Contáctanos al

1510

NOTIFICAR UN INCIDENTE

¿Cómo y cuándo reportar?
Ministerior del Interior

9VSA20-00122-01 CSIRT comparte actualizaciones entregadas por Microsoft

Resumen

El Equipo de Respuesta ante Incidentes de Seguridad Informática, CSIRT, comparte la información entregada por Microsoft en su reporte mensual de actualizaciones correspondiente a Enero de 2020, parchando 14 vulnerabilidades en sus softwares. Además se informa de 36 vulnerabilidades adicionales al reporte mensual.

Entre la información entregada por Microsoft, se destaca la vulnerabilidad CVE-2020-0601, ya que esta vulnerabilidad afecta a todas las máquinas que ejecutan sistemas operativos Windows 10 de 32 o 64 bits, incluidas las versiones de Windows Server 2016 y 2019. Esta vulnerabilidad permite que la validación del certificado de Elliptic Curve Cryptography (ECC) omita el almacén de confianza, permitiendo que el software no deseado o malicioso se disfrace como firmado auténticamente por una organización confiable. Esto podría engañar a los usuarios o frustrar los métodos de detección de malware, como los antivirus. Además, se podría emitir un certificado creado con fines malintencionados para un nombre de host que no lo autorizó, y un navegador que se base en Windows CryptoAPI no emitiría una advertencia, lo que permitiría a un atacante descifrar, modificar o inyectar datos en las conexiones del usuario sin detección.

 

Vulnerabilidades

Reportados en el informe de Enero:

CVE-2020-0601

CVE-2020-0607

CVE-2020-0608

CVE-2020-0615

CVE-2020-0622

CVE-2020-0637

CVE-2020-0639

CVE-2020-0643

CVE-2020-0647

CVE-2020-0650

CVE-2020-0651

CVE-2020-0652

CVE-2020-0653

CVE-2020-0654

 

Reportados adicionalmente:

CVE-2019-1491

CVE-2020-0602

CVE-2020-0603

CVE-2020-0605

CVE-2020-0606

CVE-2020-0609

CVE-2020-0610

CVE-2020-0611

CVE-2020-0612

CVE-2020-0613

CVE-2020-0614

CVE-2020-0616

CVE-2020-0617

CVE-2020-0620

CVE-2020-0621

CVE-2020-0623

CVE-2020-0624

CVE-2020-0625

CVE-2020-0626

CVE-2020-0627

CVE-2020-0628

CVE-2020-0629

CVE-2020-0630

CVE-2020-0631

CVE-2020-0632

CVE-2020-0633

CVE-2020-0634

CVE-2020-0635

CVE-2020-0636

CVE-2020-0638

CVE-2020-0640

CVE-2020-0641

CVE-2020-0642

CVE-2020-0644

CVE-2020-0646

CVE-2020-0656

 

Productos Afectados

  • .NET Core 3.0 y 3.1
  • ASP.NET Core 2.1, 3.0 y 3.1
  • Dynamics 365 Field Service (on-premises) v7 series
  • Internet Explorer 9, 10, 11
  • Microsoft .NET Framework
    • 3.0 Service Pack 2
    • 3.5
    • 4.8 y anteriores
  • Microsoft Excel
    • 2010 Service Pack 2 (32-bit y 64-bit editions)
    • 2013 RT Service Pack 1
    • 2013 Service Pack 1 (32-bit y 64-bit editions)
    • 2016 (32-bit y 64-bit editions)
  • Microsoft Office
    • 2010 Service Pack 2 (32-bit y 64-bit editions)
    • 2013 RT Service Pack 1
    • 2013 Service Pack 1 (32-bit y 64-bit editions)
    • 2016 (32-bit y 64-bit editions)
    • 2016 para Mac
    • 2019 (32-bit y 64-bit editions)
    • 2019 para Mac
  • Microsoft SharePoint
    • Enterprise Server 2016
    • Foundation 2010 Service Pack 2
    • Foundation 2013 Service Pack 1
    • Server 2019
  • Office 365 ProPlus (32-bit y 64-bit editions)
  • Office Online Server
  • One Drive for Android
  • Windows 10
    • Version 1607, 1703, 1709, 1803, 1809, 1903, para 32 y 64 bit
  • Windows 7
    • 32-bit Systems Service Pack 1
    • x64-based Systems Service Pack 1
  • Windows 8.1
    • 32-bit systems
    • x64-based systems
  • Windows Defender
  • Windows RT 8.1
  • Windows Server 2008
    • 32-bit Systems Service Pack 2
    • 32-bit Systems Service Pack 2 (Server Core installation)
    • Itanium-Based Systems Service Pack 2
    • x64-based Systems Service Pack 2
    • x64-based Systems Service Pack 2 (Server Core installation)
    • R2 for Itanium-Based Systems Service Pack 1
    • R2 for x64-based Systems Service Pack 1
    • R2 for x64-based Systems Service Pack 1 (Server Core installation)
  • Windows Server 2012
    • 2012
    • Server Core installation
    • R2 y R2 (Server Core installation)
  • Windows Server 2016
    • 2016
    • Server Core installation
  • Windows Server 2019
    • 2019
    • Server Core installation
  • Windows Server
    • version 1803 (Server Core Installation)
    • version 1903 (Server Core installation)

 

Mitigación

Aplicar las actualizaciones publicadas por el fabricante.

 

Enlace

https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Jan

https://portal.msrc.microsoft.com/en-us/security-guidance

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0607

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0608

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0615

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0622

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0637

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0639

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0643

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0647

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0650

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0651

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0652

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0653

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0654

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1491

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0602

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0605

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0606

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0609

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0610

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0611

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0612

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0613

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0614

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0616

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0617

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0620

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0621

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0623

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0624

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0625

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0626

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0627

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0628

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0629

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0630

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0631

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0632

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0633

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0634

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0635

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0636

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0638

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0640

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0641

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0642

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0644

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0646

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0656

 

Informe

El informe oficial publicado por el CSIRT del Gobierno de Chile está disponible en el siguiente enlace: 9VSA20-00122-01

Ministerior del Interior

Teatinos 92 piso 6.

Santiago, Chile

csirt.gob.cl

Síguenos en nuestras redes sociales

Infórmate sobre nuestras actividades y escríbenos directamente