Compartir:

Facebook Twitter Mastodon Telegram Twitter WhatsApp

9VSA23-00831-01 CSIRT comparte vulnerabilidades parchadas por Microsoft en su Update Tuesday de mayo 2023

El CSIRT de Gobierno comparte información de vulnerabilidades parchadas por Microsoft para su Update Tuesday de mayo 2023.

9VSA23-00831-01.png

Resumen

El CSIRT de Gobierno comparte información de vulnerabilidades parchadas por Microsoft para su Update Tuesday de mayo 2023.

Vulnerabilidades

CVE-2023-24950

CVE-2023-24949

CVE-2023-24947

CVE-2023-24903

CVE-2023-29344

CVE-2023-29343

CVE-2023-29341

CVE-2023-29340

CVE-2023-29338

CVE-2023-29336

CVE-2023-29335

CVE-2023-29333

CVE-2023-29325

CVE-2023-29324

CVE-2023-24955

CVE-2023-24954

CVE-2023-24953

CVE-2023-24948

CVE-2023-24946

CVE-2023-24945

CVE-2023-24944

CVE-2023-24905

CVE-2023-24943

CVE-2023-24904

CVE-2023-24942

CVE-2023-24902

CVE-2023-24941

CVE-2023-24901

CVE-2023-24940

CVE-2023-24900

CVE-2023-24939

CVE-2023-24899

CVE-2023-24898

CVE-2023-28290

CVE-2023-28283

CVE-2023-28251

CVE-2023-24932

CVE-2023-24881

Impacto

Vulnerabilidades de riesgo crítico:

CVE-2023-24903: Vulnerabilidad de ejecución remota de código en Windows Secure Socket Tunneling Protocol (SSTP), presente en varias versiones de Windows.

CVE-2023-24941: Vulnerabilidad de ejecución remota de código en Windows Network File System, presente en varias versiones de Windows Server.

CVE-2023-24943: Vulnerabilidad de ejecución remota de código en Windows Pragmatic General Multicast (PGM), presente en varias versiones de Windows.

CVE-2023-24955: Vulnerabilidad de ejecución remota de código en Microsoft SharePoint Subscription Edition, SharePoint Server 2019 y SharePoint Enterprise Server 2016.

CVE-2023-28283: Vulnerabilidad de ejecución remota de código en Windows Lightweight Directory Access Protocol (LDAP), presente en varias versiones de Windows.

CVE-2023-29325: Vulnerabilidad de ejecución remota de código en Windows OLE, presente en varias versiones de Windows.

Productos afectados

AV1 Video Extension

Microsoft 365 Apps for Enterprise for 32-bit Systems

Microsoft 365 Apps for Enterprise for 64-bit Systems

Microsoft Excel 2013 RT Service Pack 1

Microsoft Excel 2013 Service Pack 1 (32-bit editions)

Microsoft Excel 2013 Service Pack 1 (64-bit editions)

Microsoft Excel 2016 (32-bit edition)

Microsoft Excel 2016 (64-bit edition)

Microsoft Office 2019 for 32-bit editions

Microsoft Office 2019 for 64-bit editions

Microsoft Office 2019 for Mac

Microsoft Office LTSC 2021 for 32-bit editions

Microsoft Office LTSC 2021 for 64-bit editions

Microsoft Office LTSC for Mac 2021

Microsoft Office Online Server

Microsoft Remote Desktop

Microsoft SharePoint Enterprise Server 2016

Microsoft SharePoint Server 2019

Microsoft SharePoint Server Subscription Edition

Microsoft Teams

Microsoft Word 2013 RT Service Pack 1

Microsoft Word 2013 Service Pack 1 (32-bit editions)

Microsoft Word 2013 Service Pack 1 (64-bit editions)

Microsoft Word 2016 (32-bit edition)

Microsoft Word 2016 (64-bit edition)

Visual Studio Code

Windows 10 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for x64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 22H2 for 32-bit Systems

Windows 10 Version 22H2 for ARM64-based Systems

Windows 10 Version 22H2 for x64-based Systems

Windows 11 version 21H2 for ARM64-based Systems

Windows 11 version 21H2 for x64-based Systems

Windows 11 Version 22H2 for ARM64-based Systems

Windows 11 Version 22H2 for x64-based Systems

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2012

Windows Server 2012 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 R2 (Server Core installation)

Windows Server 2016

Windows Server 2016 (Server Core installation)

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows Server 2022

Windows Server 2022 (Server Core installation)

Windows Sysmon

Enlaces

https://msrc.microsoft.com/update-guide/releaseNote/2023-May

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24950

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24949

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24947

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24903

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29344

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29343

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29341

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29340

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29338

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29336

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29335

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29333

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29325

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29324

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24955

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24954

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24953

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24948

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24946

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24945

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24944

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24905

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24943

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24904

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24942

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24902

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24941

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24901

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24940

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24900

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24939

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24899

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24898

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28290

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28283

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28251

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24932

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24881

Informe

El informe oficial publicado por el CSIRT del Gobierno de Chile está disponible en el siguiente enlace: 9VSA23-00831-01.