9VSA20-00297-01 CSIRT comparte mitigaciones obtenidas de Microsoft
CSIRT comparte la información entregada por Microsoft en su reporte mensual de actualizaciones correspondiente a septiembre de 2020
RESUMEN
El Equipo de Respuesta ante Incidentes de Seguridad Informática, CSIRT, comparte la información entregada por Microsoft en su reporte mensual de actualizaciones correspondiente a septiembre de 2020, parchando 34 vulnerabilidades en sus softwares clasificando a una de ellas como crítica y 33 como importantes, además se informa de 96 vulnerabilidades adicionales al reporte mensual, 23 de ellas clasificadas como críticas y 73 como importantes.
VULNERABILIDADES
Informadas en el reporte mensual correspondiente al mes de septiembre
CVE-2020-0664 CVE-2020-1097 CVE-2020-1592
CVE-2020-0856 CVE-2020-1119 CVE-2020-1594
CVE-2020-0875 CVE-2020-1193 CVE-2020-1596
CVE-2020-0914 CVE-2020-1210 CVE-2020-16851
CVE-2020-0921 CVE-2020-1218 CVE-2020-16852
CVE-2020-0928 CVE-2020-1224 CVE-2020-16853
CVE-2020-0941 CVE-2020-1250 CVE-2020-16854
CVE-2020-0989 CVE-2020-1256 CVE-2020-16855
CVE-2020-1031 CVE-2020-1332 CVE-2020-16879
CVE-2020-1033 CVE-2020-1335 CVE-2020-16884
CVE-2020-1083 CVE-2020-1338
CVE-2020-1091 CVE-2020-1589
Vulnerabilidades adicionales informadas
CVE-2020-0648 CVE-2020-1053 CVE-2020-1460
CVE-2020-0718 CVE-2020-1057 CVE-2020-1471
CVE-2020-0761 CVE-2020-1074 CVE-2020-1482
CVE-2020-0766 CVE-2020-1098 CVE-2020-1491
CVE-2020-0782 CVE-2020-1115 CVE-2020-1506
CVE-2020-0790 CVE-2020-1122 CVE-2020-1507
CVE-2020-0805 CVE-2020-1129 CVE-2020-1508
CVE-2020-0836 CVE-2020-1130 CVE-2020-1514
CVE-2020-0837 CVE-2020-1133 CVE-2020-1523
CVE-2020-0838 CVE-2020-1146 CVE-2020-1532
CVE-2020-0839 CVE-2020-1152 CVE-2020-1559
CVE-2020-0870 CVE-2020-1159 CVE-2020-1575
CVE-2020-0878 CVE-2020-1169 CVE-2020-1576
CVE-2020-0886 CVE-2020-1172 CVE-2020-1590
CVE-2020-0890 CVE-2020-1180 CVE-2020-1593
CVE-2020-0904 CVE-2020-1182 CVE-2020-1595
CVE-2020-0908 CVE-2020-1198 CVE-2020-1598
CVE-2020-0911 CVE-2020-1200 CVE-2020-16856
CVE-2020-0912 CVE-2020-1205 CVE-2020-16857
CVE-2020-0922 CVE-2020-1227 CVE-2020-16858
CVE-2020-0951 CVE-2020-1228 CVE-2020-16859
CVE-2020-0997 CVE-2020-1245 CVE-2020-16860
CVE-2020-0998 CVE-2020-1252 CVE-2020-16861
CVE-2020-1012 CVE-2020-1285 CVE-2020-16862
CVE-2020-1013 CVE-2020-1303 CVE-2020-16864
CVE-2020-1030 CVE-2020-1308 CVE-2020-16871
CVE-2020-1034 CVE-2020-1319 CVE-2020-16872
CVE-2020-1038 CVE-2020-1345 CVE-2020-16873
CVE-2020-1039 CVE-2020-1376 CVE-2020-16874
CVE-2020-1044 CVE-2020-1440 CVE-2020-16875
CVE-2020-1045 CVE-2020-1452 CVE-2020-16878
CVE-2020-1052 CVE-2020-1453 CVE-2020-16881
Impacto
Dependiendo de la vulnerabilidad informada por Microsoft se pueden provocar denegaciones de servicio, elevación de privilegios, acceso a información confidencial, ejecución de código remoto o spoofing. El detalle de cada una de las vulnerabilidades se podrá revisar en los enlaces.
Productos Afectados
- ASP.NET Core 2.1
- ASP.NET Core 3.1
- ChakraCore
- Internet Explorer 9, 11
- Microsoft 365 Apps for Enterprise (32-bit y 64-bit)
- Microsoft Business Productivity Servers 2010 Service Pack 2
- Microsoft Dynamics 365 (on-premises) version 9.0
- Microsoft Edge (Chromium-based y EdgeHTML-based)
- Microsoft Excel2010 Service Pack 2 (32-bit y 64-bit)
- 2013 RT Service Pack 1
- 2013 Service Pack 2 (32-bit y 64-bit)
- 2016 (32-bit y 64-bit)
- Microsoft Exchange Server
- 2016 Cumulative Update 16
- 2016 Cumulative Update 17
- 2019 Cumulative Update 5
- 2019 Cumulative Update 6
- Microsoft Office
- 2010 Service Pack 2 (32-bit y 64-bit editions)
- 2013 RT Service Pack 1
- 2013 Service Pack 1 (32-bit y 64-bit editions)
- 2016 (32-bit y 64-bit editions)
- 2016 for Mac
- 2019 (32-bit y 64-bit editions)
- 2019 for Mac
- Online Server
- Web Apps 2013 Service Pack 1
- Web Apps 2010 Service Pack 2
- Microsoft SharePoint
- Enterprise Server 2013 Service Pack 1
- Enterprise Server 2016
- Foundation 2010 Service Pack 2
- Foundation 2013 Service Pack 1
- Server 2010 Service Pack 2
- Server 2019
- Microsoft Visual Studio
- 2012 Update 5
- 2013 Update 5
- 2015 Update 3
- 2017 version 15.9 (incluidos 15.1 - 15.8)
- 2019 version 16.0
- 2019 version 16.4 (incluidos 16.0 - 16.3)
- 2019 version 16.7 (incluidos 16.0 - 16.6)
- Microsoft Word
- 2010 Service Pack 2 (32-bit y 64-bit editions)
- 2013 RT Service Pack 1
- 2013 Service Pack 1 (32-bit y 64-bit editions)
- 2016 (32-bit y 64-bit editions)
- OneDrive for Windows
- SQL Server
- 2017 Reporting Services
- 2019 Reporting Services
- Visual Studio Code
- Windows 10 (32-bit y 64-bit)
- Version 1607, 1709, 1803, 1809, 1903, 1909, 2004, para 32 bit, 64 bit y ARM64-based
- Windows 7
- 32-bit Systems Service Pack 1
- x64-based Systems Service Pack 1
- Windows 8.1
- 32-bit systems
- x64-based systems
- Windows RT 8.1
- Windows Server 2008
- 32-bit Systems Service Pack 2
- 32-bit Systems Service Pack 2 (Server Core installation)
- x64-based Systems Service Pack 2
- x64-based Systems Service Pack 2 (Server Core installation)
- R2 for x64-based Systems Service Pack 1
- R2 for x64-based Systems Service Pack 1 (Server Core installation)
- Windows Server 2012
- 2012
- Server Core installation
- R2 y R2 (Server Core installation)
- Windows Server 2016
- 2016
- Server Core installation
- Windows Server 2019
- 2019
- Server Core installation
- Windows Server
- version 1903 (Server Core installation)
- version 1909 (Server Core installation)
- version 2004 (Server Core installation)
- xamarin.forms
Mitigación
Aplicar las actualizaciones publicadas por el fabricante.
Enlaces
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Sep
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0664
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0856
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0875
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0914
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0921
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0928
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0941
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0989
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1031
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1033
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1083
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1091
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1097
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1119
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1193
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1210
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1218
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1224
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1250
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1256
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1332
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1335
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1338
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1589
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1592
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1594
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1596
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16851
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16852
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16853
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16854
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16855
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16879
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16884
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0648
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0718
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0761
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0766
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0782
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0790
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0805
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0836
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0837
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0838
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0839
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0870
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0878
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0886
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0890
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0904
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0908
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0911
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0912
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0922
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0951
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0997
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0998
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1012
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1013
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1030
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1034
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1038
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1039
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1044
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1045
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1052
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1053
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1057
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1074
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1098
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1115
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1122
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1129
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1130
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1133
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1146
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1152
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1159
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1169
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1172
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1180
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1182
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1198
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1200
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1205
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1227
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1228
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1245
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1252
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1285
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1303
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1308
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1319
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1345
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1376
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1440
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1452
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1453
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1460
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1471
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1482
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1491
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1506
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1507
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1508
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1514
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1523
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1532
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1559
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1575
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1576
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1590
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1593
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1595
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1598
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16856
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16857
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16858
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16859
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16860
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16861
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16862
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16864
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16871
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16872
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16873
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16874
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16875
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16878
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16881
Informe
El informe oficial publicado por el CSIRT del Gobierno de Chile está disponible en el siguiente enlace: 9VSA20-00297-01