9VSA20-00319-01 CSIRT comparte actualizaciones de Microsoft en su martes de parche
CSIRT comparte la información entregada por Microsoft en su reporte mensual de actualizaciones correspondiente a noviembre de 2020
Resumen
El Equipo de Respuesta ante Incidentes de Seguridad Informática, CSIRT, comparte la información entregada por Microsoft en su reporte mensual de actualizaciones correspondiente a noviembre de 2020, parchando 52 vulnerabilidades en sus softwares clasificando a 11 de ellas como críticas y 41 como importantes, además se informa de 62 vulnerabilidades adicionales al reporte mensual, 6 de ellas clasificadas como críticas, 54 como importantes y 2 como bajas.
Vulnerabilidades
Informadas en el reporte mensual correspondiente al mes de noviembre
CVE-2020-16970 CVE-2020-17000 CVE-2020-17069
CVE-2020-16979 CVE-2020-17004 CVE-2020-17071
CVE-2020-16981 CVE-2020-17013 CVE-2020-17078
CVE-2020-16982 CVE-2020-17017 CVE-2020-17079
CVE-2020-16983 CVE-2020-17019 CVE-2020-17081
CVE-2020-16984 CVE-2020-17020 CVE-2020-17082
CVE-2020-16985 CVE-2020-17029 CVE-2020-17086
CVE-2020-16986 CVE-2020-17030 CVE-2020-17101
CVE-2020-16987 CVE-2020-17036 CVE-2020-17102
CVE-2020-16988 CVE-2020-17045 CVE-2020-17105
CVE-2020-16989 CVE-2020-17049 CVE-2020-17106
CVE-2020-16990 CVE-2020-17056 CVE-2020-17107
CVE-2020-16991 CVE-2020-17062 CVE-2020-17108
CVE-2020-16992 CVE-2020-17063 CVE-2020-17109
CVE-2020-16993 CVE-2020-17064 CVE-2020-17110
CVE-2020-16994 CVE-2020-17065 CVE-2020-17113
CVE-2020-16997 CVE-2020-17066
CVE-2020-16999 CVE-2020-17067
Vulnerabilidades adicionales informadas
CVE-2020-17042 CVE-2020-17060 CVE-2020-17028
CVE-2020-17051 CVE-2020-17061 CVE-2020-17076
CVE-2020-17052 CVE-2020-17068 CVE-2020-17087
CVE-2020-17048 CVE-2020-17073 CVE-2020-17090
CVE-2020-17058 CVE-2020-17074 CVE-2020-17100
CVE-2020-17053 CVE-2020-17075 CVE-2020-17104
CVE-2020-17022 CVE-2020-17037 CVE-2020-17070
CVE-2020-17023 CVE-2020-17044 CVE-2020-17088
CVE-2020-17001 CVE-2020-17041 CVE-2020-17077
CVE-2020-17007 CVE-2020-1325 CVE-2020-17016
CVE-2020-17011 CVE-2020-1599 CVE-2020-17025
CVE-2020-17014 CVE-2020-16998 CVE-2020-17040
CVE-2020-17018 CVE-2020-17005 CVE-2020-17021
CVE-2020-17024 CVE-2020-17006 CVE-2020-17055
CVE-2020-17026 CVE-2020-17010 CVE-2020-17085
CVE-2020-17031 CVE-2020-17012 CVE-2020-17083
CVE-2020-17032 CVE-2020-17027 CVE-2020-17084
CVE-2020-17033 CVE-2020-17034 CVE-2020-17091
CVE-2020-17035 CVE-2020-17038 CVE-2020-17046
CVE-2020-17043 CVE-2020-17047 CVE-2020-17015
CVE-2020-17054 CVE-2020-17057
Impacto
Dependiendo de la vulnerabilidad informada por Microsoft se pueden provocar denegaciones de servicio, elevación de privilegios, acceso a información confidencial, ejecución de código remoto o spoofing. El detalle de cada una de ellas se podrá revisar en los enlaces.
Productos Afectados
- AV1 Video Extension
- Azure DevOps Server 2019 Update 1.1
- Azure Sphere
- ChakraCore
- HEIF Image Extension
- HEVC Video Extensions
- Internet Explorer 11
- Microsoft 365 Apps for Enterprise (para sistemas 32-bit y 64-bit)
- Microsoft Dynamics 365 (on-premises) versiones 8.2 y 9.0
- Microsoft Dynamics CRM 2015 (on-premises) version 7.0
- Microsoft Edge (EdgeHTML-based)
- Microsoft Excel
- 2010 Service Pack 2 (32-bit y 64-bit)
- 2013 RT Service Pack 1
- 2013 Service Pack 2 (32-bit y 64-bit)
- 2016 (32-bit y 64-bit)
- Microsoft Exchange Server
- 2013 Cumulative Update 23
- 2016 Cumulative Update 17
- 2016 Cumulative Update 18
- 2019 Cumulative Update 6
- 2019 Cumulative Update 7
- Microsoft Office
- 2010 Service Pack 2 (32-bit y 64-bit editions)
- 2013 RT Service Pack 1
- 2013 Service Pack 1 (32-bit y 64-bit editions)
- 2016 (32-bit y 64-bit editions)
- 2019 (32-bit y 64-bit editions)
- 2019 for Mac
- Online Server
- Web Apps 2013 Service Pack 1
- Microsoft SharePoint
- Enterprise Server 2013 Service Pack 1
- Enterprise Server 2016
- Foundation 2010 Service Pack 2
- Foundation 2013 Service Pack 1
- Server 2010 Service Pack 2
- Server 2019
- Microsoft Teams
- Microsoft Visual Studio
- 2017 version 15.9 (includes 15.0 - 15.8)
- 2019 version 16.0
- 2019 version 16.4 (includes 16.0 - 16.3)
- 2019 version 16.7 (includes 16.0 – 16.6)
- 2019 version 16.8
- Microsoft Word
- 2010 Service Pack 2 (32-bit y 64-bit editions)
- 2013 RT Service Pack 1
- 2013 Service Pack 1 (32-bit y 64-bit editions)
- 2016 (32-bit y 64-bit editions)
- Raw Image Extension
- Visual Studio Code
- WebP Image Extension
- Windows 10 (32-bit y 64-bit)
- Version 1607, 1709, 1803, 1809, 1903, 1909, 2004, 20H2, para 32 bit, 64 bit y ARM64-based
- Windows 7
- 32-bit Systems Service Pack 1
- x64-based Systems Service Pack 1
- Windows 8.1
- 32-bit systems
- x64-based systems
- Windows RT 8.1
- Windows Server 2008
- 32-bit Systems Service Pack 2
- 32-bit Systems Service Pack 2 (Server Core installation)
- x64-based Systems Service Pack 2
- x64-based Systems Service Pack 2 (Server Core installation)
- R2 for x64-based Systems Service Pack 1
- R2 for x64-based Systems Service Pack 1 (Server Core installation)
- Windows Server 2012
- 2012
- Server Core installation
- R2 y R2 (Server Core installation)
- Windows Server 2016
- 2016
- Server Core installation
- Windows Server 2019
- 2019
- Server Core installation
- Windows Server
- version 1903 (Server Core installation)
- version 1909 (Server Core installation)
- version 2004 (Server Core installation)
- version 20H2 (Server Core installation)
Mitigación
Aplicar las actualizaciones publicadas por el fabricante.
Enlace
https://msrc.microsoft.com/update-guide/releaseNote/2020-Nov
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-1325
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-1599
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-16970
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-16979
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-16981
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-16982
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-16983
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-16984
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-16985
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-16986
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-16987
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-16988
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-16989
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-16990
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-16991
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-16992
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-16993
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-16994
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-16997
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-16998
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-16999
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17000
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17001
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17004
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17005
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17006
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17007
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17010
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17011
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17012
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17013
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17014
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17015
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17016
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17017
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17018
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17019
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17020
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17021
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17022
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17023
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17024
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17025
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17026
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17027
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17028
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17029
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17030
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17031
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17032
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17033
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17034
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17035
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17036
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17037
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17038
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17040
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17041
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17042
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17043
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17044
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17045
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17046
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17047
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17048
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17049
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17051
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17052
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17053
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17054
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17055
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17056
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17057
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17058
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17060
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17061
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17062
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17063
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17064
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17065
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17066
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17067
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17068
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17069
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17070
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17071
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17073
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17074
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17075
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17076
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17077
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17078
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17079
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17081
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17082
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17083
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17084
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17085
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17086
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17087
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17088
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17090
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17091
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17100
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17101
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17102
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17104
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17105
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17106
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17107
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17108
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17109
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17110
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17113
Informe
El informe oficial publicado por el CSIRT del Gobierno de Chile está disponible en el siguiente enlace: 9VSA20-00319-01