9VSA22-00702-01 CSIRT comparte vulnerabilidades del Update Tuesday Microsoft Septiembre 2022

Resumen

El Equipo de Respuesta ante Incidentes de Seguridad Informática, CSIRT de Gobierno, comparte información sobre nuevas vulnerabilidades comunicadas por Microsoft en su Update Tuesday correspondiente a septiembre 2022.

Vulnerabilidades

CVE-2022-26929

CVE-2022-38013

CVE-2022-38009

CVE-2022-38008

CVE-2022-38007

CVE-2022-35803

CVE-2022-38011

CVE-2022-37959

CVE-2022-38006

CVE-2022-37958

CVE-2022-37964

CVE-2022-37963

CVE-2022-37962

CVE-2022-38010

CVE-2022-37961

CVE-2022-38005

CVE-2022-37957

CVE-2022-38004

CVE-2022-37956

CVE-2022-37955

CVE-2022-37954

CVE-2022-34734

CVE-2022-34733

CVE-2022-34732

CVE-2022-34731

CVE-2022-34730

CVE-2022-34729

CVE-2022-34728

CVE-2022-34727

CVE-2022-34726

CVE-2022-34725

CVE-2022-34724

CVE-2022-34723

CVE-2022-34722

CVE-2022-34721

CVE-2022-34720

CVE-2022-34718

CVE-2022-34719

CVE-2022-35841

CVE-2022-35840

CVE-2022-35838

CVE-2022-35837

CVE-2022-35836

CVE-2022-35835

CVE-2022-35834

CVE-2022-35833

CVE-2022-35832

CVE-2022-35831

CVE-2022-35830

CVE-2022-35828

CVE-2022-35823

CVE-2022-33679

CVE-2022-33647

CVE-2022-30200

CVE-2022-30196

CVE-2022-30170

CVE-2022-26928

CVE-2022-23960

CVE-2022-34700

CVE-2022-35805

CVE-2022-38020

CVE-2022-38019

CVE-2022-37969

Impacto

Vulnerabilidades de riesgo crítico

CVE-2022-34722: Ejecución remota de código en Windows Internet Key Exchange (IKE) Protocol Extensions

CVE-2022-34721: Ejecución remota de código en Windows Internet Key Exchange (IKE) Protocol Extensions.

CVE-2022-34718: Ejecución remota de código en Windows TCP/IP

CVE-2022-34700: Ejecución remota de código en Microsoft Dynamics CRM (on-premises).

CVE-2022-35805: Ejecución remota de código en Microsoft Dynamics CRM (on-premises).

 

Productos afectados

AV1 Video Extension

Azure ARC

Microsoft .NET Framework 3.5 AND 4.8

Microsoft Defender for Endpoint for Mac

Microsoft Dynamics CRM (on-premises) 9.1

Microsoft Office 2013 Service Pack 1 (64-bit editions)

Microsoft Office LTSC 2021 for 32-bit editions

Microsoft SharePoint Foundation 2013 Service Pack 1

Microsoft SharePoint Server Subscription Edition

Microsoft Visio 2016 (64-bit edition)

Microsoft Visual Studio 2022 version 17.2

Raw Image Extension

Visual Studio Code

Windows 10 Version 21H2 for x64-based Systems

Windows 11 for ARM64-based Systems

Windows RT 8.1

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2012 R2 (Server Core installation)

Windows Server 2016 (Server Core installation)

 

Mitigación

Instalar las respectivas actualizaciones entregadas por el proveedor.

 

Enlaces

https://msrc.microsoft.com/update-guide/releaseNote/2022-Sep

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26929

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38013

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38009

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38008

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38007

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35803

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38011

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37959

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38006

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37958

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37964

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37963

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37962

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38010

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37961

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38005

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37957

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38004

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37956

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37955

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37954

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34734

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34733

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34732

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34731

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34730

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34729

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34728

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34727

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34726

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34725

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34725

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34723

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34722

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34721

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34720

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34718

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34719

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35841

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35840

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35838

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35837

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35836

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35835

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35834

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35833

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35832

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35831

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35830

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35828

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35823

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33679

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33647

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30200

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30196

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30170

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26928

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23960

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34700

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35805

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38020

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38019

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37969

Informe

El informe oficial publicado por el CSIRT del Gobierno de Chile está disponible en el siguiente enlace: 9VSA22-00702-01.

9VSA22-00702-01 CSIRT comparte vulnerabilidades del Update Tuesday Microsoft Septiembre 2022