{"id":1727,"date":"2019-12-12T14:49:09","date_gmt":"2019-12-12T19:49:09","guid":{"rendered":"https:\/\/cert.pa\/?p=1727"},"modified":"2023-01-24T09:55:25","modified_gmt":"2023-01-24T14:55:25","slug":"csirt-panama-aviso-2019-12-12-microsoft-libera-sus-actualizaciones-de-diciembre-que-corrigen-el-zero-day-win32k-y-36-fallas","status":"publish","type":"post","link":"https:\/\/cert.pa\/?p=1727","title":{"rendered":"CSIRT Panam\u00e1 Aviso 2019-12-12 Microsoft libera sus actualizaciones de diciembre que corrigen el Zero day Win32k y 36 Fallas"},"content":{"rendered":"\n

CSIRT Panam\u00e1 Aviso 2019-12-12 Microsoft libera sus actualizaciones de diciembre que corrigen el Zero day Win32k y 36 Fallas
\nGravedad: Alta
\nFecha de publicaci\u00f3n: Diciembre 12, 2019
\n\u00daltima revisi\u00f3n: Diciembre 12, 2019
\nhttps:\/\/portal.msrc.microsoft.com\/en-us\/security-guidance\/releasenotedetail\/2019-Dec<\/p>\n\n\n\n

Sistemas Afectados:
\nMicrosoft Windows
\nInternet Explorer
\nMicrosoft Office and Microsoft Office Services and Web Apps
\nSQL Server
\nVisual Studio
\nSkype for Business<\/p>\n\n\n\n

I. Descripci\u00f3n
\nMicrosoft public\u00f3 las siguientes actualizaciones de seguridad correspondientes este mes.<\/p>\n\n\n\n

II. Problemas Conocidos<\/p>\n\n\n\n

Tag<\/th>CVE ID<\/th>CVE Title<\/th>Severity<\/th><\/tr>
ADV190026<\/a><\/td>Microsoft Guidance for cleaning up orphaned keys generated on vulnerable TPMs and used for Windows Hello for Business<\/td>Unknown<\/td><\/tr>
End of Life Software<\/td>CVE-2019-1489<\/a><\/td>Remote Desktop Protocol Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Graphics Component<\/td>CVE-2019-1465<\/a><\/td>Windows GDI Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Graphics Component<\/td>CVE-2019-1468<\/a><\/td>Win32k Graphics Remote Code Execution Vulnerability<\/td>Critical<\/td><\/tr>
Microsoft Graphics Component<\/td>CVE-2019-1466<\/a><\/td>Windows GDI Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Graphics Component<\/td>CVE-2019-1467<\/a><\/td>Windows GDI Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office<\/td>CVE-2019-1400<\/a><\/td>Microsoft Access Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office<\/td>CVE-2019-1464<\/a><\/td>Microsoft Excel Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office<\/td>CVE-2019-1461<\/a><\/td>Microsoft Word Denial of Service Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office<\/td>CVE-2019-1462<\/a><\/td>Microsoft PowerPoint Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office<\/td>CVE-2019-1463<\/a><\/td>Microsoft Access Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Scripting Engine<\/td>CVE-2019-1485<\/a><\/td>VBScript Remote Code Execution Vulnerability<\/td>Low<\/td><\/tr>
Microsoft Windows<\/td>CVE-2019-1453<\/a><\/td>Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Windows<\/td>CVE-2019-1476<\/a><\/td>Windows Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Windows<\/td>CVE-2019-1477<\/a><\/td>Windows Printer Service Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Windows<\/td>CVE-2019-1474<\/a><\/td>Windows Kernel Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Windows<\/td>CVE-2019-1478<\/a><\/td>Windows COM Server Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Windows<\/td>CVE-2019-1483<\/a><\/td>Windows Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Windows<\/td>CVE-2019-1488<\/a><\/td>Microsoft Defender Security Feature Bypass Vulnerability<\/td>Important<\/td><\/tr>
Open Source Software<\/td>CVE-2019-1487<\/a><\/td>Microsoft Authentication Library for Android Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Servicing Stack Updates<\/td>ADV990001<\/a><\/td>Latest Servicing Stack Updates<\/td>Critical<\/td><\/tr>
Skype for Business<\/td>CVE-2019-1490<\/a><\/td>Skype for Business Server Spoofing Vulnerability<\/td>Important<\/td><\/tr>
SQL Server<\/td>CVE-2019-1332<\/a><\/td>Microsoft SQL Server Reporting Services XSS Vulnerability<\/td>Important<\/td><\/tr>
Visual Studio<\/td>CVE-2019-1350<\/a><\/td>Git for Visual Studio Remote Code Execution Vulnerability<\/td>Critical<\/td><\/tr>
Visual Studio<\/td>CVE-2019-1349<\/a><\/td>Git for Visual Studio Remote Code Execution Vulnerability<\/td>Critical<\/td><\/tr>
Visual Studio<\/td>CVE-2019-1486<\/a><\/td>Visual Studio Live Share Spoofing Vulnerability<\/td>Important<\/td><\/tr>
Visual Studio<\/td>CVE-2019-1387<\/a><\/td>Git for Visual Studio Remote Code Execution Vulnerability<\/td>Critical<\/td><\/tr>
Visual Studio<\/td>CVE-2019-1354<\/a><\/td>Git for Visual Studio Remote Code Execution Vulnerability<\/td>Critical<\/td><\/tr>
Visual Studio<\/td>CVE-2019-1351<\/a><\/td>Git for Visual Studio Tampering Vulnerability<\/td>Moderate<\/td><\/tr>
Visual Studio<\/td>CVE-2019-1352<\/a><\/td>Git for Visual Studio Remote Code Execution Vulnerability<\/td>Critical<\/td><\/tr>
Windows Hyper-V<\/td>CVE-2019-1471<\/a><\/td>Windows Hyper-V Remote Code Execution Vulnerability<\/td>Critical<\/td><\/tr>
Windows Hyper-V<\/td>CVE-2019-1470<\/a><\/td>Windows Hyper-V Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Windows Kernel<\/td>CVE-2019-1472<\/a><\/td>Windows Kernel Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Windows Kernel<\/td>CVE-2019-1458<\/a><\/td>Win32k Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows Kernel<\/td>CVE-2019-1469<\/a><\/td>Win32k Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Windows Media Player<\/td>CVE-2019-1480<\/a><\/td>Windows Media Player Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Windows Media Player<\/td>CVE-2019-1481<\/a><\/td>Windows Media Player Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Windows OLE<\/td>CVE-2019-1484<\/a><\/td>Windows OLE Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n

III. Referencia a soluciones, herramientas e informaci\u00f3n
\nActualizar utilizando Windows Update<\/p>\n\n\n\n

IV. Informaci\u00f3n de contacto
\nCSIRT PANAMA
\nComputer Security Incident Response Team Autoridad Nacional para la Innovacion Gubernamental
\nE-Mail: info@cert.pa
\nPhone: +507 520-CERT (2378)
\nWeb: https:\/\/cert.pa
\nTwitter: @CSIRTPanama
\nFacebook: http:\/\/www.facebook.com\/CSIRTPanama
\nKey ID: 16F2B124<\/p>\n","protected":false},"excerpt":{"rendered":"

CSIRT Panam\u00e1 Aviso 2019-12-12 Microsoft libera sus actualizaciones de diciembre que corrigen el Zero day Win32k y 36 Fallas Gravedad: Alta Fecha de publicaci\u00f3n: Diciembre 12, 2019 \u00daltima revisi\u00f3n: Diciembre 12, 2019 https:\/\/portal.msrc.microsoft.com\/en-us\/security-guidance\/releasenotedetail\/2019-Dec Sistemas Afectados:…<\/p>\n","protected":false},"author":5,"featured_media":414,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[4],"tags":[76,72,9,73,68],"class_list":["post-1727","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-avisos-de-seguridad","tag-actualizaciones","tag-avisos-de-seguridad","tag-microsoft","tag-parches","tag-vulnerabilidades"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/1727","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1727"}],"version-history":[{"count":2,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/1727\/revisions"}],"predecessor-version":[{"id":3249,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/1727\/revisions\/3249"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/media\/414"}],"wp:attachment":[{"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1727"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1727"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1727"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}