Contáctanos al
1510
Resumen
El Equipo de Respuesta ante Incidentes de Seguridad Informática, CSIRT de Gobierno, comparte información sobre nuevas vulnerabilidades que afectan a productos de Microsoft, según comunicado por la empresa como parte de su tradicional “Update Tuesday”, en este caso el correspondiente a junio de 2022.
Vulnerabilidades
CVE-2022-21123
CVE-2022-21125
CVE-2022-21127
CVE-2022-21166
CVE-2022-22018
CVE-2022-29111
CVE-2022-29119
CVE-2022-29143
CVE-2022-29149
CVE-2022-30131
CVE-2022-30132
CVE-2022-30135
CVE-2022-30136
CVE-2022-30137
CVE-2022-30139
CVE-2022-30140
CVE-2022-30141
CVE-2022-30142
CVE-2022-30143
CVE-2022-30145
CVE-2022-30146
CVE-2022-30147
CVE-2022-30148
CVE-2022-30149
CVE-2022-30150
CVE-2022-30151
CVE-2022-30152
CVE-2022-30153
CVE-2022-30154
CVE-2022-30155
CVE-2022-30157
CVE-2022-30158
CVE-2022-30159
CVE-2022-30160
CVE-2022-30161
CVE-2022-30162
CVE-2022-30163
CVE-2022-30164
CVE-2022-30165
CVE-2022-30166
CVE-2022-30167
CVE-2022-30168
CVE-2022-30171
CVE-2022-30172
CVE-2022-30173
CVE-2022-30174
CVE-2022-30177
CVE-2022-30178
CVE-2022-30179
CVE-2022-30180
CVE-2022-30184
CVE-2022-30188
CVE-2022-30189
CVE-2022-30193
CVE-2022-32230
Impacto
Vulnerabilidades de riesgo crítico:
CVE-2022-30163: Vulnerabilidad de ejecución remota de código en Windows Hyper-V (escape de huésped a host).
CVE-2022-30136: Vulnerabilidad de ejecución remota de código en Windows Network File System (NFS) que podría ser detonada a través de internet con una solicitud especialmente diseñada por un atacante no autenticado.
CVE-2022-30139: Vulnerabilidad de ejecución remota de código en Windows LDAP.
Productos afectados
.NET 6.0
.NET Core 3.1
AV1 Video Extension
Azure Automation State Configuration, DSC Extension
Azure Automation Update Management
Azure Diagnostics (LAD)
Azure Open Management Infrastructure
Azure Real Time Operating System
Azure Real Time Operating System GUIX
Azure Security Center
Azure Sentinel
Azure Service Fabric
Azure Stack Hub
Container Monitoring Solution
HEVC Video Extension
HEVC Video Extensions
Log Analytics Agent
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft 365 Apps for Enterprise for 64-bit Systems
Microsoft Excel 2013 RT Service Pack 1
Microsoft Excel 2013 Service Pack 1 (32-bit editions)
Microsoft Excel 2013 Service Pack 1 (64-bit editions)
Microsoft Excel 2016 (32-bit edition)
Microsoft Excel 2016 (64-bit edition)
Microsoft Office LTSC 2021 for 32-bit editions
Microsoft Office LTSC 2021 for 64-bit editions
Microsoft Office Online Server
Microsoft Office Web Apps Server 2013 Service Pack 1
Microsoft Photos
Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Foundation 2013 Service Pack 1
Microsoft SharePoint Server 2013 Service Pack 1
Microsoft SharePoint Server 2019
Microsoft SharePoint Server Subscription Edition
Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (CU 4)
Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (GDR)
Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (CU 4)
Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (GDR)
Microsoft SQL Server 2016 for x64-based Systems Service Pack 2 (CU 17)
Microsoft SQL Server 2016 for x64-based Systems Service Pack 2 (GDR)
Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR)
Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connectivity Pack
Microsoft SQL Server 2017 for x64-based Systems (CU 29)
Microsoft SQL Server 2017 for x64-based Systems (GDR)
Microsoft SQL Server 2019 for x64-based Systems (CU 16)
Microsoft SQL Server 2019 for x64-based Systems (GDR)
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 – 16.10)
Microsoft Visual Studio 2019 version 16.9 (includes 16.0 – 16.8)
Microsoft Visual Studio 2022 version 17.0
Microsoft Visual Studio 2022 version 17.2
NuGet.exe
System Center Operations Manager (SCOM) 2016
System Center Operations Manager (SCOM) 2019
System Center Operations Manager (SCOM) 2022
Visual Studio 2019 for Mac version 8.10
Visual Studio 2022 for Mac version 17.0
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 11 for ARM64-based Systems
Windows 11 for x64-based Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installation)
Windows Server 2022 Azure Edition Core Hotpatch
Windows Server, version 20H2 (Server Core Installation)
Mitigación
Instalar las respectivas actualizaciones entregadas por el proveedor.
Enlaces
https://msrc.microsoft.com/update-guide/releaseNote/2022-Jun
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21123
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21125
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21127
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21166
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22018
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29111
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29119
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29143
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29149
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30131
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30132
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30135
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30136
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30137
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30139
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30140
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30141
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30142
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30143
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30145
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30146
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30147
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30148
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30149
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30150
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30151
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30152
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30153
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30154
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30155
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30155
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30158
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30159
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30160
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30161
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30162
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30163
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30164
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30165
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30166
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30167
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30168
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30171
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30172
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30173
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30174
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30177
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30178
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30179
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30180
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30184
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30188
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30189
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30193
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32230
Informe
El informe oficial publicado por el CSIRT del Gobierno de Chile está disponible en el siguiente enlace: 9VSA22-00656-01.