9VSA23-00765-01 CSIRT comparte vulnerabilidades del Update Tuesday Enero 2023 de Microsoft
Resumen
El CSIRT de Gobierno comparte la información entregada por Microsoft sobre nuevas vulnerabilidades que afectan a sus productos, parte de su actualización mensual Update Tuesday correspondiente a enero de 2023. Una de las vulnerabilidades de día cero anunciadas, CVE-2023-21674, ya se encuentra siendo explotada.
Vulnerabilidades
CVE-2023-21773
CVE-2023-21768
CVE-2023-21767
CVE-2023-21764
CVE-2023-21763
CVE-2023-21760
CVE-2023-21758
CVE-2023-21757
CVE-2023-21754
CVE-2023-21749
CVE-2023-21748
CVE-2023-21787
CVE-2023-21785
CVE-2023-21783
CVE-2023-21793
CVE-2023-21791
CVE-2023-21786
CVE-2023-21784
CVE-2023-21782
CVE-2023-21781
CVE-2023-21776
CVE-2023-21774
CVE-2023-21747
CVE-2023-21525
CVE-2023-21792
CVE-2023-21790
CVE-2023-21789
CVE-2023-21788
CVE-2023-21750
CVE-2023-21772
CVE-2023-21766
CVE-2023-21765
CVE-2023-21771
CVE-2023-21741
CVE-2023-21755
CVE-2023-21780
CVE-2023-21779
CVE-2023-21745
CVE-2023-21762
CVE-2023-21761
CVE-2023-21752
CVE-2023-21527
CVE-2023-21743
CVE-2023-21524
CVE-2023-21759
CVE-2023-21753
CVE-2023-21746
CVE-2023-21739
CVE-2023-21733
CVE-2023-21744
CVE-2023-21742
CVE-2023-21738
CVE-2023-21737
CVE-2023-21736
CVE-2023-21735
CVE-2023-21734
CVE-2023-21732
CVE-2023-21730
CVE-2023-21728
CVE-2023-21726
CVE-2023-21725
CVE-2023-21724
CVE-2023-21683
CVE-2023-21682
CVE-2023-21681
CVE-2023-21680
CVE-2023-21679
CVE-2023-21678
CVE-2023-21677
CVE-2023-21676
CVE-2023-21675
CVE-2023-21674
CVE-2023-21563
CVE-2023-21561
CVE-2023-21560
CVE-2023-21559
CVE-2023-21558
CVE-2023-21557
CVE-2023-21556
CVE-2023-21555
CVE-2023-21552
CVE-2023-21551
CVE-2023-21550
CVE-2023-21549
CVE-2023-21548
CVE-2023-21543
CVE-2023-21542
CVE-2023-21541
CVE-2023-21540
CVE-2023-21539
CVE-2023-21547
CVE-2023-21546
CVE-2023-21538
CVE-2023-21537
CVE-2023-21536
CVE-2023-21531
CVE-2023-21535
CVE-2023-21532
Impacto
Vulnerabilidades de riesgo crítico
CVE-2023-21743: Vulnerabilidad de evasión de controles de seguridad en Microsoft SharePoint Server.
CVE-2023-21730: Vulnerabilidad de elevación de privilegios en Microsoft Cryptographic Services.
CVE-2023-21679: Vulnerabilidad ejecución remota de código en Windows Layer 2 Tunneling Protocol (L2TP).
CVE-2023-21561: Vulnerabilidad de elevación de privilegios en Microsoft Cryptographic Services.
CVE-2023-21556: Vulnerabilidad ejecución remota de código en Windows Layer 2 Tunneling Protocol (L2TP).
CVE-2023-21555: Vulnerabilidad ejecución remota de código en Windows Layer 2 Tunneling Protocol (L2TP).
CVE-2023-21551: Vulnerabilidad de elevación de privilegios en Microsoft Cryptographic Services.
CVE-2023-21548: Vulnerabilidad de ejecución remota de código en Windows Secure Socket Tunneling Protocol (SSTP).
CVE-2023-21543: Vulnerabilidad ejecución remota de código en Windows Layer 2 Tunneling Protocol (L2TP).
CVE-2023-21546: Vulnerabilidad ejecución remota de código en Windows Layer 2 Tunneling Protocol (L2TP).
CVE-2023-21535: Vulnerabilidad de ejecución remota de código en Windows Secure Socket Tunneling Protocol (SSTP).
Productos afectados
Windows RT 8.1
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows 7 for x64-based Systems Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows Server 2012 R2 (Server Core installation)
Microsoft Exchange Server 2019 Cumulative Update 12
Microsoft Exchange Server 2019 Cumulative Update 11
Microsoft Exchange Server 2016 Cumulative Update 23
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows 10 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows 10 Version 20H2 for x64-based Systems
3D Builder
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Microsoft Visio 2016 (32-bit edition)
Microsoft Visio 2016 (64-bit edition)
Microsoft 365 Apps for Enterprise for 64-bit Systems
Microsoft Office 2019 for 32-bit editions
Microsoft Office 2019 for 64-bit editions
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft Visio 2013 Service Pack 1 (32-bit editions)
Visual Studio Code
Microsoft Exchange Server 2013 Cumulative Update 23
Microsoft Visio 2013 Service Pack 1 (64-bit editions)
Microsoft Office LTSC 2021 for 32-bit editions
Microsoft Office LTSC 2021 for 64-bit editions
Microsoft SharePoint Server Subscription Edition
Microsoft SharePoint Server 2019
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Foundation 2013 Service Pack 1
Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft Office LTSC for Mac 2021
Microsoft Office 2019 for Mac
Windows Malicious Software Removal Tool 32-bit
Windows Malicious Software Removal Tool 64-bit
.NET 6.0
Azure Service Fabric 9.1
Azure Service Fabric 9.0
Azure Service Fabric 8.2
Mitigación
Instalar las respectivas actualizaciones entregadas por el proveedor.
Enlaces
https://msrc.microsoft.com/update-guide/releaseNote/2023-Jan
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21773
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21768
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21767
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21764
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21763
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21760
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21758
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21757
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21754
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21749
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21748
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21787
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21785
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21783
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21793
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21791
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21786
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21784
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21782
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21781
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21776
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21774
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21747
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21525
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21792
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21790
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21789
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21788
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21750
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21772
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21766
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21766
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21771
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21741
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21755
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21780
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21779
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21745
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21762
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21761
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21752
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21527
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21743
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21524
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21759
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21753
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21746
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21739
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21733
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21744
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21742
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21738
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21737
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21736
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21735
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21734
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21732
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21730
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21728
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21726
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21725
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21724
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21683
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21682
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21681
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21680
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21679
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21678
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21677
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21676
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21675
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21674
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21563
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21561
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21560
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21559
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21558
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21557
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21556
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21555
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21552
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21551
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21550
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21549
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21548
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21543
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21542
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21541
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21540
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21539
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21547
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21546
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21538
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21537
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21536
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21531
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21535
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21532
Informe
El informe oficial publicado por el CSIRT del Gobierno de Chile está disponible en el siguiente enlace: 9VSA23-00765-01.