{"id":3722,"date":"2024-02-15T14:42:02","date_gmt":"2024-02-15T19:42:02","guid":{"rendered":"https:\/\/cert.pa\/?p=3722"},"modified":"2024-02-15T14:42:04","modified_gmt":"2024-02-15T19:42:04","slug":"csirt-panama-aviso-2024-feb-15-microsoft-publica-actualizaciones-que-corrigen-73-fallas-y-2-dia-cero","status":"publish","type":"post","link":"https:\/\/cert.pa\/?p=3722","title":{"rendered":"CSIRT Panam\u00e1 Aviso 2024-feb-15 Microsoft publica actualizaciones que corrigen 73 fallas y 2 dia cero"},"content":{"rendered":"\n

CSIRT Panam\u00e1 Aviso 2024-feb-15 Microsoft publica actualizaciones que corrigen 73 fallas y 2 dia cero
Gravedad: Alta
Fecha de publicaci\u00f3n: Febrero 15, 2024
\u00daltima revisi\u00f3n: Febrero 15, 2024
https:\/\/msrc.microsoft.com\/update-guide\/releaseNote\/2024-Feb<\/p>\n\n\n\n

Sistemas Afectados:
Azure DevOps
Microsoft Office
Azure Stack
Windows Hyper-V
Skype for Business
Trusted Compute Base
Microsoft Defender for Endpoint
Microsoft Dynamics
Azure Connected Machine Agent
Windows Kernel
Windows USB Serial Driver
Role: DNS Server
Windows Internet Connection Sharing (ICS)
Windows Win32K – ICOMP
SQL Server
Microsoft ActiveX
Microsoft WDAC OLE DB provider for SQL
Windows SmartScreen
Microsoft WDAC ODBC Driver
Windows Message Queuing
Windows LDAP – Lightweight Directory Access Protocol
Azure Site Recovery
Windows OLE
Microsoft Teams for Android
Microsoft Azure Kubernetes Service
Microsoft Windows DNS
Microsoft Office Outlook
Microsoft Office Word
Azure Active Directory
Microsoft Office OneNote
.NET
Azure File Sync
Microsoft Edge (Chromium-based)
Microsoft Windows
Microsoft Exchange Server
Internet Shortcut Files<\/p>\n\n\n\n

I. Descripci\u00f3n<\/p>\n\n\n\n

El Patch Tuesday de Febrero consiste en actualizaciones de seguridad para los siguientes aplicativos:<\/p>\n\n\n\n

Tag<\/th>CVE ID<\/th>CVE Title<\/th>Severity<\/th><\/tr>
.NET<\/td>CVE-2024-21386<\/a><\/td>.NET Denial of Service Vulnerability<\/td>Important<\/td><\/tr>
.NET<\/td>CVE-2024-21404<\/a><\/td>.NET Denial of Service Vulnerability<\/td>Important<\/td><\/tr>
Azure Active Directory<\/td>CVE-2024-21401<\/a><\/td>Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Azure Active Directory<\/td>CVE-2024-21381<\/a><\/td>Microsoft Azure Active Directory B2C Spoofing Vulnerability<\/td>Important<\/td><\/tr>
Azure Connected Machine Agent<\/td>CVE-2024-21329<\/a><\/td>Azure Connected Machine Agent Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Azure DevOps<\/td>CVE-2024-20667<\/a><\/td>Azure DevOps Server Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Azure File Sync<\/td>CVE-2024-21397<\/a><\/td>Microsoft Azure File Sync Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Azure Site Recovery<\/td>CVE-2024-21364<\/a><\/td>Microsoft Azure Site Recovery Elevation of Privilege Vulnerability<\/td>Moderate<\/td><\/tr>
Azure Stack<\/td>CVE-2024-20679<\/a><\/td>Azure Stack Hub Spoofing Vulnerability<\/td>Important<\/td><\/tr>
Internet Shortcut Files<\/td>CVE-2024-21412<\/a><\/td>Internet Shortcut Files Security Feature Bypass Vulnerability<\/td>Important<\/td><\/tr>
Mariner<\/td>CVE-2024-21626<\/a><\/td>Unknown<\/td>Unknown<\/td><\/tr>
Microsoft ActiveX<\/td>CVE-2024-21349<\/a><\/td>Microsoft ActiveX Data Objects Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Azure Kubernetes Service<\/td>CVE-2024-21403<\/a><\/td>Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Azure Kubernetes Service<\/td>CVE-2024-21376<\/a><\/td>Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Defender for Endpoint<\/td>CVE-2024-21315<\/a><\/td>Microsoft Defender for Endpoint Protection Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Dynamics<\/td>CVE-2024-21393<\/a><\/td>Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Dynamics<\/td>CVE-2024-21389<\/a><\/td>Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Dynamics<\/td>CVE-2024-21395<\/a><\/td>Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Dynamics<\/td>CVE-2024-21380<\/a><\/td>Microsoft Dynamics Business Central\/NAV Information Disclosure Vulnerability<\/td>Critical<\/td><\/tr>
Microsoft Dynamics<\/td>CVE-2024-21328<\/a><\/td>Dynamics 365 Sales Spoofing Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Dynamics<\/td>CVE-2024-21394<\/a><\/td>Dynamics 365 Field Service Spoofing Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Dynamics<\/td>CVE-2024-21396<\/a><\/td>Dynamics 365 Sales Spoofing Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Dynamics<\/td>CVE-2024-21327<\/a><\/td>Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Edge (Chromium-based)<\/td>CVE-2024-1284<\/a><\/td>Chromium: CVE-2024-1284 Use after free in Mojo<\/td>Unknown<\/td><\/tr>
Microsoft Edge (Chromium-based)<\/td>CVE-2024-21399<\/a><\/td>Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability<\/td>Moderate<\/td><\/tr>
Microsoft Edge (Chromium-based)<\/td>CVE-2024-1060<\/a><\/td>Chromium: CVE-2024-1060 Use after free in Canvas<\/td>Unknown<\/td><\/tr>
Microsoft Edge (Chromium-based)<\/td>CVE-2024-1077<\/a><\/td>Chromium: CVE-2024-1077 Use after free in Network<\/td>Unknown<\/td><\/tr>
Microsoft Edge (Chromium-based)<\/td>CVE-2024-1283<\/a><\/td>Chromium: CVE-2024-1283 Heap buffer overflow in Skia<\/td>Unknown<\/td><\/tr>
Microsoft Edge (Chromium-based)<\/td>CVE-2024-1059<\/a><\/td>Chromium: CVE-2024-1059 Use after free in WebRTC<\/td>Unknown<\/td><\/tr>
Microsoft Exchange Server<\/td>CVE-2024-21410<\/a><\/td>Microsoft Exchange Server Elevation of Privilege Vulnerability<\/td>Critical<\/td><\/tr>
Microsoft Office<\/td>CVE-2024-21413<\/a><\/td>Microsoft Outlook Remote Code Execution Vulnerability<\/td>Critical<\/td><\/tr>
Microsoft Office<\/td>CVE-2024-20673<\/a><\/td>Microsoft Office Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office OneNote<\/td>CVE-2024-21384<\/a><\/td>Microsoft Office OneNote Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office Outlook<\/td>CVE-2024-21378<\/a><\/td>Microsoft Outlook Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office Outlook<\/td>CVE-2024-21402<\/a><\/td>Microsoft Outlook Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office Word<\/td>CVE-2024-21379<\/a><\/td>Microsoft Word Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Teams for Android<\/td>CVE-2024-21374<\/a><\/td>Microsoft Teams for Android Information Disclosure<\/td>Important<\/td><\/tr>
Microsoft WDAC ODBC Driver<\/td>CVE-2024-21353<\/a><\/td>Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft WDAC OLE DB provider for SQL<\/td>CVE-2024-21370<\/a><\/td>Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft WDAC OLE DB provider for SQL<\/td>CVE-2024-21350<\/a><\/td>Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft WDAC OLE DB provider for SQL<\/td>CVE-2024-21368<\/a><\/td>Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft WDAC OLE DB provider for SQL<\/td>CVE-2024-21359<\/a><\/td>Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft WDAC OLE DB provider for SQL<\/td>CVE-2024-21365<\/a><\/td>Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft WDAC OLE DB provider for SQL<\/td>CVE-2024-21367<\/a><\/td>Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft WDAC OLE DB provider for SQL<\/td>CVE-2024-21420<\/a><\/td>Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft WDAC OLE DB provider for SQL<\/td>CVE-2024-21366<\/a><\/td>Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft WDAC OLE DB provider for SQL<\/td>CVE-2024-21369<\/a><\/td>Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft WDAC OLE DB provider for SQL<\/td>CVE-2024-21375<\/a><\/td>Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft WDAC OLE DB provider for SQL<\/td>CVE-2024-21361<\/a><\/td>Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft WDAC OLE DB provider for SQL<\/td>CVE-2024-21358<\/a><\/td>Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft WDAC OLE DB provider for SQL<\/td>CVE-2024-21391<\/a><\/td>Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft WDAC OLE DB provider for SQL<\/td>CVE-2024-21360<\/a><\/td>Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft WDAC OLE DB provider for SQL<\/td>CVE-2024-21352<\/a><\/td>Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Windows<\/td>CVE-2024-21406<\/a><\/td>Windows Printing Service Spoofing Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Windows DNS<\/td>CVE-2024-21377<\/a><\/td>Windows DNS Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Role: DNS Server<\/td>CVE-2023-50387<\/a><\/td>MITRE: CVE-2023-50387 DNSSEC verification complexity can be exploited to exhaust CPU resources and stall DNS resolvers<\/td>Important<\/td><\/tr>
Role: DNS Server<\/td>CVE-2024-21342<\/a><\/td>Windows DNS Client Denial of Service Vulnerability<\/td>Important<\/td><\/tr>
Skype for Business<\/td>CVE-2024-20695<\/a><\/td>Skype for Business Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
SQL Server<\/td>CVE-2024-21347<\/a><\/td>Microsoft ODBC Driver Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Trusted Compute Base<\/td>CVE-2024-21304<\/a><\/td>Trusted Compute Base Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows Hyper-V<\/td>CVE-2024-20684<\/a><\/td>Windows Hyper-V Denial of Service Vulnerability<\/td>Critical<\/td><\/tr>
Windows Internet Connection Sharing (ICS)<\/td>CVE-2024-21343<\/a><\/td>Windows Network Address Translation (NAT) Denial of Service Vulnerability<\/td>Important<\/td><\/tr>
Windows Internet Connection Sharing (ICS)<\/td>CVE-2024-21348<\/a><\/td>Internet Connection Sharing (ICS) Denial of Service Vulnerability<\/td>Important<\/td><\/tr>
Windows Internet Connection Sharing (ICS)<\/td>CVE-2024-21357<\/a><\/td>Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability<\/td>Critical<\/td><\/tr>
Windows Internet Connection Sharing (ICS)<\/td>CVE-2024-21344<\/a><\/td>Windows Network Address Translation (NAT) Denial of Service Vulnerability<\/td>Important<\/td><\/tr>
Windows Kernel<\/td>CVE-2024-21371<\/a><\/td>Windows Kernel Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows Kernel<\/td>CVE-2024-21338<\/a><\/td>Windows Kernel Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows Kernel<\/td>CVE-2024-21341<\/a><\/td>Windows Kernel Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Windows Kernel<\/td>CVE-2024-21345<\/a><\/td>Windows Kernel Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows Kernel<\/td>CVE-2024-21362<\/a><\/td>Windows Kernel Security Feature Bypass Vulnerability<\/td>Important<\/td><\/tr>
Windows Kernel<\/td>CVE-2024-21340<\/a><\/td>Windows Kernel Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Windows LDAP – Lightweight Directory Access Protocol<\/td>CVE-2024-21356<\/a><\/td>Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability<\/td>Important<\/td><\/tr>
Windows Message Queuing<\/td>CVE-2024-21363<\/a><\/td>Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Windows Message Queuing<\/td>CVE-2024-21355<\/a><\/td>Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows Message Queuing<\/td>CVE-2024-21405<\/a><\/td>Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows Message Queuing<\/td>CVE-2024-21354<\/a><\/td>Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows OLE<\/td>CVE-2024-21372<\/a><\/td>Windows OLE Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Windows SmartScreen<\/td>CVE-2024-21351<\/a><\/td>Windows SmartScreen Security Feature Bypass Vulnerability<\/td>Moderate<\/td><\/tr>
Windows USB Serial Driver<\/td>CVE-2024-21339<\/a><\/td>Windows USB Generic Parent Driver Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Windows Win32K – ICOMP<\/td>CVE-2024-21346<\/a><\/td>Win32k Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n

II. Referencia a soluciones, herramientas e informaci\u00f3n<\/p>\n\n\n\n

Se recomienda actualizar los equipos utilizando windows update.<\/p>\n\n\n\n

III. Informaci\u00f3n de contacto
CSIRT PANAMA
Computer Security Incident Response Team Autoridad Nacional para la Innovacion Gubernamental
E-Mail: info@cert.pa
Phone: +507 520-CERT (2378)
Web: https:\/\/cert.pa
Twitter: @CSIRTPanama
Facebook: http:\/\/www.facebook.com\/CSIRTPanama
Key ID: 16F2B124<\/p>\n","protected":false},"excerpt":{"rendered":"

CSIRT Panam\u00e1 Aviso 2024-feb-15 Microsoft publica actualizaciones que corrigen 73 fallas y 2 dia ceroGravedad: AltaFecha de publicaci\u00f3n: Febrero 15, 2024\u00daltima revisi\u00f3n: Febrero 15, 2024https:\/\/msrc.microsoft.com\/update-guide\/releaseNote\/2024-Feb Sistemas Afectados:Azure DevOpsMicrosoft OfficeAzure StackWindows Hyper-VSkype for BusinessTrusted Compute BaseMicrosoft…<\/p>\n","protected":false},"author":4,"featured_media":1847,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[4],"tags":[76,72,9,73,80,68,45,94],"class_list":["post-3722","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-avisos-de-seguridad","tag-actualizaciones","tag-avisos-de-seguridad","tag-microsoft","tag-parches","tag-vulnerabilidad","tag-vulnerabilidades","tag-windows","tag-windows-update"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/3722","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3722"}],"version-history":[{"count":1,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/3722\/revisions"}],"predecessor-version":[{"id":3723,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/3722\/revisions\/3723"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/media\/1847"}],"wp:attachment":[{"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3722"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3722"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3722"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}