9VSA20-00212-01 CSIRT comparte información liberada por Microsoft para sus productos
CSIRT comparte la información entregada por Microsoft en su reporte mensual de actualizaciones correspondiente a mayo de 2020
Resumen
El Equipo de Respuesta ante Incidentes de Seguridad Informática, CSIRT, comparte la información entregada por Microsoft en su reporte mensual de actualizaciones correspondiente a mayo de 2020, parchando 10 vulnerabilidades clasificadas como importantes para sus softwares. Además se informa de 103 vulnerabilidades adicionales al reporte mensual, 2 de ellas clasificadas como bajas, 2 como moderadas, 85 como importantes y 14 como muy importantes. El informe es acompañado con las respectivas medidas de mitigación.
Vulnerabilidades
Informadas en el reporte mensual correspondiente al mes de mayo
CVE-2020-0901
CVE-2020-1116
CVE-2020-0963
CVE-2020-1141
CVE-2020-1072
CVE-2020-1145
CVE-2020-1075
CVE-2020-1173
CVE-2020-1103
CVE-2020-1179
Vulnerabilidades adicionales informadas
ADV200004
CVE-2020-1099
CVE-2020-1156
ADV200007
CVE-2020-1100
CVE-2020-1157
CVE-2020-1062
CVE-2020-1101
CVE-2020-1158
CVE-2020-1064
CVE-2020-1104
CVE-2020-1161
CVE-2020-1035
CVE-2020-1105
CVE-2020-1164
CVE-2020-1058
CVE-2020-1106
CVE-2020-1165
CVE-2020-0909
CVE-2020-1107
CVE-2020-1166
CVE-2020-1010
CVE-2020-1108
CVE-2020-1171
CVE-2020-1021
CVE-2020-1109
CVE-2020-1174
CVE-2020-1048
CVE-2020-1110
CVE-2020-1175
CVE-2020-1051
CVE-2020-1111
CVE-2020-1176
CVE-2020-1054
CVE-2020-1112
CVE-2020-1184
CVE-2020-1055
CVE-2020-1113
CVE-2020-1185
CVE-2020-1059
CVE-2020-1114
CVE-2020-1186
CVE-2020-1060
CVE-2020-1118
CVE-2020-1187
CVE-2020-1061
CVE-2020-1121
CVE-2020-1188
CVE-2020-1063
CVE-2020-1123
CVE-2020-1189
CVE-2020-1066
CVE-2020-1124
CVE-2020-1190
CVE-2020-1067
CVE-2020-1125
CVE-2020-1191
CVE-2020-1068
CVE-2020-1131
CVE-2020-1023
CVE-2020-1070
CVE-2020-1132
CVE-2020-1024
CVE-2020-1071
CVE-2020-1134
CVE-2020-1028
CVE-2020-1076
CVE-2020-1135
CVE-2020-1037
CVE-2020-1077
CVE-2020-1137
CVE-2020-1056
CVE-2020-1078
CVE-2020-1138
CVE-2020-1065
CVE-2020-1079
CVE-2020-1139
CVE-2020-1069
CVE-2020-1081
CVE-2020-1140
CVE-2020-1093
CVE-2020-1082
CVE-2020-1142
CVE-2020-1102
CVE-2020-1084
CVE-2020-1143
CVE-2020-1117
CVE-2020-1086
CVE-2020-1144
CVE-2020-1126
CVE-2020-1087
CVE-2020-1149
CVE-2020-1136
CVE-2020-1088
CVE-2020-1150
CVE-2020-1153
CVE-2020-1090
CVE-2020-1151
CVE-2020-1192
CVE-2020-1092
CVE-2020-1154
CVE-2020-1096
CVE-2020-1155
Impacto
Dependiendo de la vulnerabilidad informada por Microsoft se pueden provocar denegaciones de servicio, elevación de privilegios, acceso a información confidencial, ejecución de código remoto o spoofing. El detalle de cada una de las vulnerabilidades se podrá revisar en los enlaces.
Productos Afectados
- .NET Core 2.1
- .NET Core 3.1
- .NET Core 5.0
- 3D Viewer
- ASP.NET Core 3.1
- ChakraCore
- Internet Explorer 9, 11
- Microsoft .NET Framework
- 2.0 Service Pack 2
- 3.0 Service Pack 2
- 3.5
- 4.5
- 4.6
- 4.7
- 4.8
- Microsoft 365 Apps
- Enterprise for 32-bit Systems
- Enterprise for 64-bit Systems
- Microsoft Dynamics
- On Premise 8.2
- On Premise 9.0
- Microsoft Edge (EdgeHTML-based)
- Microsoft Excel
- 2010 Service Pack 2 (32-bit y 64-bit editions)
- 2013 RT Service Pack 1
- 2013 Service Pack 1 (32-bit y 64-bit editions)
- 2016 (32-bit y 64-bit editions)
- Microsoft Office
- 2016 for Mac
- 2019 (32-bit y 64-bit editions)
- 2019 for Mac
- Microsoft SharePoint
- Enterprise Server 2013 Service Pack 1
- Enterprise Server 2016
- Foundation 2010 Service Pack 2
- Foundation 2013 Service Pack 1
- Server 2010 Service Pack 2
- Server 2019
- Microsoft Visual Studio
- 2017 version 15.9 (includes 15.1 - 15.8)
- 2019 version 16.0
- 2019 version 16.4 (includes 16.0 - 16.3)
- 2019 version 16.5
- Office 365 ProPlus (32-bit y 64-bit editions)
- OpenSSL 1.1.1g
- Paint 3D
- Power BI Report Server
- Visual Studio Code
- Windows 10
- Version 1607, 1709, 1803, 1809, 1903, 1909, para 32 y 64 bit
- Windows 7
- 32-bit Systems Service Pack 1
- x64-based Systems Service Pack 1
- Windows 8.1
- 32-bit systems
- x64-based systems
- Windows RT 8.1
- Windows Server 2008
- 32-bit Systems Service Pack 2
- 32-bit Systems Service Pack 2 (Server Core installation)
- Itanium-Based Systems Service Pack 2
- x64-based Systems Service Pack 2
- x64-based Systems Service Pack 2 (Server Core installation)
- R2 for Itanium-Based Systems Service Pack 1
- R2 for x64-based Systems Service Pack 1
- R2 for x64-based Systems Service Pack 1 (Server Core installation)
- Windows Server 2012
- 2012
- Server Core installation
- R2 y R2 (Server Core installation)
- Windows Server 2016
- 2016
- Server Core installation
- Windows Server 2019
- 2019
- Server Core installation
- Windows Server
- version 1803 (Server Core Installation)
- version 1903 (Server Core installation)
- version 1909 (Server Core installation)
Mitigación
Aplicar las actualizaciones publicadas por el fabricante.
Enlace
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0901
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0963
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1072
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1075
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1103
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1116
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1141
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1145
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1173
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1179
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200004
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200007
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1062
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1064
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1035
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1058
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0909
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1010
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1021
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1048
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1051
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1054
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1055
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1059
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1060
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1061
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1063
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1066
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1067
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1068
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1070
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1071
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1076
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1077
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1078
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1079
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1081
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1082
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1084
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1086
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1087
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1088
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1090
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1092
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1096
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1099
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1100
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1101
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1104
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1105
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1106
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1107
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1108
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1109
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1110
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1111
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1112
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1113
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1114
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1118
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1121
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1123
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1124
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1125
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1131
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1132
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1134
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1135
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1137
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1138
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1139
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1140
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1142
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1143
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1144
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1149
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1150
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1151
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1154
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1155
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1156
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1157
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1158
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1161
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1164
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1165
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1166
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1171
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1174
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1175
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1176
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1184
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1185
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1186
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1187
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1188
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1189
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1190
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1191
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1023
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1024
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1028
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1037
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1056
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1065
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1069
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1093
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1102
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1117
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1126
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1136
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1153
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1192
Informe
El informe oficial publicado por el CSIRT del Gobierno de Chile está disponible en el siguiente enlace: 9VSA20-00212-01