9VSA20-00319-01 CSIRT comparte actualizaciones de Microsoft en su martes de parche

Resumen

El Equipo de Respuesta ante Incidentes de Seguridad Informática, CSIRT, comparte la información entregada por Microsoft en su reporte mensual de actualizaciones correspondiente a noviembre de 2020, parchando 52 vulnerabilidades en sus softwares clasificando a 11 de ellas como críticas y 41 como importantes, además se informa de 62 vulnerabilidades adicionales al reporte mensual, 6 de ellas clasificadas como críticas, 54 como importantes y 2 como bajas.

Vulnerabilidades

Informadas en el reporte mensual correspondiente al mes de noviembre

CVE-2020-16970                           CVE-2020-17000                           CVE-2020-17069

CVE-2020-16979                           CVE-2020-17004                           CVE-2020-17071

CVE-2020-16981                           CVE-2020-17013                           CVE-2020-17078

CVE-2020-16982                           CVE-2020-17017                           CVE-2020-17079

CVE-2020-16983                           CVE-2020-17019                           CVE-2020-17081

CVE-2020-16984                           CVE-2020-17020                           CVE-2020-17082

CVE-2020-16985                           CVE-2020-17029                           CVE-2020-17086

CVE-2020-16986                           CVE-2020-17030                           CVE-2020-17101

CVE-2020-16987                           CVE-2020-17036                           CVE-2020-17102

CVE-2020-16988                           CVE-2020-17045                           CVE-2020-17105

CVE-2020-16989                           CVE-2020-17049                           CVE-2020-17106

CVE-2020-16990                           CVE-2020-17056                           CVE-2020-17107

CVE-2020-16991                           CVE-2020-17062                           CVE-2020-17108

CVE-2020-16992                           CVE-2020-17063                           CVE-2020-17109

CVE-2020-16993                           CVE-2020-17064                           CVE-2020-17110

CVE-2020-16994                           CVE-2020-17065                           CVE-2020-17113

CVE-2020-16997                           CVE-2020-17066

CVE-2020-16999                           CVE-2020-17067

Vulnerabilidades adicionales informadas

CVE-2020-17042                           CVE-2020-17060                           CVE-2020-17028

CVE-2020-17051                           CVE-2020-17061                           CVE-2020-17076

CVE-2020-17052                           CVE-2020-17068                           CVE-2020-17087

CVE-2020-17048                           CVE-2020-17073                           CVE-2020-17090

CVE-2020-17058                           CVE-2020-17074                           CVE-2020-17100

CVE-2020-17053                           CVE-2020-17075                           CVE-2020-17104

CVE-2020-17022                           CVE-2020-17037                           CVE-2020-17070

CVE-2020-17023                           CVE-2020-17044                           CVE-2020-17088

CVE-2020-17001                           CVE-2020-17041                           CVE-2020-17077

CVE-2020-17007                           CVE-2020-1325               CVE-2020-17016

CVE-2020-17011                           CVE-2020-1599               CVE-2020-17025

CVE-2020-17014                           CVE-2020-16998                           CVE-2020-17040

CVE-2020-17018                           CVE-2020-17005                           CVE-2020-17021

CVE-2020-17024                           CVE-2020-17006                           CVE-2020-17055

CVE-2020-17026                           CVE-2020-17010                           CVE-2020-17085

CVE-2020-17031                           CVE-2020-17012                           CVE-2020-17083

CVE-2020-17032                           CVE-2020-17027                           CVE-2020-17084

CVE-2020-17033                           CVE-2020-17034                           CVE-2020-17091

CVE-2020-17035                           CVE-2020-17038                           CVE-2020-17046

CVE-2020-17043                           CVE-2020-17047                           CVE-2020-17015

CVE-2020-17054                           CVE-2020-17057

Impacto

Dependiendo de la vulnerabilidad informada por Microsoft se pueden provocar denegaciones de servicio, elevación de privilegios, acceso a información confidencial, ejecución de código remoto o spoofing. El detalle de cada una de ellas se podrá revisar en los enlaces.

Productos Afectados

  • AV1 Video Extension
  • Azure DevOps Server 2019 Update 1.1
  • Azure Sphere
  • ChakraCore
  • HEIF Image Extension
  • HEVC Video Extensions
  • Internet Explorer 11
  • Microsoft 365 Apps for Enterprise (para sistemas 32-bit y 64-bit)
  • Microsoft Dynamics 365 (on-premises) versiones 8.2 y 9.0
  • Microsoft Dynamics CRM 2015 (on-premises) version 7.0
  • Microsoft Edge (EdgeHTML-based)
  • Microsoft Excel
    • 2010 Service Pack 2 (32-bit y 64-bit)
    • 2013 RT Service Pack 1
    • 2013 Service Pack 2 (32-bit y 64-bit)
    • 2016 (32-bit y 64-bit)
  • Microsoft Exchange Server
    • 2013 Cumulative Update 23
    • 2016 Cumulative Update 17
    • 2016 Cumulative Update 18
    • 2019 Cumulative Update 6
    • 2019 Cumulative Update 7
  • Microsoft Office
    • 2010 Service Pack 2 (32-bit y 64-bit editions)
    • 2013 RT Service Pack 1
    • 2013 Service Pack 1 (32-bit y 64-bit editions)
    • 2016 (32-bit y 64-bit editions)
    • 2019 (32-bit y 64-bit editions)
    • 2019 for Mac
    • Online Server
    • Web Apps 2013 Service Pack 1
  • Microsoft SharePoint
    • Enterprise Server 2013 Service Pack 1
    • Enterprise Server 2016
    • Foundation 2010 Service Pack 2
    • Foundation 2013 Service Pack 1
    • Server 2010 Service Pack 2
    • Server 2019
  • Microsoft Teams
  • Microsoft Visual Studio
    • 2017 version 15.9 (includes 15.0 – 15.8)
    • 2019 version 16.0
    • 2019 version 16.4 (includes 16.0 – 16.3)
    • 2019 version 16.7 (includes 16.0 – 16.6)
    • 2019 version 16.8
  • Microsoft Word
    • 2010 Service Pack 2 (32-bit y 64-bit editions)
    • 2013 RT Service Pack 1
    • 2013 Service Pack 1 (32-bit y 64-bit editions)
    • 2016 (32-bit y 64-bit editions)
  • Raw Image Extension
  • Visual Studio Code
  • WebP Image Extension
  • Windows 10 (32-bit y 64-bit)
    • Version 1607, 1709, 1803, 1809, 1903, 1909, 2004, 20H2, para 32 bit, 64 bit y ARM64-based
  • Windows 7
    • 32-bit Systems Service Pack 1
    • x64-based Systems Service Pack 1
  • Windows 8.1
    • 32-bit systems
    • x64-based systems
  • Windows RT 8.1
  • Windows Server 2008
    • 32-bit Systems Service Pack 2
    • 32-bit Systems Service Pack 2 (Server Core installation)
    • x64-based Systems Service Pack 2
    • x64-based Systems Service Pack 2 (Server Core installation)
    • R2 for x64-based Systems Service Pack 1
    • R2 for x64-based Systems Service Pack 1 (Server Core installation)
  • Windows Server 2012
    • 2012
    • Server Core installation
    • R2 y R2 (Server Core installation)
  • Windows Server 2016
    • 2016
    • Server Core installation
  • Windows Server 2019
    • 2019
    • Server Core installation
  • Windows Server
    • version 1903 (Server Core installation)
    • version 1909 (Server Core installation)
    • version 2004 (Server Core installation)
    • version 20H2 (Server Core installation)

Mitigación

Aplicar las actualizaciones publicadas por el fabricante.

Enlace

https://msrc.microsoft.com/update-guide/releaseNote/2020-Nov

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-1325

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-1599

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-16970

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-16979

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-16981

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-16982

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-16983

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-16984

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-16985

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-16986

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-16987

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-16988

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-16989

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-16990

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-16991

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-16992

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-16993

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-16994

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-16997

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-16998

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-16999

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17000

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17001

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17004

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17005

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17006

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17007

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17010

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17011

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17012

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17013

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17014

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17015

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17016

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17017

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17018

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17019

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17020

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17021

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17022

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17023

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17024

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17025

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17026

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17027

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17028

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17029

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17030

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17031

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17032

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17033

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17034

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17035

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17036

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17037

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17038

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17040

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17041

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17042

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17043

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17044

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17045

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17046

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17047

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17048

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17049

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17051

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17052

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17053

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17054

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17055

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17056

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17057

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17058

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17060

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17061

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17062

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17063

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17064

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17065

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17066

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17067

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17068

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17069

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17070

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17071

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17073

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17074

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17075

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17076

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17077

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17078

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17079

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17081

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17082

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17083

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17084

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17085

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17086

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17087

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17088

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17090

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17091

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17100

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17101

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17102

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17104

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17105

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17106

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17107

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17108

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17109

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17110

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17113

Informe

El informe oficial publicado por el CSIRT del Gobierno de Chile está disponible en el siguiente enlace: 9VSA20-00319-01

9VSA20-00319-01 CSIRT comparte actualizaciones de Microsoft en su martes de parche