{"id":3542,"date":"2023-09-14T09:22:24","date_gmt":"2023-09-14T14:22:24","guid":{"rendered":"https:\/\/cert.pa\/?p=3542"},"modified":"2023-09-14T09:22:24","modified_gmt":"2023-09-14T14:22:24","slug":"csirt-panama-aviso-2023-sep-14-microsoft-libera-actualizaciones-para-septiembre-y-corrige-2-zero-days-y-59-fallas","status":"publish","type":"post","link":"https:\/\/cert.pa\/?p=3542","title":{"rendered":"CSIRT Panam\u00e1 Aviso 2023-sep-14 Microsoft libera actualizaciones para septiembre y corrige 2 zero-days y 59 fallas"},"content":{"rendered":"\n

Gravedad: Alta
Fecha de publicaci\u00f3n: Septiembre 14, 2023
\u00daltima revisi\u00f3n: Septiembre 13, 2023
https:\/\/msrc.microsoft.com\/update-guide\/releaseNote\/2023-Sep<\/p>\n\n\n\n

Sistemas Afectados:
Microsoft Azure Kubernetes Service
Azure DevOps
Windows Cloud Files Mini Filter Driver
Microsoft Identity Linux Broker
3D Viewer
Visual Studio Code
Microsoft Exchange Server
Visual Studio
Microsoft Office Word
Microsoft Office Outlook
Microsoft Office SharePoint
Microsoft Office
Microsoft Office Excel
3D Builder
.NET Framework
.NET and Visual Studio
.NET Core & Visual Studio
Microsoft Dynamics Finance & Operations
Windows DHCP Server
Microsoft Streaming Service
Windows Kernel
Windows GDI
Windows Scripting
Microsoft Dynamics
Windows Common Log File System Driver
Windows Themes
Microsoft Windows Codecs Library
Windows Internet Connection Sharing (ICS)
Windows TCP\/IP
Azure HDInsights
Windows Defender<\/p>\n\n\n\n

I. Descripci\u00f3n
Microsoft ha liberado sus actualizaciones correspondientes al mes de Septiembre. En este caso corrige 59 fallas y 2 zero day.<\/p>\n\n\n\n

II. Detalles<\/p>\n\n\n\n

Tag<\/th>CVE ID<\/th>CVE Title<\/th>Severity<\/th><\/tr>
.NET and Visual Studio<\/td>CVE-2023-36794<\/a><\/td>Visual Studio Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
.NET and Visual Studio<\/td>CVE-2023-36796<\/a><\/td>Visual Studio Remote Code Execution Vulnerability<\/td>Critical<\/td><\/tr>
.NET and Visual Studio<\/td>CVE-2023-36792<\/a><\/td>Visual Studio Remote Code Execution Vulnerability<\/td>Critical<\/td><\/tr>
.NET and Visual Studio<\/td>CVE-2023-36793<\/a><\/td>Visual Studio Remote Code Execution Vulnerability<\/td>Critical<\/td><\/tr>
.NET Core & Visual Studio<\/td>CVE-2023-36799<\/a><\/td>.NET Core and Visual Studio Denial of Service Vulnerability<\/td>Important<\/td><\/tr>
.NET Framework<\/td>CVE-2023-36788<\/a><\/td>.NET Framework Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
3D Builder<\/td>CVE-2023-36772<\/a><\/td>3D Builder Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
3D Builder<\/td>CVE-2023-36771<\/a><\/td>3D Builder Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
3D Builder<\/td>CVE-2023-36770<\/a><\/td>3D Builder Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
3D Builder<\/td>CVE-2023-36773<\/a><\/td>3D Builder Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
3D Viewer<\/td>CVE-2022-41303<\/a><\/td>AutoDesk: CVE-2022-41303 use-after-free vulnerability in Autodesk\u00ae FBX\u00ae SDK 2020 or prior<\/td>Important<\/td><\/tr>
3D Viewer<\/td>CVE-2023-36760<\/a><\/td>3D Viewer Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
3D Viewer<\/td>CVE-2023-36740<\/a><\/td>3D Viewer Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
3D Viewer<\/td>CVE-2023-36739<\/a><\/td>3D Viewer Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Azure DevOps<\/td>CVE-2023-33136<\/a><\/td>Azure DevOps Server Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Azure DevOps<\/td>CVE-2023-38155<\/a><\/td>Azure DevOps Server Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Azure HDInsights<\/td>CVE-2023-38156<\/a><\/td>Azure HDInsight Apache Ambari Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Azure Kubernetes Service<\/td>CVE-2023-29332<\/a><\/td>Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability<\/td>Critical<\/td><\/tr>
Microsoft Dynamics<\/td>CVE-2023-38164<\/a><\/td>Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Dynamics<\/td>CVE-2023-36886<\/a><\/td>Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Dynamics Finance & Operations<\/td>CVE-2023-36800<\/a><\/td>Dynamics Finance and Operations Cross-site Scripting Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Edge (Chromium-based)<\/td>CVE-2023-4863<\/a><\/td>Chromium: CVE-2023-4863 Heap buffer overflow in WebP<\/td>Unknown<\/td><\/tr>
Microsoft Edge (Chromium-based)<\/td>CVE-2023-4763<\/a><\/td>Chromium: CVE-2023-4763 Use after free in Networks<\/td>Unknown<\/td><\/tr>
Microsoft Edge (Chromium-based)<\/td>CVE-2023-4761<\/a><\/td>Chromium: CVE-2023-4761 Out of bounds memory access in FedCM<\/td>Unknown<\/td><\/tr>
Microsoft Edge (Chromium-based)<\/td>CVE-2023-4764<\/a><\/td>Chromium: CVE-2023-4764 Incorrect security UI in BFCache<\/td>Unknown<\/td><\/tr>
Microsoft Edge (Chromium-based)<\/td>CVE-2023-4762<\/a><\/td>Chromium: CVE-2023-4762 Type Confusion in V8<\/td>Unknown<\/td><\/tr>
Microsoft Exchange Server<\/td>CVE-2023-36744<\/a><\/td>Microsoft Exchange Server Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Exchange Server<\/td>CVE-2023-36756<\/a><\/td>Microsoft Exchange Server Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Exchange Server<\/td>CVE-2023-36745<\/a><\/td>Microsoft Exchange Server Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Exchange Server<\/td>CVE-2023-36777<\/a><\/td>Microsoft Exchange Server Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Exchange Server<\/td>CVE-2023-36757<\/a><\/td>Microsoft Exchange Server Spoofing Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Identity Linux Broker<\/td>CVE-2023-36736<\/a><\/td>Microsoft Identity Linux Broker Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office<\/td>CVE-2023-36767<\/a><\/td>Microsoft Office Security Feature Bypass Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office<\/td>CVE-2023-36765<\/a><\/td>Microsoft Office Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office<\/td>CVE-2023-41764<\/a><\/td>Microsoft Office Spoofing Vulnerability<\/td>Moderate<\/td><\/tr>
Microsoft Office Excel<\/td>CVE-2023-36766<\/a><\/td>Microsoft Excel Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office Outlook<\/td>CVE-2023-36763<\/a><\/td>Microsoft Outlook Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office SharePoint<\/td>CVE-2023-36764<\/a><\/td>Microsoft SharePoint Server Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office Word<\/td>CVE-2023-36761<\/a><\/td>Microsoft Word Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office Word<\/td>CVE-2023-36762<\/a><\/td>Microsoft Word Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Streaming Service<\/td>CVE-2023-36802<\/a><\/td>Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Windows Codecs Library<\/td>CVE-2023-38147<\/a><\/td>Windows Miracast Wireless Display Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Visual Studio<\/td>CVE-2023-36758<\/a><\/td>Visual Studio Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Visual Studio<\/td>CVE-2023-36759<\/a><\/td>Visual Studio Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Visual Studio Code<\/td>CVE-2023-36742<\/a><\/td>Visual Studio Code Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Visual Studio Code<\/td>CVE-2023-39956<\/a><\/td>Electron: CVE-2023-39956 -Visual Studio Code Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Windows Cloud Files Mini Filter Driver<\/td>CVE-2023-35355<\/a><\/td>Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows Common Log File System Driver<\/td>CVE-2023-38143<\/a><\/td>Windows Common Log File System Driver Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows Common Log File System Driver<\/td>CVE-2023-38144<\/a><\/td>Windows Common Log File System Driver Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows Defender<\/td>CVE-2023-38163<\/a><\/td>Windows Defender Attack Surface Reduction Security Feature Bypass<\/td>Important<\/td><\/tr>
Windows DHCP Server<\/td>CVE-2023-38152<\/a><\/td>DHCP Server Service Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Windows DHCP Server<\/td>CVE-2023-38162<\/a><\/td>DHCP Server Service Denial of Service Vulnerability<\/td>Important<\/td><\/tr>
Windows DHCP Server<\/td>CVE-2023-36801<\/a><\/td>DHCP Server Service Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Windows GDI<\/td>CVE-2023-36804<\/a><\/td>Windows GDI Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows GDI<\/td>CVE-2023-38161<\/a><\/td>Windows GDI Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows Internet Connection Sharing (ICS)<\/td>CVE-2023-38148<\/a><\/td>Internet Connection Sharing (ICS) Remote Code Execution Vulnerability<\/td>Critical<\/td><\/tr>
Windows Kernel<\/td>CVE-2023-38141<\/a><\/td>Windows Kernel Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows Kernel<\/td>CVE-2023-38142<\/a><\/td>Windows Kernel Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows Kernel<\/td>CVE-2023-38139<\/a><\/td>Windows Kernel Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows Kernel<\/td>CVE-2023-38140<\/a><\/td>Windows Kernel Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Windows Kernel<\/td>CVE-2023-38150<\/a><\/td>Windows Kernel Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows Kernel<\/td>CVE-2023-36803<\/a><\/td>Windows Kernel Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Windows Scripting<\/td>CVE-2023-36805<\/a><\/td>Windows MSHTML Platform Security Feature Bypass Vulnerability<\/td>Important<\/td><\/tr>
Windows TCP\/IP<\/td>CVE-2023-38160<\/a><\/td>Windows TCP\/IP Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Windows TCP\/IP<\/td>CVE-2023-38149<\/a><\/td>Windows TCP\/IP Denial of Service Vulnerability<\/td>Important<\/td><\/tr>
Windows Themes<\/td>CVE-2023-38146<\/a><\/td>Windows Themes Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n

III. Referencia a soluciones, herramientas e informaci\u00f3n
Actualizar su sistema operativo windows utilizando windows update o herramientas para gestionar la automatizacion.<\/p>\n\n\n\n

IV. Informaci\u00f3n de contacto
CSIRT PANAMA
Computer Security Incident Response Team Autoridad Nacional para la Innovacion Gubernamental
E-Mail: info@cert.pa
Phone: +507 520-CERT (2378)
Web: https:\/\/cert.pa
Twitter: @CSIRTPanama
Facebook: http:\/\/www.facebook.com\/CSIRTPanama
Key ID: 16F2B124<\/p>\n","protected":false},"excerpt":{"rendered":"

Gravedad: AltaFecha de publicaci\u00f3n: Septiembre 14, 2023\u00daltima revisi\u00f3n: Septiembre 13, 2023https:\/\/msrc.microsoft.com\/update-guide\/releaseNote\/2023-Sep Sistemas Afectados:Microsoft Azure Kubernetes ServiceAzure DevOpsWindows Cloud Files Mini Filter DriverMicrosoft Identity Linux Broker3D ViewerVisual Studio CodeMicrosoft Exchange ServerVisual StudioMicrosoft Office WordMicrosoft Office OutlookMicrosoft…<\/p>\n","protected":false},"author":4,"featured_media":1847,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[4],"tags":[76,43,8,72,9,73,68,45,94],"class_list":["post-3542","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-avisos-de-seguridad","tag-actualizaciones","tag-alertas","tag-avisos","tag-avisos-de-seguridad","tag-microsoft","tag-parches","tag-vulnerabilidades","tag-windows","tag-windows-update"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/3542","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3542"}],"version-history":[{"count":1,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/3542\/revisions"}],"predecessor-version":[{"id":3543,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/3542\/revisions\/3543"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/media\/1847"}],"wp:attachment":[{"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3542"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3542"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3542"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}