9VSA20-00297-01 CSIRT comparte mitigaciones obtenidas de Microsoft

RESUMEN

El Equipo de Respuesta ante Incidentes de Seguridad Informática, CSIRT, comparte la información entregada por Microsoft en su reporte mensual de actualizaciones correspondiente a septiembre de 2020, parchando 34 vulnerabilidades en sus softwares clasificando a una de ellas como crítica y 33 como importantes, además se informa de 96 vulnerabilidades adicionales al reporte mensual, 23 de ellas clasificadas como críticas y 73 como importantes.

VULNERABILIDADES

Informadas en el reporte mensual correspondiente al mes de septiembre

CVE-2020-0664               CVE-2020-1097               CVE-2020-1592

CVE-2020-0856               CVE-2020-1119               CVE-2020-1594

CVE-2020-0875               CVE-2020-1193               CVE-2020-1596

CVE-2020-0914               CVE-2020-1210               CVE-2020-16851

CVE-2020-0921               CVE-2020-1218               CVE-2020-16852

CVE-2020-0928               CVE-2020-1224               CVE-2020-16853

CVE-2020-0941               CVE-2020-1250               CVE-2020-16854

CVE-2020-0989               CVE-2020-1256               CVE-2020-16855

CVE-2020-1031               CVE-2020-1332               CVE-2020-16879

CVE-2020-1033               CVE-2020-1335               CVE-2020-16884

CVE-2020-1083               CVE-2020-1338

CVE-2020-1091               CVE-2020-1589

Vulnerabilidades adicionales informadas

CVE-2020-0648               CVE-2020-1053               CVE-2020-1460

CVE-2020-0718               CVE-2020-1057               CVE-2020-1471

CVE-2020-0761               CVE-2020-1074               CVE-2020-1482

CVE-2020-0766               CVE-2020-1098               CVE-2020-1491

CVE-2020-0782               CVE-2020-1115               CVE-2020-1506

CVE-2020-0790               CVE-2020-1122               CVE-2020-1507

CVE-2020-0805               CVE-2020-1129               CVE-2020-1508

CVE-2020-0836               CVE-2020-1130               CVE-2020-1514

CVE-2020-0837               CVE-2020-1133               CVE-2020-1523

CVE-2020-0838               CVE-2020-1146               CVE-2020-1532

CVE-2020-0839               CVE-2020-1152               CVE-2020-1559

CVE-2020-0870               CVE-2020-1159               CVE-2020-1575

CVE-2020-0878               CVE-2020-1169               CVE-2020-1576

CVE-2020-0886               CVE-2020-1172               CVE-2020-1590

CVE-2020-0890               CVE-2020-1180               CVE-2020-1593

CVE-2020-0904               CVE-2020-1182               CVE-2020-1595

CVE-2020-0908               CVE-2020-1198               CVE-2020-1598

CVE-2020-0911               CVE-2020-1200               CVE-2020-16856

CVE-2020-0912               CVE-2020-1205               CVE-2020-16857

CVE-2020-0922               CVE-2020-1227               CVE-2020-16858

CVE-2020-0951               CVE-2020-1228               CVE-2020-16859

CVE-2020-0997               CVE-2020-1245               CVE-2020-16860

CVE-2020-0998               CVE-2020-1252               CVE-2020-16861

CVE-2020-1012               CVE-2020-1285               CVE-2020-16862

CVE-2020-1013               CVE-2020-1303               CVE-2020-16864

CVE-2020-1030               CVE-2020-1308               CVE-2020-16871

CVE-2020-1034               CVE-2020-1319               CVE-2020-16872

CVE-2020-1038               CVE-2020-1345               CVE-2020-16873

CVE-2020-1039               CVE-2020-1376               CVE-2020-16874

CVE-2020-1044               CVE-2020-1440               CVE-2020-16875

CVE-2020-1045               CVE-2020-1452               CVE-2020-16878

CVE-2020-1052               CVE-2020-1453               CVE-2020-16881

Impacto

Dependiendo de la vulnerabilidad informada por Microsoft se pueden provocar denegaciones de servicio, elevación de privilegios, acceso a información confidencial, ejecución de código remoto o spoofing. El detalle de cada una de las vulnerabilidades se podrá revisar en los enlaces.

Productos Afectados

  • ASP.NET Core 2.1
  • ASP.NET Core 3.1
  • ChakraCore
  • Internet Explorer 9, 11
  • Microsoft 365 Apps for Enterprise (32-bit y 64-bit)
  • Microsoft Business Productivity Servers 2010 Service Pack 2
  • Microsoft Dynamics 365 (on-premises) version 9.0
  • Microsoft Edge (Chromium-based y EdgeHTML-based)
  • Microsoft Excel2010 Service Pack 2 (32-bit y 64-bit)
    • 2013 RT Service Pack 1
    • 2013 Service Pack 2 (32-bit y 64-bit)
    • 2016 (32-bit y 64-bit)
  • Microsoft Exchange Server
    • 2016 Cumulative Update 16
    • 2016 Cumulative Update 17
    • 2019 Cumulative Update 5
    • 2019 Cumulative Update 6
  • Microsoft Office
    • 2010 Service Pack 2 (32-bit y 64-bit editions)
    • 2013 RT Service Pack 1
    • 2013 Service Pack 1 (32-bit y 64-bit editions)
    • 2016 (32-bit y 64-bit editions)
    • 2016 for Mac
    • 2019 (32-bit y 64-bit editions)
    • 2019 for Mac
    • Online Server
    • Web Apps 2013 Service Pack 1
    • Web Apps 2010 Service Pack 2
  • Microsoft SharePoint
    • Enterprise Server 2013 Service Pack 1
    • Enterprise Server 2016
    • Foundation 2010 Service Pack 2
    • Foundation 2013 Service Pack 1
    • Server 2010 Service Pack 2
    • Server 2019
  • Microsoft Visual Studio
    • 2012 Update 5
    • 2013 Update 5
    • 2015 Update 3
    • 2017 version 15.9 (incluidos 15.1 – 15.8)
    • 2019 version 16.0
    • 2019 version 16.4 (incluidos 16.0 – 16.3)
    • 2019 version 16.7 (incluidos 16.0 – 16.6)
  • Microsoft Word
    • 2010 Service Pack 2 (32-bit y 64-bit editions)
    • 2013 RT Service Pack 1
    • 2013 Service Pack 1 (32-bit y 64-bit editions)
    • 2016 (32-bit y 64-bit editions)
  • OneDrive for Windows
  • SQL Server
    • 2017 Reporting Services
    • 2019 Reporting Services
  • Visual Studio Code
  • Windows 10 (32-bit y 64-bit)
    • Version 1607, 1709, 1803, 1809, 1903, 1909, 2004, para 32 bit, 64 bit y ARM64-based
  • Windows 7
    • 32-bit Systems Service Pack 1
    • x64-based Systems Service Pack 1
  • Windows 8.1
    • 32-bit systems
    • x64-based systems
  • Windows RT 8.1
  • Windows Server 2008
    • 32-bit Systems Service Pack 2
    • 32-bit Systems Service Pack 2 (Server Core installation)
    • x64-based Systems Service Pack 2
    • x64-based Systems Service Pack 2 (Server Core installation)
    • R2 for x64-based Systems Service Pack 1
    • R2 for x64-based Systems Service Pack 1 (Server Core installation)
  • Windows Server 2012
    • 2012
    • Server Core installation
    • R2 y R2 (Server Core installation)
  • Windows Server 2016
    • 2016
    • Server Core installation
  • Windows Server 2019
    • 2019
    • Server Core installation
  • Windows Server
    • version 1903 (Server Core installation)
    • version 1909 (Server Core installation)
    • version 2004 (Server Core installation)
  • xamarin.forms

Mitigación

Aplicar las actualizaciones publicadas por el fabricante.

Enlaces

https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Sep

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0664

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0856

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0875

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0914

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0921

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0928

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0941

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0989

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1031

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1033

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1083

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1091

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1097

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1119

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1193

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1210

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1218

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1224

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1250

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1256

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1332

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1335

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1338

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1589

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1592

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1594

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1596

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16851

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16852

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16853

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16854

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16855

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16879

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16884

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0648

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0718

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0761

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0766

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0782

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0790

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0805

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0836

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0837

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0838

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0839

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0870

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0878

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0886

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0890

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0904

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0908

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0911

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0912

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0922

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0951

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0997

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0998

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1012

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1013

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1030

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1034

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1038

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1039

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1044

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1045

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1052

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1053

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1057

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1074

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1098

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1115

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1122

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1129

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1130

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1133

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1146

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1152

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1159

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1169

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1172

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1180

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1182

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1198

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1200

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1205

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1227

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1228

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1245

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1252

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1285

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1303

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1308

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1319

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1345

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1376

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1440

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1452

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1453

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1460

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1471

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1482

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1491

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1506

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1507

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1508

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1514

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1523

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1532

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1559

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1575

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1576

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1590

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1593

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1595

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1598

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16856

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16857

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16858

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16859

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16860

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16861

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16862

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16864

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16871

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16872

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16873

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16874

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16875

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16878

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16881

Informe

El informe oficial publicado por el CSIRT del Gobierno de Chile está disponible en el siguiente enlace: 9VSA20-00297-01

9VSA20-00297-01 CSIRT comparte mitigaciones obtenidas de Microsoft