9VSA20-00212-01 CSIRT comparte información liberada por Microsoft para sus productos

Resumen

El Equipo de Respuesta ante Incidentes de Seguridad Informática, CSIRT, comparte la información entregada por Microsoft en su reporte mensual de actualizaciones correspondiente a mayo de 2020, parchando 10 vulnerabilidades clasificadas como importantes para sus softwares. Además se informa de 103 vulnerabilidades adicionales al reporte mensual, 2 de ellas clasificadas como bajas, 2 como moderadas, 85 como importantes y 14 como muy importantes. El informe es acompañado con las respectivas medidas de mitigación.

Vulnerabilidades

Informadas en el reporte mensual correspondiente al mes de mayo

CVE-2020-0901

CVE-2020-1116

CVE-2020-0963

CVE-2020-1141

CVE-2020-1072

CVE-2020-1145

CVE-2020-1075

CVE-2020-1173

CVE-2020-1103

CVE-2020-1179

Vulnerabilidades adicionales informadas

ADV200004

CVE-2020-1099

CVE-2020-1156

ADV200007

CVE-2020-1100

CVE-2020-1157

CVE-2020-1062

CVE-2020-1101

CVE-2020-1158

CVE-2020-1064

CVE-2020-1104

CVE-2020-1161

CVE-2020-1035

CVE-2020-1105

CVE-2020-1164

CVE-2020-1058

CVE-2020-1106

CVE-2020-1165

CVE-2020-0909

CVE-2020-1107

CVE-2020-1166

CVE-2020-1010

CVE-2020-1108

CVE-2020-1171

CVE-2020-1021

CVE-2020-1109

CVE-2020-1174

CVE-2020-1048

CVE-2020-1110

CVE-2020-1175

CVE-2020-1051

CVE-2020-1111

CVE-2020-1176

CVE-2020-1054

CVE-2020-1112

CVE-2020-1184

CVE-2020-1055

CVE-2020-1113

CVE-2020-1185

CVE-2020-1059

CVE-2020-1114

CVE-2020-1186

CVE-2020-1060

CVE-2020-1118

CVE-2020-1187

CVE-2020-1061

CVE-2020-1121

CVE-2020-1188

CVE-2020-1063

CVE-2020-1123

CVE-2020-1189

CVE-2020-1066

CVE-2020-1124

CVE-2020-1190

CVE-2020-1067

CVE-2020-1125

CVE-2020-1191

CVE-2020-1068

CVE-2020-1131

CVE-2020-1023

CVE-2020-1070

CVE-2020-1132

CVE-2020-1024

CVE-2020-1071

CVE-2020-1134

CVE-2020-1028

CVE-2020-1076

CVE-2020-1135

CVE-2020-1037

CVE-2020-1077

CVE-2020-1137

CVE-2020-1056

CVE-2020-1078

CVE-2020-1138

CVE-2020-1065

CVE-2020-1079

CVE-2020-1139

CVE-2020-1069

CVE-2020-1081

CVE-2020-1140

CVE-2020-1093

CVE-2020-1082

CVE-2020-1142

CVE-2020-1102

CVE-2020-1084

CVE-2020-1143

CVE-2020-1117

CVE-2020-1086

CVE-2020-1144

CVE-2020-1126

CVE-2020-1087

CVE-2020-1149

CVE-2020-1136

CVE-2020-1088

CVE-2020-1150

CVE-2020-1153

CVE-2020-1090

CVE-2020-1151

CVE-2020-1192

CVE-2020-1092

CVE-2020-1154

CVE-2020-1096

CVE-2020-1155

Impacto

Dependiendo de la vulnerabilidad informada por Microsoft se pueden provocar denegaciones de servicio, elevación de privilegios, acceso a información confidencial, ejecución de código remoto o spoofing. El detalle de cada una de las vulnerabilidades se podrá revisar en los enlaces.

Productos Afectados

  • .NET Core 2.1
  • .NET Core 3.1
  • .NET Core 5.0
  • 3D Viewer
  • ASP.NET Core 3.1
  • ChakraCore
  • Internet Explorer 9, 11
  • Microsoft .NET Framework
    • 2.0 Service Pack 2
    • 3.0 Service Pack 2
    • 3.5
    • 4.5
    • 4.6
    • 4.7
    • 4.8
  • Microsoft 365 Apps
    • Enterprise for 32-bit Systems
    • Enterprise for 64-bit Systems
  • Microsoft Dynamics
    • On Premise 8.2
    • On Premise 9.0
  • Microsoft Edge (EdgeHTML-based)
  • Microsoft Excel
    • 2010 Service Pack 2 (32-bit y 64-bit editions)
    • 2013 RT Service Pack 1
    • 2013 Service Pack 1 (32-bit y 64-bit editions)
    • 2016 (32-bit y 64-bit editions)
  • Microsoft Office
    • 2016 for Mac
    • 2019 (32-bit y 64-bit editions)
    • 2019 for Mac
  • Microsoft SharePoint
    • Enterprise Server 2013 Service Pack 1
    • Enterprise Server 2016
    • Foundation 2010 Service Pack 2
    • Foundation 2013 Service Pack 1
    • Server 2010 Service Pack 2
    • Server 2019
  • Microsoft Visual Studio
    • 2017 version 15.9 (includes 15.1 – 15.8)
    • 2019 version 16.0
    • 2019 version 16.4 (includes 16.0 – 16.3)
    • 2019 version 16.5
  • Office 365 ProPlus (32-bit y 64-bit editions)
  • OpenSSL 1.1.1g
  • Paint 3D
  • Power BI Report Server
  • Visual Studio Code
  • Windows 10
    • Version 1607, 1709, 1803, 1809, 1903, 1909, para 32 y 64 bit
  • Windows 7
    • 32-bit Systems Service Pack 1
    • x64-based Systems Service Pack 1
  • Windows 8.1
    • 32-bit systems
    • x64-based systems
  • Windows RT 8.1
  • Windows Server 2008
    • 32-bit Systems Service Pack 2
    • 32-bit Systems Service Pack 2 (Server Core installation)
    • Itanium-Based Systems Service Pack 2
    • x64-based Systems Service Pack 2
    • x64-based Systems Service Pack 2 (Server Core installation)
    • R2 for Itanium-Based Systems Service Pack 1
    • R2 for x64-based Systems Service Pack 1
    • R2 for x64-based Systems Service Pack 1 (Server Core installation)
  • Windows Server 2012
    • 2012
    • Server Core installation
    • R2 y R2 (Server Core installation)
  • Windows Server 2016
    • 2016
    • Server Core installation
  • Windows Server 2019
    • 2019
    • Server Core installation
  • Windows Server
    • version 1803 (Server Core Installation)
    • version 1903 (Server Core installation)
    • version 1909 (Server Core installation)

Mitigación

Aplicar las actualizaciones publicadas por el fabricante.

Enlace

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0901

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0963

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1072

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1075

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1103

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1116

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1141

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1145

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1173

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1179

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200004

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200007

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1062

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1064

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1035

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1058

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0909

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1010

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1021

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1048

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1051

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1054

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1055

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1059

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1060

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1061

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1063

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1066

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1067

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1068

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1070

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1071

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1076

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1077

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1078

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1079

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1081

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1082

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1084

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1086

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1087

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1088

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1090

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1092

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1096

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1099

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1100

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1101

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1104

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1105

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1106

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1107

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1108

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1109

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1110

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1111

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1112

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1113

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1114

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1118

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1121

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1123

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1124

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1125

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1131

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1132

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1134

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1135

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1137

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1138

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1139

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1140

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1142

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1143

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1144

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1149

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1150

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1151

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1154

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1155

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1156

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1157

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1158

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1161

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1164

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1165

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1166

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1171

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1174

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1175

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1176

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1184

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1185

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1186

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1187

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1188

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1189

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1190

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1191

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1023

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1024

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1028

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1037

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1056

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1065

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1069

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1093

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1102

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1117

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1126

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1136

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1153

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1192

Informe

El informe oficial publicado por el CSIRT del Gobierno de Chile está disponible en el siguiente enlace: 9VSA20-00212-01

9VSA20-00212-01 CSIRT comparte información liberada por Microsoft para sus productos