePoint | CVE-2024-43466 | Microsoft SharePoint Server Denial of Service Vulnerability | Important |
Microsoft Office Visio | CVE-2024-43463 | Microsoft Office Visio Remote Code Execution Vulnerability | Important |
Microsoft Outlook for iOS | CVE-2024-43482 | Microsoft Outlook for iOS Information Disclosure Vulnerability | Important |
Microsoft Streaming Service | CVE-2024-38245 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability | Important |
Microsoft Streaming Service | CVE-2024-38241 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability | Important |
Microsoft Streaming Service | CVE-2024-38242 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability | Important |
Microsoft Streaming Service | CVE-2024-38244 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability | Important |
Microsoft Streaming Service | CVE-2024-38243 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability | Important |
Microsoft Streaming Service | CVE-2024-38237 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | Important |
Microsoft Streaming Service | CVE-2024-38238 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability | Important |
Power Automate | CVE-2024-43479 | Microsoft Power Automate Desktop Remote Code Execution Vulnerability | Important |
Role: Windows Hyper-V | CVE-2024-38235 | Windows Hyper-V Denial of Service Vulnerability | Important |
SQL Server | CVE-2024-37338 | Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-37980 | Microsoft SQL Server Elevation of Privilege Vulnerability | Important |
SQL Server | CVE-2024-26191 | Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-37339 | Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-37337 | Microsoft SQL Server Native Scoring Information Disclosure Vulnerability | Important |
SQL Server | CVE-2024-26186 | Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-37342 | Microsoft SQL Server Native Scoring Information Disclosure Vulnerability | Important |
SQL Server | CVE-2024-43474 | Microsoft SQL Server Information Disclosure Vulnerability | Important |
SQL Server | CVE-2024-37335 | Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-37966 | Microsoft SQL Server Native Scoring Information Disclosure Vulnerability | Important |
SQL Server | CVE-2024-37340 | Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-37965 | Microsoft SQL Server Elevation of Privilege Vulnerability | Important |
SQL Server | CVE-2024-37341 | Microsoft SQL Server Elevation of Privilege Vulnerability | Important |
Windows Admin Center | CVE-2024-43475 | Microsoft Windows Admin Center Information Disclosure Vulnerability | Important |
Windows AllJoyn API | CVE-2024-38257 | Microsoft AllJoyn API Information Disclosure Vulnerability | Important |
Windows Authentication Methods | CVE-2024-38254 | Windows Authentication Information Disclosure Vulnerability | Important |
Windows DHCP Server | CVE-2024-38236 | DHCP Server Service Denial of Service Vulnerability | Important |
Windows Installer | CVE-2024-38014 | Windows Installer Elevation of Privilege Vulnerability | Important |
Windows Kerberos | CVE-2024-38239 | Windows Kerberos Elevation of Privilege Vulnerability | Important |
Windows Kernel-Mode Drivers | CVE-2024-38256 | Windows Kernel-Mode Driver Information Disclosure Vulnerability | Important |
Windows Libarchive | CVE-2024-43495 | Windows libarchive Remote Code Execution Vulnerability | Important |
Windows Mark of the Web (MOTW) | CVE-2024-38217 | Windows Mark of the Web Security Feature Bypass Vulnerability | Important |
Windows Mark of the Web (MOTW) | CVE-2024-43487 | Windows Mark of the Web Security Feature Bypass Vulnerability | Moderate |
Windows MSHTML Platform | CVE-2024-43461 | Windows MSHTML Platform Spoofing Vulnerability | Important |
Windows Network Address Translation (NAT) | CVE-2024-38119 | Windows Network Address Translation (NAT) Remote Code Execution Vulnerability | Critical |
Windows Network Virtualization | CVE-2024-38232 | Windows Networking Denial of Service Vulnerability | Important |
Windows Network Virtualization | CVE-2024-38233 | Windows Networking Denial of Service Vulnerability | Important |
Windows Network Virtualization | CVE-2024-38234 | Windows Networking Denial of Service Vulnerability | Important |
Windows Network Virtualization | CVE-2024-43458 | Windows Networking Information Disclosure Vulnerability | Important |
Windows PowerShell | CVE-2024-38046 | PowerShell Elevation of Privilege Vulnerability | Important |
Windows Remote Access Connection Manager | CVE-2024-38240 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | Important |
Windows Remote Desktop Licensing Service | CVE-2024-38231 | Windows Remote Desktop Licensing Service Denial of Service Vulnerability | Important |
Windows Remote Desktop Licensing Service | CVE-2024-38258 | Windows Remote Desktop Licensing Service Information Disclosure Vulnerability | Important |
Windows Remote Desktop Licensing Service | CVE-2024-43467 | Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | Important |
Windows Remote Desktop Licensing Service | CVE-2024-43454 | Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | Important |
Windows Remote Desktop Licensing Service | CVE-2024-38263 | Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | Important |
Windows Remote Desktop Licensing Service | CVE-2024-38260 | Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | Important |
Windows Remote Desktop Licensing Service | CVE-2024-43455 | Windows Remote Desktop Licensing Service Spoofing Vulnerability | Important |
Windows Security Zone Mapping | CVE-2024-30073 | Windows Security Zone Mapping Security Feature Bypass Vulnerability | Important |
Windows Setup and Deployment | CVE-2024-43457 | Windows Setup and Deployment Elevation of Privilege Vulnerability | Important |
Windows Standards-Based Storage Management Service | CVE-2024-38230 | Windows Standards-Based Storage Management Service Denial of Service Vulnerability | Important |
Windows Storage | CVE-2024-38248 | Windows Storage Elevation of Privilege Vulnerability | Important |
Windows TCP/IP | CVE-2024-21416 | Windows TCP/IP Remote Code Execution Vulnerability | Important |
Windows TCP/IP | CVE-2024-38045 | Windows TCP/IP Remote Code Execution Vulnerability | Important |
Windows Update | CVE-2024-43491 | Microsoft Windows Update Remote Code Execution Vulnerability | Critical |
Windows Win32K – GRFX | CVE-2024-38246 | Win32k Elevation of Privilege Vulnerability | Important |
Windows Win32K – ICOMP | CVE-2024-38252 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | Important |
Windows Win32K – ICOMP | CVE-2024-38253 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | Important |
III. Referencia a soluciones, herramientas e información
Actualizar utilizando Microsoft Windows Update o herramientas de administracion de actualizaciones centralizadas.
IV. Información de contacto
CSIRT PANAMA
Computer Security Incident Response Team Autoridad Nacional para la Innovacion Gubernamental
E-Mail: info@cert.pa
Phone: +507 520-CERT (2378)
Web: https://cert.pa
Twitter: @CSIRTPanama
Key ID: 16F2B124