9VSA23-00814-01 CSIRT comparte las vulnerabilidades parchadas por Microsoft en su Update Tuesday de Abril

CSIRT de Gobierno /
Alertas /
9VSA23-00814-01 CSIRT comparte las vulnerabilidades parchadas por Microsoft en su Update Tuesday de Abril

11 de abril de 2023 a las 21:26

El CSIRT de Gobierno comparte información de las vulnerabilidades parchadas por Microsoft en su Update Tuesday de abril 2023.

Resumen

El CSIRT de Gobierno comparte información de las vulnerabilidades parchadas por Microsoft en su Update Tuesday de abril 2023.

Vulnerabilidades

CVE-2023-21729

CVE-2023-28304

CVE-2023-23375

CVE-2023-28300

CVE-2023-28292

CVE-2023-28291

CVE-2023-28313

CVE-2023-28312

CVE-2023-28287

CVE-2023-24893

CVE-2023-28314

CVE-2023-28299

CVE-2023-28296

CVE-2023-28263

CVE-2023-28262

CVE-2023-28260

CVE-2023-28311

CVE-2023-28309

CVE-2023-28308

CVE-2023-28307

CVE-2023-28306

CVE-2023-28305

CVE-2023-28295

CVE-2023-28302

CVE-2023-28298

CVE-2023-28297

CVE-2023-28293

CVE-2023-28288

CVE-2023-28285

CVE-2023-28256

CVE-2023-28278

CVE-2023-28255

CVE-2023-28253

CVE-2023-28254

CVE-2023-28275

CVE-2023-28276

CVE-2023-28252

CVE-2023-28274

CVE-2023-28277

CVE-2023-28250

CVE-2023-28273

CVE-2023-28249

CVE-2023-28272

CVE-2023-28271

CVE-2023-28247

CVE-2023-28248

CVE-2023-28269

CVE-2023-28270

CVE-2023-28246

CVE-2023-28268

CVE-2023-28244

CVE-2023-28266

CVE-2023-28267

CVE-2023-28243

CVE-2023-28241

CVE-2023-28240

CVE-2023-28236

CVE-2023-28238

CVE-2023-28237

CVE-2023-28232

CVE-2023-28235

CVE-2023-28231

CVE-2023-28234

CVE-2023-28233

CVE-2023-28228

CVE-2023-28229

CVE-2023-28227

CVE-2023-28224

CVE-2023-28226

CVE-2023-28225

CVE-2023-28223

CVE-2023-28222

CVE-2023-28221

CVE-2023-28220

CVE-2023-28219

CVE-2023-28218

CVE-2023-28217

CVE-2023-28216

CVE-2023-24931

CVE-2023-24929

CVE-2023-24887

CVE-2023-24928

CVE-2023-24886

CVE-2023-24927

CVE-2023-24885

CVE-2023-24926

CVE-2023-24884

CVE-2023-24925

CVE-2023-24883

CVE-2023-24924

CVE-2023-24914

CVE-2023-24912

CVE-2023-24860

CVE-2023-23384

CVE-2023-21769

CVE-2023-21727

CVE-2023-21554

Impacto

Vulnerabilidades de riesgo crítico

CVE-2023-21554: Vulnerabilidad de ejecución remota de código en Microsoft Message Queuing.

CVE-2023-28219: Vulnerabilidad de ejecución remota de código en Layer 2 Tunneling Protocol.

CVE-2023-28220: Vulnerabilidad de ejecución remota de código en Layer 2 Tunneling Protocol.

CVE-2023-28231: Vulnerabilidad de ejecución remota de código en DHCP Server Service.

CVE-2023-28232: Vulnerabilidad de ejecución remota de código en Windows Point-to-Point Tunneling Protocol.

CVE-2023-28250: Vulnerabilidad de ejecución remota de código en Windows Pragmatic General Multicast (PGM).

CVE-2023-28291: Vulnerabilidad de ejecución remota de código en Raw Image Extension.

Productos afectados

.NET 6.0

.NET 7.0

Azure Machine Learning

Azure Service Connector

Microsoft 365 Apps for Enterprise for 32-bit Systems

Microsoft 365 Apps for Enterprise for 64-bit Systems

Microsoft Dynamics 365 (on-premises) version 9.0

Microsoft Dynamics 365 (on-premises) version 9.1

Microsoft Malware Protection Engine

Microsoft ODBC Driver 17 for SQL Server

Microsoft ODBC Driver 18 for SQL Server

Microsoft Office 2019 for 32-bit editions

Microsoft Office 2019 for 64-bit editions

Microsoft Office 2019 for Mac

Microsoft Office LTSC 2021 for 32-bit editions

Microsoft Office LTSC 2021 for 64-bit editions

Microsoft Office LTSC for Mac 2021

Microsoft OLE DB Driver 18 for SQL Server

Microsoft OLE DB Driver 19 for SQL Server

Microsoft Publisher 2013 Service Pack 1 (32-bit editions)

Microsoft Publisher 2013 Service Pack 1 (64-bit editions)

Microsoft Publisher 2013 Service Pack 1 RT

Microsoft Publisher 2016 (32-bit edition)

Microsoft Publisher 2016 (64-bit edition)

Microsoft SharePoint Enterprise Server 2013 Service Pack 1

Microsoft SharePoint Enterprise Server 2016

Microsoft SharePoint Foundation 2013 Service Pack 1

Microsoft SharePoint Server 2019

Microsoft SharePoint Server Subscription Edition

Microsoft SQL Server 2008 for 32-bit Systems Service Pack 4 (QFE)

Microsoft SQL Server 2008 for x64-Based Systems Service Pack 4 (QFE)

Microsoft SQL Server 2008 R2 for 32-Bit Systems Service Pack 3 (QFE)

Microsoft SQL Server 2008 R2 for x64-Based Systems Service Pack 3 (QFE)

Microsoft SQL Server 2012 for 32-bit Systems Service Pack 4 (QFE)

Microsoft SQL Server 2012 for x64-based Systems Service Pack 4 (QFE)

Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (CU 4)

Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (GDR)

Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (CU 4)

Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (GDR)

Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR)

Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connectivity Pack

Microsoft SQL Server 2017 for x64-based Systems (CU 31)

Microsoft SQL Server 2017 for x64-based Systems (GDR)

Microsoft SQL Server 2019 for x64-based Systems (CU 18)

Microsoft SQL Server 2019 for x64-based Systems (GDR)

Microsoft SQL Server 2022 for x64-based Systems (GDR)

Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)

Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)

Microsoft Visual Studio 2022 version 17.0

Microsoft Visual Studio 2022 version 17.2

Microsoft Visual Studio 2022 version 17.4

Microsoft Visual Studio 2022 version 17.5

Raw Image Extension

Remote Desktop client for Windows Desktop

Send Customer Voice survey from Dynamics 365

Visual Studio Code

Windows 10 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for x64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 22H2 for 32-bit Systems

Windows 10 Version 22H2 for ARM64-based Systems

Windows 10 Version 22H2 for x64-based Systems

Windows 11 version 21H2 for ARM64-based Systems

Windows 11 version 21H2 for x64-based Systems

Windows 11 Version 22H2 for ARM64-based Systems

Windows 11 Version 22H2 for x64-based Systems

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2012

Windows Server 2012 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 R2 (Server Core installation)

Windows Server 2016

Windows Server 2016 (Server Core installation)

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows Server 2022

Windows Server 2022 (Server Core installation)

Enlaces

https://msrc.microsoft.com/update-guide/releaseNote/2023-Apr

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21729

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28304

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23375

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28300

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28292

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28291

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28313

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28312

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28287

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24893

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28314

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28299

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28296

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28263

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28262

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28260

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28311

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28309

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28308

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28307

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28306

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28305

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28295

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28302

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28298

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28297

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28293

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28288

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28285

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28256

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28278

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28255

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28253

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28254

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28275

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28276

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28252

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28274

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28277

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28250

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28273

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28249

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28272

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28271

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28247

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28248

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28269

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28270

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28246

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28268

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28244

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28266

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28267

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28243

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28241

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28240

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28236

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28238

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28237

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28232

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28235

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28231

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28234

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28233

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28228

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28229

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28227

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28224

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28226

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28225

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28223

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28222

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28221

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28220

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28219

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28218

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28217

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28216

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24931

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24929

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24887

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24928

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24886

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24927

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24885

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24926

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24884

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24925

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24883

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24924

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24914

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24912

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24860

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23384

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21769

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21727

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21554

Informe

El informe oficial publicado por el CSIRT del Gobierno de Chile está disponible en el siguiente enlace: 9VSA23-00814-01.

El CSIRT de Gobierno comparte información de las vulnerabilidades parchadas por Microsoft en su Update Tuesday de abril 2023.

Documentos Relacionados