13 noviembre, 2019

9VSA-00085-001 CSIRT comparte actualizaciones de noviembre entregadas por Microsoft

Resumen

El Equipo de Respuesta ante Incidentes de Seguridad Informática, CSIRT, comparte la información entregada por Microsoft en su reporte mensual de actualizaciones correspondiente a noviembre del 2019, publicando 2 avisos y actualizaciones para 74 vulnerabilidades en sus sotwares, 13 de ellos, clasificados como críticos.

 

Vulnerabilidad

Informados en el boletín de ocubre

ADV190024                     CVE-2019-1409               CVE-2019-1442

CVE-2018-12207            CVE-2019-1411               CVE-2019-1443

CVE-2019-11135              CVE-2019-1412               CVE-2019-1445

CVE-2019-1324               CVE-2019-1418               CVE-2019-1446

CVE-2019-1370               CVE-2019-1432               CVE-2019-1447

CVE-2019-1374               CVE-2019-1436               CVE-2019-1448

CVE-2019-1381               CVE-2019-1439               CVE-2019-1449

CVE-2019-1402               CVE-2019-1440               CVE-2019-1457

 

Informados adicionalmente

CVE-2019-0712               CVE-2019-1394               CVE-2019-1423

CVE-2019-0721               CVE-2019-1395               CVE-2019-1424

CVE-2019-1234               CVE-2019-1396               CVE-2019-1425

CVE-2019-1309               CVE-2019-1397               CVE-2019-1426

CVE-2019-1310               CVE-2019-1398               CVE-2019-1427

CVE-2019-1373               CVE-2019-1399               CVE-2019-1428

CVE-2019-1379               CVE-2019-1405               CVE-2019-1429

CVE-2019-1380               CVE-2019-1406               CVE-2019-1430

CVE-2019-1382               CVE-2019-1407               CVE-2019-1433

CVE-2019-1383               CVE-2019-1408               CVE-2019-1434

CVE-2019-1384               CVE-2019-1413               CVE-2019-1435

CVE-2019-1385               CVE-2019-1414               CVE-2019-1437

CVE-2019-1388               CVE-2019-1415               CVE-2019-1438

CVE-2019-1389               CVE-2019-1416               CVE-2019-1441

CVE-2019-1390               CVE-2019-1417               CVE-2019-1454

CVE-2019-1391               CVE-2019-1419               CVE-2019-1456

CVE-2019-1392               CVE-2019-1420

CVE-2019-1393               CVE-2019-1422

 

Productos Afectados

  • Azure App Service on Azure Stack
  • ChakraCore
  • Excel Services
  • Internet Explorer 9, 10, 11
  • Microsoft Edge (EdgeHTML-based)
  • Microsoft Excel
    • 2010 Service Pack 2 (32-bit y 64-bit editions)
    • 2013 RT Service Pack 1
    • 2013 Service Pack 1 (32-bit y 64-bit editions)
    • 2016 (32-bit y 64-bit editions)
    • 2016 for Mac
  • Microsoft Exchange Server
  • 2013 Cumulative Update 23
  • 2016 Cumulative Update 13
  • 2016 Cumulative Update 14
  • 2019 Cumulative Update 2
  • 2019 Cumulative Update 3
  • Microsoft Office
    • 2010 Service Pack 2 (32-bit y 64-bit editions)
    • 2013 RT Service Pack 1
    • 2013 Service Pack 1 (32-bit y 64-bit editions)
    • 2016 (32-bit y 64-bit editions)
    • 2016 for Mac
    • 2019 (32-bit y 64-bit editions)
    • 2019 for Mac
    • Online Server
  • Microsoft SharePoint
    • Enterprise Server 2013 Service Pack 1
    • Enterprise Server 2016
    • 2010 Service Pack 2
    • 2013 Service Pack 1
    • Server 2019
  • Microsoft Visual Studio
    • 2017 version 15.9
    • 2019 version 16.0
    • 2019 version 16.3
  • Office 365 ProPlus (para sistemas de 32-bit y 64-bit)
  • Office Online Server
  • Open Enclave SDK
  • Visual Studio Code
  • Windows 10
    • Version 1607, 1703, 1709, 1803, 1809, 1903, para 32 y 64 bit
  • Windows 7
    • 32-bit Systems Service Pack 1
    • x64-based Systems Service Pack 1
  • Windows 8.1
    • 32-bit systems
    • x64-based systems
  • Windows RT 8.1
  • Windows Server 2008
    • 32-bit Systems Service Pack 2
    • 32-bit Systems Service Pack 2 (Server Core installation)
    • Itanium-Based Systems Service Pack 2
    • x64-based Systems Service Pack 2
    • x64-based Systems Service Pack 2 (Server Core installation)
    • R2 for Itanium-Based Systems Service Pack 1
    • R2 for x64-based Systems Service Pack 1
    • R2 for x64-based Systems Service Pack 1 (Server Core installation)
  • Windows Server 2012
    • 2012
    • Server Core installation
    • R2 y R2 (Server Core installation)
  • Windows Server 2016
    • 2016
    • Server Core installation
  • Windows Server 2019
    • 2019
    • Server Core installation
  • Windows Server
    • version 1803 (Server Core Installation)
    • version 1903 (Server Core installation)

 

 

Mitigación

Aplicar las actualizaciones publicadas por el fabricante.

 

Enlace

https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/164aa83e-499c-e911-a994-000d3a33c573

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190024

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-12207

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-11135

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1324

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1370

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1374

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1381

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1402

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1409

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1411

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1412

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1418

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1432

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1436

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1439

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1440

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1442

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1443

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1445

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1446

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1447

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1448

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1449

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1457

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0712

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0721

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1234

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1309

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1310

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1373

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1379

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1380

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1382

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1383

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1384

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1385

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1388

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1389

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1390

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1391

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1392

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1393

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1394

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1395

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1396

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1397

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1398

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1399

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1405

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1406

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1407

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1408

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1413

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1414

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1415

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1416

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1417

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1419

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1420

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1422

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1423

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1424

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1425

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1426

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1427

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1428

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1429

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1430

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1433

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1434

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1435

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1437

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1438

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1441

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1454

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1456

Informe

El informe oficial publicado por el CSIRT del Gobierno de Chile está disponible en el siguiente enlace: 9VSA-00085-001.docx