{"id":1515,"date":"2019-10-11T15:12:28","date_gmt":"2019-10-11T20:12:28","guid":{"rendered":"https:\/\/cert.pa\/?p=1515"},"modified":"2019-10-11T15:12:28","modified_gmt":"2019-10-11T20:12:28","slug":"csirt-panama-aviso-2019-10-11-microsoft-libera-sus-actualizaciones-de-seguridad-para-octubre","status":"publish","type":"post","link":"https:\/\/cert.pa\/?p=1515","title":{"rendered":"CSIRT Panam\u00e1 Aviso 2019-10-11 Microsoft Libera sus actualizaciones de seguridad para Octubre"},"content":{"rendered":"\n

CSIRT Panam\u00e1 Aviso 2019-10-11 Microsoft Libera sus actualizaciones de seguridad para Octubre
\nGravedad: Alta
\nFecha de publicaci\u00f3n: Octubre 11, 2019
\n\u00daltima revisi\u00f3n: Agosto 10, 2019
\nhttps:\/\/portal.msrc.microsoft.com\/en-us\/security-guidance\/releasenotedetail\/28ef0a64-489c-e911-a994-000d3a33c573<\/p>\n\n\n\n

Sistemas Afectados:
\nMicrosoft Windows
\nInternet Explorer
\nMicrosoft Edge (EdgeHTML-based)
\nChakraCore
\nMicrosoft Office and Microsoft Office Services and Web Apps
\nSQL Server Management Studio
\nOpen Source Software
\nMicrosoft Dynamics 365
\nWindows Update Assistant<\/p>\n\n\n\n

I. Descripci\u00f3n
\nMicrosoft public\u00f3 las siguientes actualizaciones de seguridad correspondientes este mes.<\/p>\n\n\n\n

II. Problemas Conocidos<\/p>\n\n\n\n
Tag<\/th>CVE ID<\/th>CVE Title<\/th>Severity<\/th><\/tr>
Azure<\/td>CVE-2019-1372<\/a><\/td>Azure App Service Remote Code Execution Vulnerability<\/td>Critical<\/td><\/tr>
Internet Explorer<\/td>CVE-2019-1371<\/a><\/td>Internet Explorer Memory Corruption Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Browsers<\/td>CVE-2019-0608<\/a><\/td>Microsoft Browser Spoofing Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Browsers<\/td>CVE-2019-1357<\/a><\/td>Microsoft Browser Spoofing Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Devices<\/td>CVE-2019-1314<\/a><\/td>Windows 10 Mobile Security Feature Bypass Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Dynamics<\/td>CVE-2019-1375<\/a><\/td>Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Edge<\/td>CVE-2019-1356<\/a><\/td>Microsoft Edge based on Edge HTML Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Graphics Component<\/td>CVE-2019-1361<\/a><\/td>Microsoft Graphics Components Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Graphics Component<\/td>CVE-2019-1362<\/a><\/td>Win32k Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Graphics Component<\/td>CVE-2019-1364<\/a><\/td>Win32k Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Graphics Component<\/td>CVE-2019-1363<\/a><\/td>Windows GDI Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Microsoft JET Database Engine<\/td>CVE-2019-1358<\/a><\/td>Jet Database Engine Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft JET Database Engine<\/td>CVE-2019-1359<\/a><\/td>Jet Database Engine Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office<\/td>CVE-2019-1331<\/a><\/td>Microsoft Excel Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office<\/td>CVE-2019-1327<\/a><\/td>Microsoft Excel Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office SharePoint<\/td>CVE-2019-1330<\/a><\/td>Microsoft SharePoint Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office SharePoint<\/td>CVE-2019-1329<\/a><\/td>Microsoft SharePoint Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office SharePoint<\/td>CVE-2019-1328<\/a><\/td>Microsoft SharePoint Spoofing Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office SharePoint<\/td>CVE-2019-1070<\/a><\/td>Microsoft Office SharePoint XSS Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Scripting Engine<\/td>CVE-2019-1366<\/a><\/td>Chakra Scripting Engine Memory Corruption Vulnerability<\/td>Critical<\/td><\/tr>
Microsoft Scripting Engine<\/td>CVE-2019-1060<\/a><\/td>MS XML Remote Code Execution Vulnerability<\/td>Critical<\/td><\/tr>
Microsoft Scripting Engine<\/td>CVE-2019-1307<\/a><\/td>Chakra Scripting Engine Memory Corruption Vulnerability<\/td>Critical<\/td><\/tr>
Microsoft Scripting Engine<\/td>CVE-2019-1308<\/a><\/td>Chakra Scripting Engine Memory Corruption Vulnerability<\/td>Critical<\/td><\/tr>
Microsoft Scripting Engine<\/td>CVE-2019-1335<\/a><\/td>Chakra Scripting Engine Memory Corruption Vulnerability<\/td>Moderate<\/td><\/tr>
Microsoft Scripting Engine<\/td>CVE-2019-1239<\/a><\/td>VBScript Remote Code Execution Vulnerability<\/td>Critical<\/td><\/tr>
Microsoft Scripting Engine<\/td>CVE-2019-1238<\/a><\/td>VBScript Remote Code Execution Vulnerability<\/td>Critical<\/td><\/tr>
Microsoft Windows<\/td>CVE-2019-1325<\/a><\/td>Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability<\/td>Moderate<\/td><\/tr>
Microsoft Windows<\/td>CVE-2019-1340<\/a><\/td>Microsoft Windows Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Windows<\/td>CVE-2019-1338<\/a><\/td>Windows NTLM Security Feature Bypass Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Windows<\/td>CVE-2019-1339<\/a><\/td>Windows Error Reporting Manager Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Windows<\/td>CVE-2019-1316<\/a><\/td>Microsoft Windows Setup Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Windows<\/td>CVE-2019-1342<\/a><\/td>Windows Error Reporting Manager Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Windows<\/td>CVE-2019-1311<\/a><\/td>Windows Imaging API Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Windows<\/td>CVE-2019-1344<\/a><\/td>Windows Code Integrity Module Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Windows<\/td>CVE-2019-1347<\/a><\/td>Windows Denial of Service Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Windows<\/td>CVE-2019-1315<\/a><\/td>Windows Error Reporting Manager Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Windows<\/td>CVE-2019-1346<\/a><\/td>Windows Denial of Service Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Windows<\/td>CVE-2019-1317<\/a><\/td>Microsoft Windows Denial of Service Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Windows<\/td>CVE-2019-1321<\/a><\/td>Microsoft Windows CloudStore Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Windows<\/td>CVE-2019-1322<\/a><\/td>Microsoft Windows Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Windows<\/td>CVE-2019-1341<\/a><\/td>Windows Power Service Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Windows<\/td>CVE-2019-1319<\/a><\/td>Windows Error Reporting Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Windows<\/td>CVE-2019-1318<\/a><\/td>Microsoft Windows Transport Layer Security Spoofing Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Windows<\/td>CVE-2019-1320<\/a><\/td>Microsoft Windows Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Open Source Software<\/td>CVE-2019-1369<\/a><\/td>Open Enclave SDK Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Secure Boot<\/td>CVE-2019-1368<\/a><\/td>Windows Secure Boot Security Feature Bypass Vulnerability<\/td>Important<\/td><\/tr>
Servicing Stack Updates<\/td>ADV990001<\/a><\/td>Latest Servicing Stack Updates<\/td>Critical<\/td><\/tr>
SQL Server<\/td>CVE-2019-1376<\/a><\/td>SQL Server Management Studio Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
SQL Server<\/td>CVE-2019-1313<\/a><\/td>SQL Server Management Studio Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Windows Hyper-V<\/td>CVE-2019-1230<\/a><\/td>Hyper-V Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Windows IIS<\/td>CVE-2019-1365<\/a><\/td>Microsoft IIS Server Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows Kernel<\/td>CVE-2019-1343<\/a><\/td>Windows Denial of Service Vulnerability<\/td>Important<\/td><\/tr>
Windows Kernel<\/td>CVE-2019-1334<\/a><\/td>Windows Kernel Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Windows Kernel<\/td>CVE-2019-1345<\/a><\/td>Windows Kernel Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Windows NTLM<\/td>CVE-2019-1166<\/a><\/td>Windows NTLM Tampering Vulnerability<\/td>Important<\/td><\/tr>
Windows RDP<\/td>CVE-2019-1326<\/a><\/td>Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability<\/td>Important<\/td><\/tr>
Windows RDP<\/td>CVE-2019-1333<\/a><\/td>Remote Desktop Client Remote Code Execution Vulnerability<\/td>Critical<\/td><\/tr>
Windows Update Stack<\/td>CVE-2019-1323<\/a><\/td>Microsoft Windows Update Client Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows Update Stack<\/td>CVE-2019-1337<\/a><\/td>Windows Update Client Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Windows Update Stack<\/td>CVE-2019-1336<\/a><\/td>Microsoft Windows Update Client Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr><\/tbody><\/table>\n\n\n\n

III. Referencia a soluciones, herramientas e informaci\u00f3n
\nActualizar utilizando Windows Update<\/p>\n\n\n\n

IV. Informaci\u00f3n de contacto
\nCSIRT PANAMA
\nComputer Security Incident Response Team Autoridad Nacional para la Innovacion Gubernamental
\nE-Mail: info@cert.pa
\nPhone: +507 520-CERT (2378)
\nWeb: https:\/\/cert.pa
\nTwitter: @CSIRTPanama
\nFacebook: http:\/\/www.facebook.com\/CSIRTPanama
\nKey ID: 16F2B124<\/p>\n","protected":false},"excerpt":{"rendered":"

CSIRT Panam\u00e1 Aviso 2019-10-11 Microsoft Libera sus actualizaciones de seguridad para Octubre Gravedad: Alta Fecha de publicaci\u00f3n: Octubre 11, 2019 \u00daltima revisi\u00f3n: Agosto 10, 2019 https:\/\/portal.msrc.microsoft.com\/en-us\/security-guidance\/releasenotedetail\/28ef0a64-489c-e911-a994-000d3a33c573 Sistemas Afectados: Microsoft Windows Internet Explorer Microsoft Edge (EdgeHTML-based)…<\/p>\n","protected":false},"author":4,"featured_media":414,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[4],"tags":[8,72,9],"class_list":["post-1515","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-avisos-de-seguridad","tag-avisos","tag-avisos-de-seguridad","tag-microsoft"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/1515","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1515"}],"version-history":[{"count":1,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/1515\/revisions"}],"predecessor-version":[{"id":1516,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/1515\/revisions\/1516"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/media\/414"}],"wp:attachment":[{"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1515"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1515"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1515"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}