Compartir:

Facebook Twitter Mastodon Telegram Twitter WhatsApp

9VSA22-00702-01 CSIRT comparte vulnerabilidades del Update Tuesday Microsoft Septiembre 2022

El segundo martes de cada mes Microsoft comparte muchas vulnerabilidades.

9VSA22-00702-01.png

Resumen

El Equipo de Respuesta ante Incidentes de Seguridad Informática, CSIRT de Gobierno, comparte información sobre nuevas vulnerabilidades comunicadas por Microsoft en su Update Tuesday correspondiente a septiembre 2022.

Vulnerabilidades

CVE-2022-26929

CVE-2022-38013

CVE-2022-38009

CVE-2022-38008

CVE-2022-38007

CVE-2022-35803

CVE-2022-38011

CVE-2022-37959

CVE-2022-38006

CVE-2022-37958

CVE-2022-37964

CVE-2022-37963

CVE-2022-37962

CVE-2022-38010

CVE-2022-37961

CVE-2022-38005

CVE-2022-37957

CVE-2022-38004

CVE-2022-37956

CVE-2022-37955

CVE-2022-37954

CVE-2022-34734

CVE-2022-34733

CVE-2022-34732

CVE-2022-34731

CVE-2022-34730

CVE-2022-34729

CVE-2022-34728

CVE-2022-34727

CVE-2022-34726

CVE-2022-34725

CVE-2022-34724

CVE-2022-34723

CVE-2022-34722

CVE-2022-34721

CVE-2022-34720

CVE-2022-34718

CVE-2022-34719

CVE-2022-35841

CVE-2022-35840

CVE-2022-35838

CVE-2022-35837

CVE-2022-35836

CVE-2022-35835

CVE-2022-35834

CVE-2022-35833

CVE-2022-35832

CVE-2022-35831

CVE-2022-35830

CVE-2022-35828

CVE-2022-35823

CVE-2022-33679

CVE-2022-33647

CVE-2022-30200

CVE-2022-30196

CVE-2022-30170

CVE-2022-26928

CVE-2022-23960

CVE-2022-34700

CVE-2022-35805

CVE-2022-38020

CVE-2022-38019

CVE-2022-37969

Impacto

Vulnerabilidades de riesgo crítico

CVE-2022-34722: Ejecución remota de código en Windows Internet Key Exchange (IKE) Protocol Extensions

CVE-2022-34721: Ejecución remota de código en Windows Internet Key Exchange (IKE) Protocol Extensions.

CVE-2022-34718: Ejecución remota de código en Windows TCP/IP

CVE-2022-34700: Ejecución remota de código en Microsoft Dynamics CRM (on-premises).

CVE-2022-35805: Ejecución remota de código en Microsoft Dynamics CRM (on-premises).

Productos afectados

AV1 Video Extension

Azure ARC

Microsoft .NET Framework 3.5 AND 4.8

Microsoft Defender for Endpoint for Mac

Microsoft Dynamics CRM (on-premises) 9.1

Microsoft Office 2013 Service Pack 1 (64-bit editions)

Microsoft Office LTSC 2021 for 32-bit editions

Microsoft SharePoint Foundation 2013 Service Pack 1

Microsoft SharePoint Server Subscription Edition

Microsoft Visio 2016 (64-bit edition)

Microsoft Visual Studio 2022 version 17.2

Raw Image Extension

Visual Studio Code

Windows 10 Version 21H2 for x64-based Systems

Windows 11 for ARM64-based Systems

Windows RT 8.1

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2012 R2 (Server Core installation)

Windows Server 2016 (Server Core installation)

Mitigación

Instalar las respectivas actualizaciones entregadas por el proveedor.

Enlaces

https://msrc.microsoft.com/update-guide/releaseNote/2022-Sep

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26929

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38013

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38009

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38008

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38007

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35803

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38011

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37959

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38006

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37958

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37964

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37963

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37962

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38010

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37961

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38005

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37957

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38004

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37956

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37955

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37954

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34734

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34733

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34732

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34731

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34730

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34729

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34728

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34727

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34726

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34725

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34725

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34723

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34722

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34721

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34720

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34718

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34719

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35841

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35840

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35838

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35837

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35836

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35835

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35834

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35833

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35832

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35831

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35830

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35828

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35823

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33679

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33647

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30200

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30196

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30170

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26928

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23960

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34700

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35805

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38020

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38019

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37969

Informe

El informe oficial publicado por el CSIRT del Gobierno de Chile está disponible en el siguiente enlace: 9VSA22-00702-01.