El CSIRT de Gobierno comparte información de las vulnerabilidades parchadas por Microsoft en su Update Tuesday de abril 2023.
Resumen
El CSIRT de Gobierno comparte información de las vulnerabilidades parchadas por Microsoft en su Update Tuesday de abril 2023.
Vulnerabilidades
CVE-2023-21729
CVE-2023-28304
CVE-2023-23375
CVE-2023-28300
CVE-2023-28292
CVE-2023-28291
CVE-2023-28313
CVE-2023-28312
CVE-2023-28287
CVE-2023-24893
CVE-2023-28314
CVE-2023-28299
CVE-2023-28296
CVE-2023-28263
CVE-2023-28262
CVE-2023-28260
CVE-2023-28311
CVE-2023-28309
CVE-2023-28308
CVE-2023-28307
CVE-2023-28306
CVE-2023-28305
CVE-2023-28295
CVE-2023-28302
CVE-2023-28298
CVE-2023-28297
CVE-2023-28293
CVE-2023-28288
CVE-2023-28285
CVE-2023-28256
CVE-2023-28278
CVE-2023-28255
CVE-2023-28253
CVE-2023-28254
CVE-2023-28275
CVE-2023-28276
CVE-2023-28252
CVE-2023-28274
CVE-2023-28277
CVE-2023-28250
CVE-2023-28273
CVE-2023-28249
CVE-2023-28272
CVE-2023-28271
CVE-2023-28247
CVE-2023-28248
CVE-2023-28269
CVE-2023-28270
CVE-2023-28246
CVE-2023-28268
CVE-2023-28244
CVE-2023-28266
CVE-2023-28267
CVE-2023-28243
CVE-2023-28241
CVE-2023-28240
CVE-2023-28236
CVE-2023-28238
CVE-2023-28237
CVE-2023-28232
CVE-2023-28235
CVE-2023-28231
CVE-2023-28234
CVE-2023-28233
CVE-2023-28228
CVE-2023-28229
CVE-2023-28227
CVE-2023-28224
CVE-2023-28226
CVE-2023-28225
CVE-2023-28223
CVE-2023-28222
CVE-2023-28221
CVE-2023-28220
CVE-2023-28219
CVE-2023-28218
CVE-2023-28217
CVE-2023-28216
CVE-2023-24931
CVE-2023-24929
CVE-2023-24887
CVE-2023-24928
CVE-2023-24886
CVE-2023-24927
CVE-2023-24885
CVE-2023-24926
CVE-2023-24884
CVE-2023-24925
CVE-2023-24883
CVE-2023-24924
CVE-2023-24914
CVE-2023-24912
CVE-2023-24860
CVE-2023-23384
CVE-2023-21769
CVE-2023-21727
CVE-2023-21554
Impacto
Vulnerabilidades de riesgo crítico
CVE-2023-21554: Vulnerabilidad de ejecución remota de código en Microsoft Message Queuing.
CVE-2023-28219: Vulnerabilidad de ejecución remota de código en Layer 2 Tunneling Protocol.
CVE-2023-28220: Vulnerabilidad de ejecución remota de código en Layer 2 Tunneling Protocol.
CVE-2023-28231: Vulnerabilidad de ejecución remota de código en DHCP Server Service.
CVE-2023-28232: Vulnerabilidad de ejecución remota de código en Windows Point-to-Point Tunneling Protocol.
CVE-2023-28250: Vulnerabilidad de ejecución remota de código en Windows Pragmatic General Multicast (PGM).
CVE-2023-28291: Vulnerabilidad de ejecución remota de código en Raw Image Extension.
Productos afectados
.NET 6.0
.NET 7.0
Azure Machine Learning
Azure Service Connector
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft 365 Apps for Enterprise for 64-bit Systems
Microsoft Dynamics 365 (on-premises) version 9.0
Microsoft Dynamics 365 (on-premises) version 9.1
Microsoft Malware Protection Engine
Microsoft ODBC Driver 17 for SQL Server
Microsoft ODBC Driver 18 for SQL Server
Microsoft Office 2019 for 32-bit editions
Microsoft Office 2019 for 64-bit editions
Microsoft Office 2019 for Mac
Microsoft Office LTSC 2021 for 32-bit editions
Microsoft Office LTSC 2021 for 64-bit editions
Microsoft Office LTSC for Mac 2021
Microsoft OLE DB Driver 18 for SQL Server
Microsoft OLE DB Driver 19 for SQL Server
Microsoft Publisher 2013 Service Pack 1 (32-bit editions)
Microsoft Publisher 2013 Service Pack 1 (64-bit editions)
Microsoft Publisher 2013 Service Pack 1 RT
Microsoft Publisher 2016 (32-bit edition)
Microsoft Publisher 2016 (64-bit edition)
Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Foundation 2013 Service Pack 1
Microsoft SharePoint Server 2019
Microsoft SharePoint Server Subscription Edition
Microsoft SQL Server 2008 for 32-bit Systems Service Pack 4 (QFE)
Microsoft SQL Server 2008 for x64-Based Systems Service Pack 4 (QFE)
Microsoft SQL Server 2008 R2 for 32-Bit Systems Service Pack 3 (QFE)
Microsoft SQL Server 2008 R2 for x64-Based Systems Service Pack 3 (QFE)
Microsoft SQL Server 2012 for 32-bit Systems Service Pack 4 (QFE)
Microsoft SQL Server 2012 for x64-based Systems Service Pack 4 (QFE)
Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (CU 4)
Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (GDR)
Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (CU 4)
Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (GDR)
Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR)
Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connectivity Pack
Microsoft SQL Server 2017 for x64-based Systems (CU 31)
Microsoft SQL Server 2017 for x64-based Systems (GDR)
Microsoft SQL Server 2019 for x64-based Systems (CU 18)
Microsoft SQL Server 2019 for x64-based Systems (GDR)
Microsoft SQL Server 2022 for x64-based Systems (GDR)
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
Microsoft Visual Studio 2022 version 17.0
Microsoft Visual Studio 2022 version 17.2
Microsoft Visual Studio 2022 version 17.4
Microsoft Visual Studio 2022 version 17.5
Raw Image Extension
Remote Desktop client for Windows Desktop
Send Customer Voice survey from Dynamics 365
Visual Studio Code
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installation)
Enlaces
https://msrc.microsoft.com/update-guide/releaseNote/2023-Apr
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21729
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28304
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23375
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28300
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28292
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28291
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28313
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28312
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28287
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24893
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28314
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28299
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28296
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28263
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28262
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28260
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28311
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28309
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28308
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28307
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28306
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28305
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28295
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28302
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28298
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28297
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28293
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28288
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28285
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28256
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28278
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28255
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28253
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28254
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28275
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28276
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28252
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28274
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28277
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28250
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28273
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28249
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28272
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28271
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28247
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28248
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28269
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28270
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28246
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28268
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28244
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28266
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28267
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28243
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28241
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28240
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28236
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28238
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28237
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28232
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28235
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28231
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28233
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28228
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28229
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28227
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28224
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28226
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28225
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28223
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28222
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28221
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28220
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28219
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28218
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28217
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28216
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24931
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24929
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24887
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24928
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24886
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24927
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24885
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24926
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24884
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24925
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24883
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24924
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24914
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24912
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24860
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23384
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21769
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21727
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21554
Informe
El informe oficial publicado por el CSIRT del Gobierno de Chile está disponible en el siguiente enlace: 9VSA23-00814-01.