{"id":3400,"date":"2023-06-15T10:36:51","date_gmt":"2023-06-15T15:36:51","guid":{"rendered":"https:\/\/cert.pa\/?p=3400"},"modified":"2023-06-15T10:36:51","modified_gmt":"2023-06-15T15:36:51","slug":"csirt-panama-aviso-2023-jun-15-actualizaciones-de-seguridad-de-microsoft-para-junio","status":"publish","type":"post","link":"https:\/\/cert.pa\/?p=3400","title":{"rendered":"CSIRT Panam\u00e1 Aviso 2023-jun-15 Actualizaciones de seguridad de Microsoft para Junio."},"content":{"rendered":"\n

CSIRT Panam\u00e1 Aviso 2023-jun-15 Actualizaciones de seguridad de Microsoft para Junio.
Gravedad: Alta
Fecha de publicaci\u00f3n: junio 15, 2023
\u00daltima revisi\u00f3n: junio 14, 2023
https:\/\/msrc.microsoft.com\/update-guide\/releaseNote\/2023-Jun<\/p>\n\n\n\n

Sistemas Afectados:
.NET and Visual Studio
.NET Core
.NET Framework
ASP .NET
Azure DevOps
Microsoft Dynamics
Microsoft Edge (Chromium-based)
Microsoft Exchange Server
Microsoft Office
Microsoft Office Excel
Microsoft Office OneNote
Microsoft Office Outlook
Microsoft Office SharePoint
Microsoft Power Apps
Microsoft Printer Drivers
Microsoft WDAC OLE DB provider for SQL
Microsoft Windows Codecs Library
NuGet Client
Remote Desktop Client
Role: DNS Server
SysInternals
Visual Studio
Visual Studio Code
Windows Authentication Methods
Windows Bus Filter Driver
Windows Cloud Files Mini Filter Driver
Windows Collaborative Translation Framework
Windows Container Manager Service
Windows CryptoAPI
Windows DHCP Server
Windows Filtering
Windows GDI
Windows Geolocation Service
Windows Group Policy
Windows Hello
Windows Hyper-V
Windows Installer
Windows iSCSI
Windows Kernel
Windows NTFS
Windows ODBC Driver
Windows OLE
Windows PGM
Windows Remote Procedure Call Runtime
Windows Resilient File System (ReFS)
Windows Server Service
Windows SMB
Windows TPM Device Driver
Windows Win32K<\/p>\n\n\n\n

I. Descripci\u00f3n
Microsoft ha liberado sus actualizaciones de seguridad correspondientes al mes de junio.
Este conjunto de actualizaciones remedia 73 CVEs.<\/p>\n\n\n\n

II. Detalle<\/p>\n\n\n\n

Tag<\/th>CVE ID<\/th>CVE Title<\/th>Severity<\/th><\/tr>
.NET and Visual Studio<\/td>CVE-2023-24895<\/a><\/td>.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
.NET and Visual Studio<\/td>CVE-2023-33126<\/a><\/td>.NET and Visual Studio Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
.NET and Visual Studio<\/td>CVE-2023-24936<\/a><\/td>.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability<\/td>Moderate<\/td><\/tr>
.NET and Visual Studio<\/td>CVE-2023-33135<\/a><\/td>.NET and Visual Studio Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
.NET and Visual Studio<\/td>CVE-2023-32032<\/a><\/td>.NET and Visual Studio Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
.NET and Visual Studio<\/td>CVE-2023-32030<\/a><\/td>.NET and Visual Studio Denial of Service Vulnerability<\/td>Important<\/td><\/tr>
.NET and Visual Studio<\/td>CVE-2023-33128<\/a><\/td>.NET and Visual Studio Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
.NET and Visual Studio<\/td>CVE-2023-24897<\/a><\/td>.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability<\/td>Critical<\/td><\/tr>
.NET Core<\/td>CVE-2023-29331<\/a><\/td>.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability<\/td>Important<\/td><\/tr>
.NET Framework<\/td>CVE-2023-29326<\/a><\/td>.NET Framework Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
ASP .NET<\/td>CVE-2023-33141<\/a><\/td>Yet Another Reverse Proxy (YARP) Denial of Service Vulnerability<\/td>Important<\/td><\/tr>
Azure DevOps<\/td>CVE-2023-21569<\/a><\/td>Azure DevOps Server Spoofing Vulnerability<\/td>Important<\/td><\/tr>
Azure DevOps<\/td>CVE-2023-21565<\/a><\/td>Azure DevOps Server Spoofing Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Dynamics<\/td>CVE-2023-24896<\/a><\/td>Dynamics 365 Finance Spoofing Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Edge (Chromium-based)<\/td>CVE-2023-2941<\/a><\/td>Chromium: CVE-2023-2941 Inappropriate implementation in Extensions API<\/td>Unknown<\/td><\/tr>
Microsoft Edge (Chromium-based)<\/td>CVE-2023-33145<\/a><\/td>Microsoft Edge (Chromium-based) Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Edge (Chromium-based)<\/td>CVE-2023-2937<\/a><\/td>Chromium: CVE-2023-2937 Inappropriate implementation in Picture In Picture<\/td>Unknown<\/td><\/tr>
Microsoft Edge (Chromium-based)<\/td>CVE-2023-2936<\/a><\/td>Chromium: CVE-2023-2936 Type Confusion in V8<\/td>Unknown<\/td><\/tr>
Microsoft Edge (Chromium-based)<\/td>CVE-2023-2935<\/a><\/td>Chromium: CVE-2023-2935 Type Confusion in V8<\/td>Unknown<\/td><\/tr>
Microsoft Edge (Chromium-based)<\/td>CVE-2023-2940<\/a><\/td>Chromium: CVE-2023-2940 Inappropriate implementation in Downloads<\/td>Unknown<\/td><\/tr>
Microsoft Edge (Chromium-based)<\/td>CVE-2023-2939<\/a><\/td>Chromium: CVE-2023-2939 Insufficient data validation in Installer<\/td>Unknown<\/td><\/tr>
Microsoft Edge (Chromium-based)<\/td>CVE-2023-2938<\/a><\/td>Chromium: CVE-2023-2938 Inappropriate implementation in Picture In Picture<\/td>Unknown<\/td><\/tr>
Microsoft Edge (Chromium-based)<\/td>CVE-2023-2931<\/a><\/td>Chromium: CVE-2023-2931 Use after free in PDF<\/td>Unknown<\/td><\/tr>
Microsoft Edge (Chromium-based)<\/td>CVE-2023-2930<\/a><\/td>Chromium: CVE-2023-2930 Use after free in Extensions<\/td>Unknown<\/td><\/tr>
Microsoft Edge (Chromium-based)<\/td>CVE-2023-2929<\/a><\/td>Chromium: CVE-2023-2929 Out of bounds write in Swiftshader<\/td>Unknown<\/td><\/tr>
Microsoft Edge (Chromium-based)<\/td>CVE-2023-2934<\/a><\/td>Chromium: CVE-2023-2934 Out of bounds memory access in Mojo<\/td>Unknown<\/td><\/tr>
Microsoft Edge (Chromium-based)<\/td>CVE-2023-2933<\/a><\/td>Chromium: CVE-2023-2933 Use after free in PDF<\/td>Unknown<\/td><\/tr>
Microsoft Edge (Chromium-based)<\/td>CVE-2023-2932<\/a><\/td>Chromium: CVE-2023-2932 Use after free in PDF<\/td>Unknown<\/td><\/tr>
Microsoft Edge (Chromium-based)<\/td>CVE-2023-3079<\/a><\/td>Chromium: CVE-2023-3079 Type Confusion in V8<\/td>Unknown<\/td><\/tr>
Microsoft Edge (Chromium-based)<\/td>CVE-2023-29345<\/a><\/td>Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability<\/td>Low<\/td><\/tr>
Microsoft Edge (Chromium-based)<\/td>CVE-2023-33143<\/a><\/td>Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability<\/td>Moderate<\/td><\/tr>
Microsoft Exchange Server<\/td>CVE-2023-32031<\/a><\/td>Microsoft Exchange Server Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Exchange Server<\/td>CVE-2023-28310<\/a><\/td>Microsoft Exchange Server Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office<\/td>CVE-2023-33146<\/a><\/td>Microsoft Office Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office Excel<\/td>CVE-2023-33133<\/a><\/td>Microsoft Excel Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office Excel<\/td>CVE-2023-32029<\/a><\/td>Microsoft Excel Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office Excel<\/td>CVE-2023-33137<\/a><\/td>Microsoft Excel Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office OneNote<\/td>CVE-2023-33140<\/a><\/td>Microsoft OneNote Spoofing Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office Outlook<\/td>CVE-2023-33131<\/a><\/td>Microsoft Outlook Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office SharePoint<\/td>CVE-2023-33142<\/a><\/td>Microsoft SharePoint Server Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office SharePoint<\/td>CVE-2023-33129<\/a><\/td>Microsoft SharePoint Denial of Service Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office SharePoint<\/td>CVE-2023-33130<\/a><\/td>Microsoft SharePoint Server Spoofing Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office SharePoint<\/td>CVE-2023-33132<\/a><\/td>Microsoft SharePoint Server Spoofing Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office SharePoint<\/td>CVE-2023-29357<\/a><\/td>Microsoft SharePoint Server Elevation of Privilege Vulnerability<\/td>Critical<\/td><\/tr>
Microsoft Power Apps<\/td>CVE-2023-32024<\/a><\/td>Microsoft Power Apps Spoofing Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Printer Drivers<\/td>CVE-2023-32017<\/a><\/td>Microsoft PostScript Printer Driver Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft WDAC OLE DB provider for SQL<\/td>CVE-2023-29372<\/a><\/td>Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Windows Codecs Library<\/td>CVE-2023-29370<\/a><\/td>Windows Media Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Windows Codecs Library<\/td>CVE-2023-29365<\/a><\/td>Windows Media Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
NuGet Client<\/td>CVE-2023-29337<\/a><\/td>NuGet Client Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Remote Desktop Client<\/td>CVE-2023-29362<\/a><\/td>Remote Desktop Client Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Remote Desktop Client<\/td>CVE-2023-29352<\/a><\/td>Windows Remote Desktop Security Feature Bypass Vulnerability<\/td>Important<\/td><\/tr>
Role: DNS Server<\/td>CVE-2023-32020<\/a><\/td>Windows DNS Spoofing Vulnerability<\/td>Important<\/td><\/tr>
SysInternals<\/td>CVE-2023-29353<\/a><\/td>Sysinternals Process Monitor for Windows Denial of Service Vulnerability<\/td>Low<\/td><\/tr>
Visual Studio<\/td>CVE-2023-29007<\/a><\/td>GitHub: CVE-2023-29007 Arbitrary configuration injection via `git submodule deinit`<\/td>Important<\/td><\/tr>
Visual Studio<\/td>CVE-2023-33139<\/a><\/td>Visual Studio Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Visual Studio<\/td>CVE-2023-25652<\/a><\/td>GitHub: CVE-2023-25652 “git apply –reject” partially-controlled arbitrary file write<\/td>Important<\/td><\/tr>
Visual Studio<\/td>CVE-2023-25815<\/a><\/td>GitHub: CVE-2023-25815 Git looks for localized messages in an unprivileged place<\/td>Important<\/td><\/tr>
Visual Studio<\/td>CVE-2023-27911<\/a><\/td>AutoDesk: CVE-2023-27911 Heap buffer overflow vulnerability in Autodesk\u00ae FBX\u00ae SDK 2020 or prior<\/td>Important<\/td><\/tr>
Visual Studio<\/td>CVE-2023-27910<\/a><\/td>AutoDesk: CVE-2023-27910 stack buffer overflow vulnerability in Autodesk\u00ae FBX\u00ae SDK 2020 or prior<\/td>Important<\/td><\/tr>
Visual Studio<\/td>CVE-2023-29011<\/a><\/td>GitHub: CVE-2023-29011 The config file of `connect.exe` is susceptible to malicious placing<\/td>Important<\/td><\/tr>
Visual Studio<\/td>CVE-2023-29012<\/a><\/td>GitHub: CVE-2023-29012 Git CMD erroneously executes `doskey.exe` in current directory, if it exists<\/td>Important<\/td><\/tr>
Visual Studio<\/td>CVE-2023-27909<\/a><\/td>AutoDesk: CVE-2023-27909 Out-Of-Bounds Write Vulnerability in Autodesk\u00ae FBX\u00ae SDK 2020 or prior<\/td>Important<\/td><\/tr>
Visual Studio Code<\/td>CVE-2023-33144<\/a><\/td>Visual Studio Code Spoofing Vulnerability<\/td>Important<\/td><\/tr>
Windows Authentication Methods<\/td>CVE-2023-29364<\/a><\/td>Windows Authentication Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows Bus Filter Driver<\/td>CVE-2023-32010<\/a><\/td>Windows Bus Filter Driver Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows Cloud Files Mini Filter Driver<\/td>CVE-2023-29361<\/a><\/td>Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows Collaborative Translation Framework<\/td>CVE-2023-32009<\/a><\/td>Windows Collaborative Translation Framework Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows Container Manager Service<\/td>CVE-2023-32012<\/a><\/td>Windows Container Manager Service Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows CryptoAPI<\/td>CVE-2023-24937<\/a><\/td>Windows CryptoAPI Denial of Service Vulnerability<\/td>Important<\/td><\/tr>
Windows CryptoAPI<\/td>CVE-2023-24938<\/a><\/td>Windows CryptoAPI Denial of Service Vulnerability<\/td>Important<\/td><\/tr>
Windows DHCP Server<\/td>CVE-2023-29355<\/a><\/td>DHCP Server Service Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Windows Filtering<\/td>CVE-2023-29368<\/a><\/td>Windows Filtering Platform Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows GDI<\/td>CVE-2023-29358<\/a><\/td>Windows GDI Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows Geolocation Service<\/td>CVE-2023-29366<\/a><\/td>Windows Geolocation Service Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Windows Group Policy<\/td>CVE-2023-29351<\/a><\/td>Windows Group Policy Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows Hello<\/td>CVE-2023-32018<\/a><\/td>Windows Hello Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Windows Hyper-V<\/td>CVE-2023-32013<\/a><\/td>Windows Hyper-V Denial of Service Vulnerability<\/td>Critical<\/td><\/tr>
Windows Installer<\/td>CVE-2023-32016<\/a><\/td>Windows Installer Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Windows iSCSI<\/td>CVE-2023-32011<\/a><\/td>Windows iSCSI Discovery Service Denial of Service Vulnerability<\/td>Important<\/td><\/tr>
Windows Kernel<\/td>CVE-2023-32019<\/a><\/td>Windows Kernel Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Windows NTFS<\/td>CVE-2023-29346<\/a><\/td>NTFS Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows ODBC Driver<\/td>CVE-2023-29373<\/a><\/td>Microsoft ODBC Driver Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Windows OLE<\/td>CVE-2023-29367<\/a><\/td>iSCSI Target WMI Provider Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Windows PGM<\/td>CVE-2023-29363<\/a><\/td>Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability<\/td>Critical<\/td><\/tr>
Windows PGM<\/td>CVE-2023-32014<\/a><\/td>Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability<\/td>Critical<\/td><\/tr>
Windows PGM<\/td>CVE-2023-32015<\/a><\/td>Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability<\/td>Critical<\/td><\/tr>
Windows Remote Procedure Call Runtime<\/td>CVE-2023-29369<\/a><\/td>Remote Procedure Call Runtime Denial of Service Vulnerability<\/td>Important<\/td><\/tr>
Windows Resilient File System (ReFS)<\/td>CVE-2023-32008<\/a><\/td>Windows Resilient File System (ReFS) Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Windows Server Service<\/td>CVE-2023-32022<\/a><\/td>Windows Server Service Security Feature Bypass Vulnerability<\/td>Important<\/td><\/tr>
Windows SMB<\/td>CVE-2023-32021<\/a><\/td>Windows SMB Witness Service Security Feature Bypass Vulnerability<\/td>Important<\/td><\/tr>
Windows TPM Device Driver<\/td>CVE-2023-29360<\/a><\/td>Windows TPM Device Driver Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows Win32K<\/td>CVE-2023-29371<\/a><\/td>Windows GDI Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows Win32K<\/td>CVE-2023-29359<\/a><\/td>GDI Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n

III. Referencia a soluciones, herramientas e informaci\u00f3n
Actualizar utilizando Microsoft Windows Update o herramientas de administracion de actualizaciones centralizadas.<\/p>\n\n\n\n

IV. Informaci\u00f3n de contacto
CSIRT PANAMA
Computer Security Incident Response Team Autoridad Nacional para la Innovacion Gubernamental
E-Mail: info@cert.pa
Phone: +507 520-CERT (2378)
Web: https:\/\/cert.pa
Twitter: @CSIRTPanama
Key ID: 16F2B124<\/p>\n","protected":false},"excerpt":{"rendered":"

CSIRT Panam\u00e1 Aviso 2023-jun-15 Actualizaciones de seguridad de Microsoft para Junio.Gravedad: AltaFecha de publicaci\u00f3n: junio 15, 2023\u00daltima revisi\u00f3n: junio 14, 2023https:\/\/msrc.microsoft.com\/update-guide\/releaseNote\/2023-Jun Sistemas Afectados:.NET and Visual Studio.NET Core.NET FrameworkASP .NETAzure DevOpsMicrosoft DynamicsMicrosoft Edge (Chromium-based)Microsoft Exchange ServerMicrosoft…<\/p>\n","protected":false},"author":4,"featured_media":1847,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[4],"tags":[72],"class_list":["post-3400","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-avisos-de-seguridad","tag-avisos-de-seguridad"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/3400","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3400"}],"version-history":[{"count":1,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/3400\/revisions"}],"predecessor-version":[{"id":3401,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/3400\/revisions\/3401"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/media\/1847"}],"wp:attachment":[{"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3400"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3400"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3400"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}