{"id":1676,"date":"2019-11-14T15:53:57","date_gmt":"2019-11-14T20:53:57","guid":{"rendered":"https:\/\/cert.pa\/?p=1676"},"modified":"2019-11-14T15:59:47","modified_gmt":"2019-11-14T20:59:47","slug":"csirt-panama-aviso-2019-11-14-microsoft-publica-74-actualizaciones-de-seguridad","status":"publish","type":"post","link":"https:\/\/cert.pa\/?p=1676","title":{"rendered":"CSIRT Panam\u00e1 Aviso 2019-11-14 Microsoft publica 74 actualizaciones de seguridad"},"content":{"rendered":"\n

CSIRT Panam\u00e1 Aviso 2019-11-14 Microsoft publica 74 actualizaciones de seguridad
\nGravedad: Alta
\nFecha de publicaci\u00f3n: Noviembre 14, 2019
\n\u00daltima revisi\u00f3n: Noviembre 14, 2019
\nhttps:\/\/portal.msrc.microsoft.com\/en-us\/security-guidance\/releasenotedetail\/164aa83e-499c-e911-a994-000d3a33c573<\/p>\n\n\n\n

Sistemas Afectados:
\nMicrosoft Windows
\nInternet Explorer
\nMicrosoft Edge (EdgeHTML-based)
\nChakraCore
\nMicrosoft Office and Microsoft Office Services and Web Apps
\nOpen Source Software
\nMicrosoft Exchange Server
\nVisual Studio
\nAzure Stack<\/p>\n\n\n\n

I. Descripci\u00f3n<\/p>\n\n\n\n

La versi\u00f3n de seguridad de Febrero consiste en actualizaciones de seguridad para los siguientes software:<\/p>\n\n\n\n
Tag<\/th>CVE ID<\/th>CVE Title<\/th>Severity<\/th><\/tr>
Azure Stack<\/td>CVE-2019-1234<\/a><\/td>Azure Stack Spoofing Vulnerability<\/td>Important<\/td><\/tr>
Chipsets<\/td>ADV190024<\/a><\/td>Microsoft Guidance for Vulnerability in Trusted Platform Module (TPM)<\/td>Unknown<\/td><\/tr>
Graphic Fonts<\/td>CVE-2019-1456<\/a><\/td>OpenType Font Parsing Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Edge<\/td>CVE-2019-1413<\/a><\/td>Microsoft Edge Security Feature Bypass Vulnerability<\/td>Low<\/td><\/tr>
Microsoft Exchange Server<\/td>CVE-2019-1373<\/a><\/td>Microsoft Exchange Remote Code Execution Vulnerability<\/td>Critical<\/td><\/tr>
Microsoft Graphics Component<\/td>CVE-2019-1441<\/a><\/td>Win32k Graphics Remote Code Execution Vulnerability<\/td>Critical<\/td><\/tr>
Microsoft Graphics Component<\/td>CVE-2019-1408<\/a><\/td>Win32k Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Graphics Component<\/td>CVE-2019-1439<\/a><\/td>Windows GDI Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Graphics Component<\/td>CVE-2019-1438<\/a><\/td>Windows Graphics Component Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Graphics Component<\/td>CVE-2019-1407<\/a><\/td>Windows Graphics Component Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Graphics Component<\/td>CVE-2019-1394<\/a><\/td>Win32k Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Graphics Component<\/td>CVE-2019-1393<\/a><\/td>Win32k Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Graphics Component<\/td>CVE-2019-1396<\/a><\/td>Win32k Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Graphics Component<\/td>CVE-2019-1395<\/a><\/td>Win32k Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Graphics Component<\/td>CVE-2019-1437<\/a><\/td>Windows Graphics Component Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Graphics Component<\/td>CVE-2019-1432<\/a><\/td>DirectWrite Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Graphics Component<\/td>CVE-2019-1411<\/a><\/td>DirectWrite Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Graphics Component<\/td>CVE-2019-1440<\/a><\/td>Win32k Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Graphics Component<\/td>CVE-2019-1419<\/a><\/td>OpenType Font Parsing Remote Code Execution Vulnerability<\/td>Critical<\/td><\/tr>
Microsoft Graphics Component<\/td>CVE-2019-1433<\/a><\/td>Windows Graphics Component Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Graphics Component<\/td>CVE-2019-1436<\/a><\/td>Win32k Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Graphics Component<\/td>CVE-2019-1412<\/a><\/td>OpenType Font Driver Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Graphics Component<\/td>CVE-2019-1434<\/a><\/td>Win32k Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Graphics Component<\/td>CVE-2019-1435<\/a><\/td>Windows Graphics Component Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Microsoft JET Database Engine<\/td>CVE-2019-1406<\/a><\/td>Jet Database Engine Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office<\/td>CVE-2019-1445<\/a><\/td>Microsoft Office Online Spoofing Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office<\/td>CVE-2019-1449<\/a><\/td>Microsoft Office ClickToRun Security Feature Bypass Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office<\/td>CVE-2019-1446<\/a><\/td>Microsoft Excel Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office<\/td>CVE-2019-1447<\/a><\/td>Microsoft Office Online Spoofing Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office<\/td>CVE-2019-1402<\/a><\/td>Microsoft Office Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office<\/td>CVE-2019-1448<\/a><\/td>Microsoft Excel Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office<\/td>CVE-2019-1457<\/a><\/td>Microsoft Office Excel Security Feature Bypass<\/td>Important<\/td><\/tr>
Microsoft Office SharePoint<\/td>CVE-2019-1443<\/a><\/td>Microsoft SharePoint Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office SharePoint<\/td>CVE-2019-1442<\/a><\/td>Microsoft Office Security Feature Bypass Vulnerability<\/td>Important<\/td><\/tr>
Microsoft RPC<\/td>CVE-2019-1409<\/a><\/td>Windows Remote Procedure Call Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Scripting Engine<\/td>CVE-2019-1426<\/a><\/td>Scripting Engine Memory Corruption Vulnerability<\/td>Critical<\/td><\/tr>
Microsoft Scripting Engine<\/td>CVE-2019-1429<\/a><\/td>Scripting Engine Memory Corruption Vulnerability<\/td>Critical<\/td><\/tr>
Microsoft Scripting Engine<\/td>CVE-2019-1427<\/a><\/td>Scripting Engine Memory Corruption Vulnerability<\/td>Critical<\/td><\/tr>
Microsoft Scripting Engine<\/td>CVE-2019-1428<\/a><\/td>Scripting Engine Memory Corruption Vulnerability<\/td>Moderate<\/td><\/tr>
Microsoft Scripting Engine<\/td>CVE-2019-1390<\/a><\/td>VBScript Remote Code Execution Vulnerability<\/td>Moderate<\/td><\/tr>
Microsoft Windows<\/td>CVE-2019-1383<\/a><\/td>Windows Data Sharing Service Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Windows<\/td>CVE-2019-1418<\/a><\/td>Windows Modules Installer Service Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Windows<\/td>CVE-2018-12207<\/a><\/td>Windows Denial of Service Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Windows<\/td>CVE-2019-1420<\/a><\/td>Windows Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Windows<\/td>CVE-2019-1417<\/a><\/td>Windows Data Sharing Service Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Windows<\/td>CVE-2019-1415<\/a><\/td>Windows Installer Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Windows<\/td>CVE-2019-1374<\/a><\/td>Windows Error Reporting Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Windows<\/td>CVE-2019-1422<\/a><\/td>Windows Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Windows<\/td>CVE-2019-1423<\/a><\/td>Windows Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Windows<\/td>CVE-2019-1424<\/a><\/td>NetLogon Security Feature Bypass Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Windows<\/td>CVE-2019-1382<\/a><\/td>Microsoft ActiveX Installer Service Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Windows<\/td>CVE-2019-1385<\/a><\/td>Windows AppX Deployment Extensions Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Windows<\/td>CVE-2019-1380<\/a><\/td>Microsoft splwow64 Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Windows<\/td>CVE-2019-1388<\/a><\/td>Windows Certificate Dialog Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Windows<\/td>CVE-2019-1391<\/a><\/td>Windows Denial of Service Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Windows<\/td>CVE-2019-1384<\/a><\/td>Microsoft Windows Security Feature Bypass Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Windows<\/td>CVE-2019-1405<\/a><\/td>Windows UPnP Service Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Windows<\/td>CVE-2019-1381<\/a><\/td>Microsoft Windows Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Windows<\/td>CVE-2019-1379<\/a><\/td>Windows Data Sharing Service Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Windows<\/td>CVE-2019-1324<\/a><\/td>Windows TCP\/IP Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Open Source Software<\/td>CVE-2019-1370<\/a><\/td>Open Enclave SDK Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Servicing Stack Updates<\/td>ADV990001<\/a><\/td>Latest Servicing Stack Updates<\/td>Critical<\/td><\/tr>
Visual Studio<\/td>CVE-2019-1425<\/a><\/td>Visual Studio Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows Hyper-V<\/td>CVE-2019-1398<\/a><\/td>Windows Hyper-V Remote Code Execution Vulnerability<\/td>Critical<\/td><\/tr>
Windows Hyper-V<\/td>CVE-2019-1310<\/a><\/td>Windows Hyper-V Denial of Service Vulnerability<\/td>Important<\/td><\/tr>
Windows Hyper-V<\/td>CVE-2019-0719<\/a><\/td>Hyper-V Remote Code Execution Vulnerability<\/td>Critical<\/td><\/tr>
Windows Hyper-V<\/td>CVE-2019-1399<\/a><\/td>Windows Hyper-V Denial of Service Vulnerability<\/td>Important<\/td><\/tr>
Windows Hyper-V<\/td>CVE-2019-1397<\/a><\/td>Windows Hyper-V Remote Code Execution Vulnerability<\/td>Critical<\/td><\/tr>
Windows Hyper-V<\/td>CVE-2019-0712<\/a><\/td>Windows Hyper-V Denial of Service Vulnerability<\/td>Important<\/td><\/tr>
Windows Hyper-V<\/td>CVE-2019-0721<\/a><\/td>Hyper-V Remote Code Execution Vulnerability<\/td>Critical<\/td><\/tr>
Windows Hyper-V<\/td>CVE-2019-1389<\/a><\/td>Windows Hyper-V Remote Code Execution Vulnerability<\/td>Critical<\/td><\/tr>
Windows Hyper-V<\/td>CVE-2019-1309<\/a><\/td>Windows Hyper-V Denial of Service Vulnerability<\/td>Important<\/td><\/tr>
Windows Kernel<\/td>CVE-2019-1392<\/a><\/td>Windows Kernel Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows Kernel<\/td>CVE-2019-11135<\/a><\/td>Windows Kernel Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Windows Media Player<\/td>CVE-2019-1430<\/a><\/td>Microsoft Windows Media Foundation Remote Code Execution Vulnerability<\/td>Critical<\/td><\/tr>
Windows Subsystem for Linux<\/td>CVE-2019-1416<\/a><\/td>Windows Subsystem for Linux Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr><\/tbody><\/table>\n\n\n\n

II. Referencia a soluciones, herramientas e informaci\u00f3n<\/p>\n\n\n\n

Se recomienda actualizar los equipos utilizando windows update.<\/p>\n\n\n\n

III. Informaci\u00f3n de contacto
\nCSIRT PANAMA
\nComputer Security Incident Response Team Autoridad Nacional para la Innovacion Gubernamental
\nE-Mail: info@cert.pa
\nPhone: +507 520-CERT (2378)
\nWeb: https:\/\/cert.pa
\nTwitter: @CSIRTPanama
\nFacebook: http:\/\/www.facebook.com\/CSIRTPanama
\nKey ID: 16F2B124<\/p>\n","protected":false},"excerpt":{"rendered":"

CSIRT Panam\u00e1 Aviso 2019-11-14 Microsoft publica 74 actualizaciones de seguridad Gravedad: Alta Fecha de publicaci\u00f3n: Noviembre 14, 2019 \u00daltima revisi\u00f3n: Noviembre 14, 2019 https:\/\/portal.msrc.microsoft.com\/en-us\/security-guidance\/releasenotedetail\/164aa83e-499c-e911-a994-000d3a33c573 Sistemas Afectados: Microsoft Windows Internet Explorer Microsoft Edge (EdgeHTML-based) ChakraCore Microsoft…<\/p>\n","protected":false},"author":4,"featured_media":414,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[4],"tags":[],"class_list":["post-1676","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-avisos-de-seguridad"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/1676","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1676"}],"version-history":[{"count":2,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/1676\/revisions"}],"predecessor-version":[{"id":1679,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/1676\/revisions\/1679"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/media\/414"}],"wp:attachment":[{"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1676"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1676"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1676"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}