14 julio, 2020

9VSA20-00270-01 CSIRT comparte actualizaciones de Microsoft de Martes de Parche

Resumen

El Equipo de Respuesta ante Incidentes de Seguridad Informática, CSIRT, comparte la información entregada por Microsoft en su reporte mensual de actualizaciones correspondiente a julio de 2020, parchando 38 vulnerabilidades en sus softwares clasificando a 10 de ellas como críticas y 28 como importantes, además se informa de 89 vulnerabilidades adicionales al reporte mensual, 9 de ellas clasificadas como críticas y 80 como importantes.

Vulnerabilidades

Informadas en el reporte mensual correspondiente al mes de julio

ADV200008             CVE-2020-1350       CVE-2020-1433

CVE-2020-1032       CVE-2020-1351       CVE-2020-1439

CVE-2020-1036       CVE-2020-1358       CVE-2020-1442

CVE-2020-1040       CVE-2020-1361       CVE-2020-1445

CVE-2020-1041       CVE-2020-1367       CVE-2020-1446

CVE-2020-1042       CVE-2020-1386       CVE-2020-1447

CVE-2020-1043       CVE-2020-1389       CVE-2020-1448

CVE-2020-1147       CVE-2020-1391       CVE-2020-1449

CVE-2020-1240       CVE-2020-1397       CVE-2020-1458

CVE-2020-1330       CVE-2020-1419       CVE-2020-1461

CVE-2020-1342       CVE-2020-1420       CVE-2020-1462

CVE-2020-1346       CVE-2020-1426

CVE-2020-1349       CVE-2020-1432

Vulnerabilidades adicionales informadas

CVE-2020-1025       CVE-2020-1381       CVE-2020-1416

CVE-2020-1085       CVE-2020-1382       CVE-2020-1418

CVE-2020-1249       CVE-2020-1384       CVE-2020-1421

CVE-2020-1267       CVE-2020-1385       CVE-2020-1422

CVE-2020-1326       CVE-2020-1387       CVE-2020-1423

CVE-2020-1333       CVE-2020-1388       CVE-2020-1424

CVE-2020-1336       CVE-2020-1390       CVE-2020-1425

CVE-2020-1344       CVE-2020-1392       CVE-2020-1427

CVE-2020-1347       CVE-2020-1393       CVE-2020-1428

CVE-2020-1352       CVE-2020-1394       CVE-2020-1429

CVE-2020-1353       CVE-2020-1395       CVE-2020-1430

CVE-2020-1354       CVE-2020-1396       CVE-2020-1431

CVE-2020-1355       CVE-2020-1398       CVE-2020-1434

CVE-2020-1356       CVE-2020-1399       CVE-2020-1435

CVE-2020-1357       CVE-2020-1400       CVE-2020-1436

CVE-2020-1359       CVE-2020-1401       CVE-2020-1437

CVE-2020-1360       CVE-2020-1402       CVE-2020-1438

CVE-2020-1362       CVE-2020-1403       CVE-2020-1441

CVE-2020-1363       CVE-2020-1404       CVE-2020-1443

CVE-2020-1364       CVE-2020-1405       CVE-2020-1444

CVE-2020-1365       CVE-2020-1406       CVE-2020-1450

CVE-2020-1366       CVE-2020-1407       CVE-2020-1451

CVE-2020-1368       CVE-2020-1408       CVE-2020-1454

CVE-2020-1369       CVE-2020-1409       CVE-2020-1456

CVE-2020-1370       CVE-2020-1410       CVE-2020-1457

CVE-2020-1371       CVE-2020-1411       CVE-2020-1463

CVE-2020-1372       CVE-2020-1412       CVE-2020-1465

CVE-2020-1373       CVE-2020-1413       CVE-2020-1469

CVE-2020-1374       CVE-2020-1414       CVE-2020-1481

CVE-2020-1375       CVE-2020-1415

Descripción

Impacto

Dependiendo de la vulnerabilidad informada por Microsoft se pueden provocar denegaciones de servicio, elevación de privilegios, acceso a información confidencial, ejecución de código remoto o spoofing. El detalle de cada una de las vulnerabilidades se podrá revisar en los enlaces.

Productos Afectados

  • .NET Core 2.1
  • .NET Core 3.1
  • Azure DevOps Server 2019
  • Azure Storage Explorer
  • Bond 9.0.1
  • Internet Explorer 9, 11
  • Microsoft .NET Framework
  • 0 Service Pack 2
  • 0 Service Pack 2
  • 5
  • 5 y 4.6.2/4.7/4.7.1/4.7.2
  • 5 y 4.6/4.6.1/4.6.2
  • 5 y 4.7.1/4.7.2
  • 5 y 4.7.2
  • 5 y 4.8
  • 5.1
  • 5.2
  • 6
  • 6/4.6.1/4.6.2/4.7/4.7.1/4.7.2
  • 8
  • Microsoft 365 Apps for Enterprise (32-bit y 64-bit)
  • Microsoft Bing Search for Android
  • Microsoft Edge (EdgeHTML-based)
  • Microsoft Forefront Endpoint Protection 2010
  • Microsoft Lync Server 2013
  • Microsoft Office
  • 2010 Service Pack 2 (32-bit y 64-bit editions)
  • 2013 RT Service Pack 1
  • 2013 Service Pack 1 (32-bit y 64-bit editions)
  • 2016 (32-bit y 64-bit editions)
  • 2016 for Mac
  • 2019 (32-bit y 64-bit editions)
  • 2019 for Mac
  • Online Server
  • Web Apps 2013 Service Pack 1
  • Web Apps 2010 Service Pack 2
  • Microsoft Outlook
  • 2010 Service Pack 2 (32-bit y 64-bit editions)
  • 2013 RT Service Pack 1
  • 2013 Service Pack 1 (32-bit y 64-bit editions)
  • 2016 (32-bit y 64-bit edition)
  • Microsoft Project
  • 2010 Service Pack 2 (32-bit y 64-bit editions)
  • 2013 Service Pack 1 (32-bit y 64-bit editions)
  • 2016 (32-bit y 64-bit editions)
  • Microsoft Security Essentials
  • Microsoft SharePoint
  • Enterprise Server 2013 Service Pack 1
  • Enterprise Server 2016
  • Foundation 2013 Service Pack 1
  • Server 2010 Service Pack 2
  • Server 2019
  • Microsoft System Center
  • 2012 Endpoint Protection
  • 2012 R2 Endpoint Protection
  • Endpoint Protection
  • Microsoft Visual Studio
  • 2015 Update 3
  • 2017 version 15.9 (incluidos 15.1 – 15.8)
  • 2019 version 16.0
  • 2019 version 16.4 (incluidos 16.0 – 16.3)
  • 2019 version 16.6 (incluidos 16.0 – 16.5)
  • Code ESLint extension
  • Microsoft Word
  • 2010 Service Pack 2 (32-bit y 64-bit editions)
  • 2013 RT Service Pack 1
  • 2013 Service Pack 1 (32-bit y 64-bit editions)
  • 2016 (32-bit y 64-bit editions)
  • OneDrive for Windows
  • Skype for Business Server
  • 2015 CU 8
  • 2019 CU2
  • TypeScript
  • Visual Studio Code
  • Windows 10
  • Version 1607, 1709, 1803, 1809, 1903, 1909, 2004, para 32 bit, 64 bit y ARM64-based
  • Windows 7
  • 32-bit Systems Service Pack 1
  • x64-based Systems Service Pack 1
  • Windows 8.1
  • 32-bit systems
  • x64-based systems
  • Windows Defender
  • Windows RT 8.1
  • Windows Server 2008
  • 32-bit Systems Service Pack 2
  • 32-bit Systems Service Pack 2 (Server Core installation)
  • Itanium-Based Systems Service Pack 2
  • x64-based Systems Service Pack 2
  • x64-based Systems Service Pack 2 (Server Core installation)
  • R2 for Itanium-Based Systems Service Pack 1
  • R2 for x64-based Systems Service Pack 1
  • R2 for x64-based Systems Service Pack 1 (Server Core installation)
  • Windows Server 2012
  • 2012
  • Server Core installation
  • R2 y R2 (Server Core installation)
  • Windows Server 2016
  • 2016
  • Server Core installation
  • Windows Server 2019
  • 2019
  • Server Core installation
  • Windows Server
  • version 1903 (Server Core installation)
  • version 1909 (Server Core installation)
  • version 2004 (Server Core installation)

Mitigación

Aplicar las actualizaciones publicadas por el fabricante.

Enlace

https://portal.msrc.microsoft.com/en-us/security-guidance

https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Jul

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200008

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1032

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1036

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1040

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1041

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1042

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1043

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1147

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1240

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1330

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1342

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1346

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1349

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1351

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1358

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1361

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1367

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1386

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1389

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1391

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1397

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1419

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1420

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1426

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1432

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1433

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1439

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1442

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1445

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1446

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1447

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1448

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1449

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1458

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1461

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1462

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1468

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1025

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1085

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1249

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1267

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1326

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1333

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1336

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1344

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1347

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1352

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1353

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1354

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1355

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1356

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1357

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1359

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1360

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1362

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1363

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1364

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1365

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1366

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1368

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1369

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1370

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1371

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1372

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1373

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1374

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1375

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1381

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1382

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1384

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1385

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1387

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1388

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1390

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1392

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1393

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1394

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1395

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1396

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1398

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1399

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1400

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1401

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1402

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1403

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1404

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1405

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1406

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1407

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1408

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1409

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1410

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1411

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1412

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1413

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1414

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1415

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1416

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1418

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1421

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1422

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1423

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1424

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1425

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1427

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1428

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1429

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1430

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1431

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1434

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1435

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1436

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1437

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1438

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1441

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1443

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1444

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1450

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1451

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1454

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1456

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1457

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1463

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1465

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1469

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1481

Informe

El informe oficial publicado por el CSIRT del Gobierno de Chile está disponible en el siguiente enlace: 9VSA20-00270-01

9VSA20-00270-01 CSIRT comparte actualizaciones de Microsoft de Martes de Parche