{"id":3484,"date":"2023-08-08T14:47:18","date_gmt":"2023-08-08T19:47:18","guid":{"rendered":"https:\/\/cert.pa\/?p=3484"},"modified":"2023-08-08T14:47:18","modified_gmt":"2023-08-08T19:47:18","slug":"csirt-panama-aviso-2023-ago-15-actualizaciones-de-seguridad-de-microsoft-para-agosto","status":"publish","type":"post","link":"https:\/\/cert.pa\/?p=3484","title":{"rendered":"CSIRT Panam\u00e1 Aviso 2023-ago-15 Actualizaciones de seguridad de Microsoft para Agosto."},"content":{"rendered":"\n

CSIRT Panam\u00e1 Aviso 2023-ago-15 Actualizaciones de seguridad de Microsoft para Agosto.
Gravedad: Alta
Fecha de publicaci\u00f3n: agosto 8, 2023
\u00daltima revisi\u00f3n: agosto 8, 2023
https:\/\/msrc.microsoft.com\/update-guide\/releaseNote\/2023-Aug<\/p>\n\n\n\n

Sistemas Afectados:Microsoft Office
Memory Integrity System Readiness Scan Tool
Microsoft Exchange Server
Microsoft Teams
Windows Kernel
Microsoft Office Excel
Microsoft Office Visio
Windows Message Queuing
Windows Projected File System
Windows Reliability Analysis Metrics Calculation Engine
Windows Fax and Scan Service
Windows HTML Platform
Windows Bluetooth A2DP driver
Microsoft Dynamics
.NET Core
ASP.NET and Visual Studio
Azure HDInsights
Azure DevOps
.NET Framework
Reliability Analysis Metrics Calculation Engine
Microsoft WDAC OLE DB provider for SQL
Windows Group Policy
Microsoft Office SharePoint
Microsoft Office Outlook
Tablet Windows User Interface
ASP.NET
Windows Common Log File System Driver
Windows System Assessment Tool
Windows Cloud Files Mini Filter Driver
Windows Wireless Wide Area Network Service
Windows Cryptographic Services
Role: Windows Hyper-V
Windows Smart Card
Microsoft Edge (Chromium-based)
Dynamics Business Central Control
SQL Server
Microsoft Windows Codecs Library
Windows Defender
Azure Arc
ASP .NET
Windows LDAP – Lightweight Directory Access Protocol
Windows Mobile Device Management<\/p>\n\n\n\n

I. Descripci\u00f3n
Microsoft ha liberado sus actualizaciones de seguridad correspondientes al mes de agosto.
Este conjunto de actualizaciones remedia 87 fallas y se advierte de 2 dia cero.<\/p>\n\n\n\n

II. Detalle<\/p>\n\n\n\n

Tag<\/th>CVE ID<\/th>CVE Title<\/th>Severity<\/th><\/tr>
.NET Core<\/td>CVE-2023-38178<\/a><\/td>.NET Core and Visual Studio Denial of Service Vulnerability<\/td>Important<\/td><\/tr>
.NET Core<\/td>CVE-2023-35390<\/a><\/td>.NET and Visual Studio Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
.NET Framework<\/td>CVE-2023-36873<\/a><\/td>.NET Framework Spoofing Vulnerability<\/td>Important<\/td><\/tr>
ASP .NET<\/td>CVE-2023-38180<\/a><\/td>.NET and Visual Studio Denial of Service Vulnerability<\/td>Important<\/td><\/tr>
ASP.NET<\/td>CVE-2023-36899<\/a><\/td>ASP.NET Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
ASP.NET and Visual Studio<\/td>CVE-2023-35391<\/a><\/td>ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Azure Arc<\/td>CVE-2023-38176<\/a><\/td>Azure Arc-Enabled Servers Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Azure DevOps<\/td>CVE-2023-36869<\/a><\/td>Azure DevOps Server Spoofing Vulnerability<\/td>Important<\/td><\/tr>
Azure HDInsights<\/td>CVE-2023-38188<\/a><\/td>Azure Apache Hadoop Spoofing Vulnerability<\/td>Important<\/td><\/tr>
Azure HDInsights<\/td>CVE-2023-35393<\/a><\/td>Azure Apache Hive Spoofing Vulnerability<\/td>Important<\/td><\/tr>
Azure HDInsights<\/td>CVE-2023-35394<\/a><\/td>Azure HDInsight Jupyter Notebook Spoofing Vulnerability<\/td>Important<\/td><\/tr>
Azure HDInsights<\/td>CVE-2023-36881<\/a><\/td>Azure Apache Ambari Spoofing Vulnerability<\/td>Important<\/td><\/tr>
Azure HDInsights<\/td>CVE-2023-36877<\/a><\/td>Azure Apache Oozie Spoofing Vulnerability<\/td>Important<\/td><\/tr>
Dynamics Business Central Control<\/td>CVE-2023-38167<\/a><\/td>Microsoft Dynamics Business Central Elevation Of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Mariner<\/td>CVE-2023-35945<\/a><\/td>Unknown<\/td>Unknown<\/td><\/tr>
Memory Integrity System Readiness Scan Tool<\/td>ADV230004<\/a><\/td>Memory Integrity System Readiness Scan Tool Defense in Depth Update<\/td>Moderate<\/td><\/tr>
Microsoft Dynamics<\/td>CVE-2023-35389<\/a><\/td>Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Edge (Chromium-based)<\/td>CVE-2023-38157<\/a><\/td>Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability<\/td>Moderate<\/td><\/tr>
Microsoft Edge (Chromium-based)<\/td>CVE-2023-4068<\/a><\/td>Chromium: CVE-2023-4068 Type Confusion in V8<\/td>Unknown<\/td><\/tr>
Microsoft Edge (Chromium-based)<\/td>CVE-2023-4072<\/a><\/td>Chromium: CVE-2023-4072 Out of bounds read and write in WebGL<\/td>Unknown<\/td><\/tr>
Microsoft Edge (Chromium-based)<\/td>CVE-2023-4071<\/a><\/td>Chromium: CVE-2023-4071 Heap buffer overflow in Visuals<\/td>Unknown<\/td><\/tr>
Microsoft Edge (Chromium-based)<\/td>CVE-2023-4073<\/a><\/td>Chromium: CVE-2023-4073 Out of bounds memory access in ANGLE<\/td>Unknown<\/td><\/tr>
Microsoft Edge (Chromium-based)<\/td>CVE-2023-4075<\/a><\/td>Chromium: CVE-2023-4075 Use after free in Cast<\/td>Unknown<\/td><\/tr>
Microsoft Edge (Chromium-based)<\/td>CVE-2023-4074<\/a><\/td>Chromium: CVE-2023-4074 Use after free in Blink Task Scheduling<\/td>Unknown<\/td><\/tr>
Microsoft Edge (Chromium-based)<\/td>CVE-2023-4076<\/a><\/td>Chromium: CVE-2023-4076 Use after free in WebRTC<\/td>Unknown<\/td><\/tr>
Microsoft Edge (Chromium-based)<\/td>CVE-2023-4077<\/a><\/td>Chromium: CVE-2023-4077 Insufficient data validation in Extensions<\/td>Unknown<\/td><\/tr>
Microsoft Edge (Chromium-based)<\/td>CVE-2023-4078<\/a><\/td>Chromium: CVE-2023-4078 Inappropriate implementation in Extensions<\/td>Unknown<\/td><\/tr>
Microsoft Edge (Chromium-based)<\/td>CVE-2023-4070<\/a><\/td>Chromium: CVE-2023-4070 Type Confusion in V8<\/td>Unknown<\/td><\/tr>
Microsoft Edge (Chromium-based)<\/td>CVE-2023-4069<\/a><\/td>Chromium: CVE-2023-4069 Type Confusion in V8<\/td>Unknown<\/td><\/tr>
Microsoft Exchange Server<\/td>CVE-2023-38185<\/a><\/td>Microsoft Exchange Server Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Exchange Server<\/td>CVE-2023-35388<\/a><\/td>Microsoft Exchange Server Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Exchange Server<\/td>CVE-2023-35368<\/a><\/td>Microsoft Exchange Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Exchange Server<\/td>CVE-2023-38181<\/a><\/td>Microsoft Exchange Server Spoofing Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Exchange Server<\/td>CVE-2023-38182<\/a><\/td>Microsoft Exchange Server Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Exchange Server<\/td>CVE-2023-21709<\/a><\/td>Microsoft Exchange Server Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office<\/td>ADV230003<\/a><\/td>Microsoft Office Defense in Depth Update<\/td>Moderate<\/td><\/tr>
Microsoft Office<\/td>CVE-2023-36897<\/a><\/td>Visual Studio Tools for Office Runtime Spoofing Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office Excel<\/td>CVE-2023-36896<\/a><\/td>Microsoft Excel Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office Excel<\/td>CVE-2023-35371<\/a><\/td>Microsoft Office Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office Outlook<\/td>CVE-2023-36893<\/a><\/td>Microsoft Outlook Spoofing Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office Outlook<\/td>CVE-2023-36895<\/a><\/td>Microsoft Outlook Remote Code Execution Vulnerability<\/td>Critical<\/td><\/tr>
Microsoft Office SharePoint<\/td>CVE-2023-36891<\/a><\/td>Microsoft SharePoint Server Spoofing Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office SharePoint<\/td>CVE-2023-36894<\/a><\/td>Microsoft SharePoint Server Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office SharePoint<\/td>CVE-2023-36890<\/a><\/td>Microsoft SharePoint Server Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office SharePoint<\/td>CVE-2023-36892<\/a><\/td>Microsoft SharePoint Server Spoofing Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office Visio<\/td>CVE-2023-35372<\/a><\/td>Microsoft Office Visio Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office Visio<\/td>CVE-2023-36865<\/a><\/td>Microsoft Office Visio Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office Visio<\/td>CVE-2023-36866<\/a><\/td>Microsoft Office Visio Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Teams<\/td>CVE-2023-29328<\/a><\/td>Microsoft Teams Remote Code Execution Vulnerability<\/td>Critical<\/td><\/tr>
Microsoft Teams<\/td>CVE-2023-29330<\/a><\/td>Microsoft Teams Remote Code Execution Vulnerability<\/td>Critical<\/td><\/tr>
Microsoft WDAC OLE DB provider for SQL<\/td>CVE-2023-36882<\/a><\/td>Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Windows<\/td>CVE-2023-20569<\/a><\/td>AMD: CVE-2023-20569 Return Address Predictor<\/td>Important<\/td><\/tr>
Microsoft Windows Codecs Library<\/td>CVE-2023-38170<\/a><\/td>HEVC Video Extensions Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Reliability Analysis Metrics Calculation Engine<\/td>CVE-2023-36876<\/a><\/td>Reliability Analysis Metrics Calculation (RacTask) Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Role: Windows Hyper-V<\/td>CVE-2023-36908<\/a><\/td>Windows Hyper-V Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
SQL Server<\/td>CVE-2023-38169<\/a><\/td>Microsoft OLE DB Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Tablet Windows User Interface<\/td>CVE-2023-36898<\/a><\/td>Tablet Windows User Interface Application Core Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Windows Bluetooth A2DP driver<\/td>CVE-2023-35387<\/a><\/td>Windows Bluetooth A2DP driver Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows Cloud Files Mini Filter Driver<\/td>CVE-2023-36904<\/a><\/td>Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows Common Log File System Driver<\/td>CVE-2023-36900<\/a><\/td>Windows Common Log File System Driver Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows Cryptographic Services<\/td>CVE-2023-36907<\/a><\/td>Windows Cryptographic Services Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Windows Cryptographic Services<\/td>CVE-2023-36906<\/a><\/td>Windows Cryptographic Services Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Windows Defender<\/td>CVE-2023-38175<\/a><\/td>Microsoft Windows Defender Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows Fax and Scan Service<\/td>CVE-2023-35381<\/a><\/td>Windows Fax Service Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Windows Group Policy<\/td>CVE-2023-36889<\/a><\/td>Windows Group Policy Security Feature Bypass Vulnerability<\/td>Important<\/td><\/tr>
Windows HTML Platform<\/td>CVE-2023-35384<\/a><\/td>Windows HTML Platforms Security Feature Bypass Vulnerability<\/td>Important<\/td><\/tr>
Windows Kernel<\/td>CVE-2023-35359<\/a><\/td>Windows Kernel Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows Kernel<\/td>CVE-2023-38154<\/a><\/td>Windows Kernel Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows Kernel<\/td>CVE-2023-35382<\/a><\/td>Windows Kernel Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows Kernel<\/td>CVE-2023-35386<\/a><\/td>Windows Kernel Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows Kernel<\/td>CVE-2023-35380<\/a><\/td>Windows Kernel Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows LDAP – Lightweight Directory Access Protocol<\/td>CVE-2023-38184<\/a><\/td>Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Windows Message Queuing<\/td>CVE-2023-36909<\/a><\/td>Microsoft Message Queuing Denial of Service Vulnerability<\/td>Important<\/td><\/tr>
Windows Message Queuing<\/td>CVE-2023-35376<\/a><\/td>Microsoft Message Queuing Denial of Service Vulnerability<\/td>Important<\/td><\/tr>
Windows Message Queuing<\/td>CVE-2023-38172<\/a><\/td>Microsoft Message Queuing Denial of Service Vulnerability<\/td>Important<\/td><\/tr>
Windows Message Queuing<\/td>CVE-2023-35385<\/a><\/td>Microsoft Message Queuing Remote Code Execution Vulnerability<\/td>Critical<\/td><\/tr>
Windows Message Queuing<\/td>CVE-2023-35383<\/a><\/td>Microsoft Message Queuing Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Windows Message Queuing<\/td>CVE-2023-36913<\/a><\/td>Microsoft Message Queuing Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Windows Message Queuing<\/td>CVE-2023-35377<\/a><\/td>Microsoft Message Queuing Denial of Service Vulnerability<\/td>Important<\/td><\/tr>
Windows Message Queuing<\/td>CVE-2023-38254<\/a><\/td>Microsoft Message Queuing Denial of Service Vulnerability<\/td>Important<\/td><\/tr>
Windows Message Queuing<\/td>CVE-2023-36911<\/a><\/td>Microsoft Message Queuing Remote Code Execution Vulnerability<\/td>Critical<\/td><\/tr>
Windows Message Queuing<\/td>CVE-2023-36910<\/a><\/td>Microsoft Message Queuing Remote Code Execution Vulnerability<\/td>Critical<\/td><\/tr>
Windows Message Queuing<\/td>CVE-2023-36912<\/a><\/td>Microsoft Message Queuing Denial of Service Vulnerability<\/td>Important<\/td><\/tr>
Windows Mobile Device Management<\/td>CVE-2023-38186<\/a><\/td>Windows Mobile Device Management Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows Projected File System<\/td>CVE-2023-35378<\/a><\/td>Windows Projected File System Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows Reliability Analysis Metrics Calculation Engine<\/td>CVE-2023-35379<\/a><\/td>Reliability Analysis Metrics Calculation Engine (RACEng) Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows Smart Card<\/td>CVE-2023-36914<\/a><\/td>Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability<\/td>Important<\/td><\/tr>
Windows System Assessment Tool<\/td>CVE-2023-36903<\/a><\/td>Windows System Assessment Tool Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows Wireless Wide Area Network Service<\/td>CVE-2023-36905<\/a><\/td>Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability<\/td>Important<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n

III. Referencia a soluciones, herramientas e informaci\u00f3n
Actualizar utilizando Microsoft Windows Update o herramientas de administracion de actualizaciones centralizadas.<\/p>\n\n\n\n

IV. Informaci\u00f3n de contacto
CSIRT PANAMA
Computer Security Incident Response Team Autoridad Nacional para la Innovacion Gubernamental
E-Mail: info@cert.pa
Phone: +507 520-CERT (2378)
Web: https:\/\/cert.pa
Twitter: @CSIRTPanama
Key ID: 16F2B124<\/p>\n","protected":false},"excerpt":{"rendered":"

CSIRT Panam\u00e1 Aviso 2023-ago-15 Actualizaciones de seguridad de Microsoft para Agosto.Gravedad: AltaFecha de publicaci\u00f3n: agosto 8, 2023\u00daltima revisi\u00f3n: agosto 8, 2023https:\/\/msrc.microsoft.com\/update-guide\/releaseNote\/2023-Aug Sistemas Afectados:Microsoft OfficeMemory Integrity System Readiness Scan ToolMicrosoft Exchange ServerMicrosoft TeamsWindows KernelMicrosoft Office ExcelMicrosoft…<\/p>\n","protected":false},"author":4,"featured_media":1847,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[66],"tags":[76,43,8,72,9,73,80,68,45,94],"class_list":["post-3484","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-csirt-panama","tag-actualizaciones","tag-alertas","tag-avisos","tag-avisos-de-seguridad","tag-microsoft","tag-parches","tag-vulnerabilidad","tag-vulnerabilidades","tag-windows","tag-windows-update"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/3484","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3484"}],"version-history":[{"count":1,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/3484\/revisions"}],"predecessor-version":[{"id":3485,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/3484\/revisions\/3485"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/media\/1847"}],"wp:attachment":[{"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3484"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3484"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3484"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}