{"id":3136,"date":"2022-09-16T14:22:52","date_gmt":"2022-09-16T19:22:52","guid":{"rendered":"https:\/\/cert.pa\/?p=3136"},"modified":"2022-09-16T14:22:52","modified_gmt":"2022-09-16T19:22:52","slug":"csirt-panama-aviso-2022-sep-15-microsoft-libera-actualizaciones-que-corrigen-63-fallas","status":"publish","type":"post","link":"https:\/\/cert.pa\/?p=3136","title":{"rendered":"CSIRT Panam\u00e1 Aviso 2022-sep-15 Microsoft Libera actualizaciones que corrigen 63 fallas."},"content":{"rendered":"\n

CSIRT Panam\u00e1 Aviso 2022-sep-15 Microsoft Libera actualizaciones que corrigen 63 fallas.
Gravedad: Alta
Fecha de publicaci\u00f3n: septiembre 16, 2022
\u00daltima revisi\u00f3n: septiembre 16, 2022
https:\/\/msrc.microsoft.com\/update-guide\/releaseNote\/2022-Sep<\/p>\n\n\n\n

Sistemas Afectados:
.NET and Visual Studio
.NET Framework
Azure Arc
Cache Speculation
HTTP.sys
Microsoft Dynamics
Microsoft Edge (Chromium-based)
Microsoft Graphics Component
Microsoft Office
Microsoft Office SharePoint
Microsoft Office Visio
Microsoft Windows ALPC
Microsoft Windows Codecs Library
Network Device Enrollment Service (NDES)
Role: DNS Server
Role: Windows Fax Service
SPNEGO Extended Negotiation
Visual Studio Code
Windows Common Log File System Driver
Windows Credential Roaming Service
Windows Defender
Windows Distributed File System (DFS)
Windows DPAPI (Data Protection Application Programming Interface)
Windows Enterprise App Management
Windows Event Tracing
Windows Group Policy
Windows IKE Extension
Windows Kerberos
Windows Kernel
Windows LDAP – Lightweight Directory Access Protocol
Windows ODBC Driver
Windows OLE
Windows Photo Import API
Windows Print Spooler Components
Windows Remote Access Connection Manager
Windows Remote Procedure Call
Windows TCP\/IP
Windows Transport Security Layer (TLS)<\/p>\n\n\n\n

I. Descripci\u00f3n
Con el lanzamiento de las actualizaciones de seguridad de septiembre de 2022, Microsoft lanz\u00f3 correcciones para 63 vulnerabilidades en los productos de Microsoft.<\/p>\n\n\n\n

II. Detalle
<\/p>\n\n\n\n

Tag<\/th>CVE ID<\/th>CVE Title<\/th>Severity<\/th><\/tr>
.NET and Visual Studio<\/td>CVE-2022-38013<\/a><\/td>.NET Core and Visual Studio Denial of Service Vulnerability<\/td>Important<\/td><\/tr>
.NET Framework<\/td>CVE-2022-26929<\/a><\/td>.NET Framework Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Azure Arc<\/td>CVE-2022-38007<\/a><\/td>Azure Guest Configuration and Azure Arc-enabled servers Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Cache Speculation<\/td>CVE-2022-23960<\/a><\/td>Arm: CVE-2022-23960 Cache Speculation Restriction Vulnerability<\/td>Important<\/td><\/tr>
HTTP.sys<\/td>CVE-2022-35838<\/a><\/td>HTTP V3 Denial of Service Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Dynamics<\/td>CVE-2022-35805<\/a><\/td>Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability<\/td>Critical<\/td><\/tr>
Microsoft Dynamics<\/td>CVE-2022-34700<\/a><\/td>Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability<\/td>Critical<\/td><\/tr>
Microsoft Edge (Chromium-based)<\/td>CVE-2022-3053<\/a><\/td>Chromium: CVE-2022-3053 Inappropriate implementation in Pointer Lock<\/td>Unknown<\/td><\/tr>
Microsoft Edge (Chromium-based)<\/td>CVE-2022-3047<\/a><\/td>Chromium: CVE-2022-3047 Insufficient policy enforcement in Extensions API<\/td>Unknown<\/td><\/tr>
Microsoft Edge (Chromium-based)<\/td>CVE-2022-3054<\/a><\/td>Chromium: CVE-2022-3054 Insufficient policy enforcement in DevTools<\/td>Unknown<\/td><\/tr>
Microsoft Edge (Chromium-based)<\/td>CVE-2022-3041<\/a><\/td>Chromium: CVE-2022-3041 Use after free in WebSQL<\/td>Unknown<\/td><\/tr>
Microsoft Edge (Chromium-based)<\/td>CVE-2022-3040<\/a><\/td>Chromium: CVE-2022-3040 Use after free in Layout<\/td>Unknown<\/td><\/tr>
Microsoft Edge (Chromium-based)<\/td>CVE-2022-3046<\/a><\/td>Chromium: CVE-2022-3046 Use after free in Browser Tag<\/td>Unknown<\/td><\/tr>
Microsoft Edge (Chromium-based)<\/td>CVE-2022-3039<\/a><\/td>Chromium: CVE-2022-3039 Use after free in WebSQL<\/td>Unknown<\/td><\/tr>
Microsoft Edge (Chromium-based)<\/td>CVE-2022-3045<\/a><\/td>Chromium: CVE-2022-3045 Insufficient validation of untrusted input in V8<\/td>Unknown<\/td><\/tr>
Microsoft Edge (Chromium-based)<\/td>CVE-2022-3044<\/a><\/td>Chromium: CVE-2022-3044 Inappropriate implementation in Site Isolation<\/td>Unknown<\/td><\/tr>
Microsoft Edge (Chromium-based)<\/td>CVE-2022-3057<\/a><\/td>Chromium: CVE-2022-3057 Inappropriate implementation in iframe Sandbox<\/td>Unknown<\/td><\/tr>
Microsoft Edge (Chromium-based)<\/td>CVE-2022-3075<\/a><\/td>Chromium: CVE-2022-3075 Insufficient data validation in Mojo<\/td>Unknown<\/td><\/tr>
Microsoft Edge (Chromium-based)<\/td>CVE-2022-3058<\/a><\/td>Chromium: CVE-2022-3058 Use after free in Sign-In Flow<\/td>Unknown<\/td><\/tr>
Microsoft Edge (Chromium-based)<\/td>CVE-2022-3038<\/a><\/td>Chromium: CVE-2022-3038 Use after free in Network Service<\/td>Unknown<\/td><\/tr>
Microsoft Edge (Chromium-based)<\/td>CVE-2022-3056<\/a><\/td>Chromium: CVE-2022-3056 Insufficient policy enforcement in Content Security Policy<\/td>Unknown<\/td><\/tr>
Microsoft Edge (Chromium-based)<\/td>CVE-2022-3055<\/a><\/td>Chromium: CVE-2022-3055 Use after free in Passwords<\/td>Unknown<\/td><\/tr>
Microsoft Edge (Chromium-based)<\/td>CVE-2022-38012<\/a><\/td>Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability<\/td>Low<\/td><\/tr>
Microsoft Graphics Component<\/td>CVE-2022-37954<\/a><\/td>DirectX Graphics Kernel Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Graphics Component<\/td>CVE-2022-38006<\/a><\/td>Windows Graphics Component Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Graphics Component<\/td>CVE-2022-34729<\/a><\/td>Windows GDI Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Graphics Component<\/td>CVE-2022-34728<\/a><\/td>Windows Graphics Component Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Graphics Component<\/td>CVE-2022-35837<\/a><\/td>Windows Graphics Component Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office<\/td>CVE-2022-37962<\/a><\/td>Microsoft PowerPoint Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office SharePoint<\/td>CVE-2022-35823<\/a><\/td>Microsoft SharePoint Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office SharePoint<\/td>CVE-2022-38009<\/a><\/td>Microsoft SharePoint Server Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office SharePoint<\/td>CVE-2022-38008<\/a><\/td>Microsoft SharePoint Server Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office SharePoint<\/td>CVE-2022-37961<\/a><\/td>Microsoft SharePoint Server Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office Visio<\/td>CVE-2022-37963<\/a><\/td>Microsoft Office Visio Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office Visio<\/td>CVE-2022-38010<\/a><\/td>Microsoft Office Visio Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Windows ALPC<\/td>CVE-2022-34725<\/a><\/td>Windows ALPC Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Windows Codecs Library<\/td>CVE-2022-38011<\/a><\/td>Raw Image Extension Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Windows Codecs Library<\/td>CVE-2022-38019<\/a><\/td>AV1 Video Extension Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Network Device Enrollment Service (NDES)<\/td>CVE-2022-37959<\/a><\/td>Network Device Enrollment Service (NDES) Security Feature Bypass Vulnerability<\/td>Important<\/td><\/tr>
Role: DNS Server<\/td>CVE-2022-34724<\/a><\/td>Windows DNS Server Denial of Service Vulnerability<\/td>Important<\/td><\/tr>
Role: Windows Fax Service<\/td>CVE-2022-38004<\/a><\/td>Windows Fax Service Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
SPNEGO Extended Negotiation<\/td>CVE-2022-37958<\/a><\/td>SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Visual Studio Code<\/td>CVE-2022-38020<\/a><\/td>Visual Studio Code Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows Common Log File System Driver<\/td>CVE-2022-35803<\/a><\/td>Windows Common Log File System Driver Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows Common Log File System Driver<\/td>CVE-2022-37969<\/a><\/td>Windows Common Log File System Driver Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows Credential Roaming Service<\/td>CVE-2022-30170<\/a><\/td>Windows Credential Roaming Service Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows Defender<\/td>CVE-2022-35828<\/a><\/td>Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows Distributed File System (DFS)<\/td>CVE-2022-34719<\/a><\/td>Windows Distributed File System (DFS) Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows DPAPI (Data Protection Application Programming Interface)<\/td>CVE-2022-34723<\/a><\/td>Windows DPAPI (Data Protection Application Programming Interface) Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Windows Enterprise App Management<\/td>CVE-2022-35841<\/a><\/td>Windows Enterprise App Management Service Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Windows Event Tracing<\/td>CVE-2022-35832<\/a><\/td>Windows Event Tracing Denial of Service Vulnerability<\/td>Important<\/td><\/tr>
Windows Group Policy<\/td>CVE-2022-37955<\/a><\/td>Windows Group Policy Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows IKE Extension<\/td>CVE-2022-34722<\/a><\/td>Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability<\/td>Critical<\/td><\/tr>
Windows IKE Extension<\/td>CVE-2022-34720<\/a><\/td>Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability<\/td>Important<\/td><\/tr>
Windows IKE Extension<\/td>CVE-2022-34721<\/a><\/td>Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability<\/td>Critical<\/td><\/tr>
Windows Kerberos<\/td>CVE-2022-33647<\/a><\/td>Windows Kerberos Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows Kerberos<\/td>CVE-2022-33679<\/a><\/td>Windows Kerberos Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows Kernel<\/td>CVE-2022-37964<\/a><\/td>Windows Kernel Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows Kernel<\/td>CVE-2022-37956<\/a><\/td>Windows Kernel Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows Kernel<\/td>CVE-2022-37957<\/a><\/td>Windows Kernel Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows LDAP – Lightweight Directory Access Protocol<\/td>CVE-2022-30200<\/a><\/td>Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Windows ODBC Driver<\/td>CVE-2022-34726<\/a><\/td>Microsoft ODBC Driver Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Windows ODBC Driver<\/td>CVE-2022-34730<\/a><\/td>Microsoft ODBC Driver Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Windows ODBC Driver<\/td>CVE-2022-34727<\/a><\/td>Microsoft ODBC Driver Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Windows ODBC Driver<\/td>CVE-2022-34732<\/a><\/td>Microsoft ODBC Driver Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Windows ODBC Driver<\/td>CVE-2022-34734<\/a><\/td>Microsoft ODBC Driver Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Windows OLE<\/td>CVE-2022-35834<\/a><\/td>Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Windows OLE<\/td>CVE-2022-35835<\/a><\/td>Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Windows OLE<\/td>CVE-2022-35836<\/a><\/td>Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Windows OLE<\/td>CVE-2022-35840<\/a><\/td>Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Windows OLE<\/td>CVE-2022-34733<\/a><\/td>Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Windows OLE<\/td>CVE-2022-34731<\/a><\/td>Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Windows Photo Import API<\/td>CVE-2022-26928<\/a><\/td>Windows Photo Import API Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows Print Spooler Components<\/td>CVE-2022-38005<\/a><\/td>Windows Print Spooler Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows Remote Access Connection Manager<\/td>CVE-2022-35831<\/a><\/td>Windows Remote Access Connection Manager Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Windows Remote Procedure Call<\/td>CVE-2022-35830<\/a><\/td>Remote Procedure Call Runtime Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Windows TCP\/IP<\/td>CVE-2022-34718<\/a><\/td>Windows TCP\/IP Remote Code Execution Vulnerability<\/td>Critical<\/td><\/tr>
Windows Transport Security Layer (TLS)<\/td>CVE-2022-35833<\/a><\/td>Windows Secure Channel Denial of Service Vulnerability<\/td>Important<\/td><\/tr>
Windows Transport Security Layer (TLS)<\/td>CVE-2022-30196<\/a><\/td>Windows Secure Channel Denial of Service Vulnerability<\/td>Important<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n

III. Referencia a soluciones, herramientas e informaci\u00f3n
Actualizar utilizando Microsoft Windows Update o herramientas de administracion de actualizaciones centralizadas.<\/p>\n\n\n\n

IV. Informaci\u00f3n de contacto
CSIRT PANAMA
Computer Security Incident Response Team Autoridad Nacional para la Innovacion Gubernamental
E-Mail: info@cert.pa
Phone: +507 520-CERT (2378)
Web: https:\/\/cert.pa
Twitter: @CSIRTPanama
Facebook: http:\/\/www.facebook.com\/CSIRTPanama
Key ID: 16F2B124<\/p>\n","protected":false},"excerpt":{"rendered":"

CSIRT Panam\u00e1 Aviso 2022-sep-15 Microsoft Libera actualizaciones que corrigen 63 fallas.Gravedad: AltaFecha de publicaci\u00f3n: septiembre 16, 2022\u00daltima revisi\u00f3n: septiembre 16, 2022https:\/\/msrc.microsoft.com\/update-guide\/releaseNote\/2022-Sep Sistemas Afectados:.NET and Visual Studio.NET FrameworkAzure ArcCache SpeculationHTTP.sysMicrosoft DynamicsMicrosoft Edge (Chromium-based)Microsoft Graphics ComponentMicrosoft OfficeMicrosoft…<\/p>\n","protected":false},"author":4,"featured_media":1847,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[4],"tags":[76,43,8,72,9,73,80,68,45,94],"class_list":["post-3136","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-avisos-de-seguridad","tag-actualizaciones","tag-alertas","tag-avisos","tag-avisos-de-seguridad","tag-microsoft","tag-parches","tag-vulnerabilidad","tag-vulnerabilidades","tag-windows","tag-windows-update"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/3136","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3136"}],"version-history":[{"count":1,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/3136\/revisions"}],"predecessor-version":[{"id":3137,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/3136\/revisions\/3137"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/media\/1847"}],"wp:attachment":[{"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3136"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3136"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3136"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}