9VSA23-00848-01 CSIRT comparte vulnerabilidades parchadas en el Update Tuesday de Microsoft para junio 2023
El CSIRT de Gobierno comparte información de las vulnerabilidades parchadas por Microsoft como parte de su tradicional Update Tuesday, en este caso correspondiente a junio de 2023.
![9VSA23-00848-01-1.png](https://media.ciberseguridad.gob.cl/images/9VSA23-00848-01-1.2e16d0ba.format-jpeg.fill-1200x600.jpg)
Resumen
El CSIRT de Gobierno comparte información de las vulnerabilidades parchadas por Microsoft como parte de su tradicional Update Tuesday, en este caso correspondiente a junio de 2023.
Vulnerabilidades
CVE-2023-32030
CVE-2023-29326
CVE-2023-24895
CVE-2023-24936
CVE-2023-29331
CVE-2023-24897
CVE-2023-29337
CVE-2023-33140
CVE-2023-29357
CVE-2023-33142
CVE-2023-29353
CVE-2023-32031
CVE-2023-28310
CVE-2023-33146
CVE-2023-33145
CVE-2023-33144
CVE-2023-21569
CVE-2023-21565
CVE-2023-33141
CVE-2023-27911
CVE-2023-33128
CVE-2023-32032
CVE-2023-33126
CVE-2023-33135
CVE-2023-29007
CVE-2023-25652
CVE-2023-33139
CVE-2023-27910
CVE-2023-27909
CVE-2023-29012
CVE-2023-29011
CVE-2023-25815
CVE-2023-32024
CVE-2023-33137
CVE-2023-33133
CVE-2023-33132
CVE-2023-33131
CVE-2023-33130
CVE-2023-33129
CVE-2023-32029
CVE-2023-32022
CVE-2023-32021
CVE-2023-32020
CVE-2023-32019
CVE-2023-32018
CVE-2023-32017
CVE-2023-32016
CVE-2023-32015
CVE-2023-32014
CVE-2023-32013
CVE-2023-32012
CVE-2023-32011
CVE-2023-32010
CVE-2023-32009
CVE-2023-32008
CVE-2023-29373
CVE-2023-29372
CVE-2023-29371
CVE-2023-29370
CVE-2023-29369
CVE-2023-29368
CVE-2023-29367
CVE-2023-29366
CVE-2023-29365
CVE-2023-29364
CVE-2023-29363
CVE-2023-29362
CVE-2023-29361
CVE-2023-29360
CVE-2023-29359
CVE-2023-29358
CVE-2023-29355
CVE-2023-29352
CVE-2023-29351
CVE-2023-29346
CVE-2023-24896
CVE-2023-24937
CVE-2023-24938
Impacto
Vulnerabilidades de riesgo crítico
CVE-2023-24897: Vulnerabilidad de ejecución remota de código en .NET, .NET Framework y Visual Studio Remote.
CVE-2023-29357: Vulnerabilidad de elevación de privilegios en Microsoft SharePoint Server.
CVE-2023-32015: Vulnerabilidad de ejecución remota de código en Windows Pragmatic General Multicast (PGM).
CVE-2023-32014: Vulnerabilidad de ejecución remota de código en Windows Pragmatic General Multicast (PGM).
CVE-2023-32013: Vulnerabilidad de denegación de servicio en Windows Hyper-V.
CVE-2023-29363: Vulnerabilidad de ejecución remota de código en Windows Pragmatic General Multicast (PGM).
Mitigación
Instalar las respectivas actualizaciones entregadas por el proveedor.
Productos afectados
.NET 6.0
.NET 7.0
Azure DevOps Server 2020.1.2
Azure DevOps Server 2022
Azure DevOps Server 2022.0.1
Dynamics 365 for Finance and Operations
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5 and 4.6.2
Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2
Microsoft .NET Framework 3.5 AND 4.7.2
Microsoft .NET Framework 3.5 AND 4.8
Microsoft .NET Framework 3.5 AND 4.8.1
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4.6.2
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
Microsoft .NET Framework 4.8
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft 365 Apps for Enterprise for 64-bit Systems
Microsoft Edge (Chromium-based)
Microsoft Excel 2013 RT Service Pack 1
Microsoft Excel 2013 Service Pack 1 (32-bit editions)
Microsoft Excel 2013 Service Pack 1 (64-bit editions)
Microsoft Excel 2016 (32-bit edition)
Microsoft Excel 2016 (64-bit edition)
Microsoft Exchange Server 2016 Cumulative Update 23
Microsoft Exchange Server 2019 Cumulative Update 12
Microsoft Exchange Server 2019 Cumulative Update 13
Microsoft Office 2019 for 32-bit editions
Microsoft Office 2019 for 64-bit editions
Microsoft Office 2019 for Mac
Microsoft Office LTSC 2021 for 32-bit editions
Microsoft Office LTSC 2021 for 64-bit editions
Microsoft Office LTSC for Mac 2021
Microsoft Office Online Server
Microsoft OneNote for Universal
Microsoft Outlook 2013 (32-bit editions)
Microsoft Outlook 2013 (64-bit editions)
Microsoft Outlook 2013 RT Service Pack 1
Microsoft Outlook 2016 (32-bit edition)
Microsoft Outlook 2016 (64-bit edition)
Microsoft Power Apps
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Server 2019
Microsoft SharePoint Server Subscription Edition
Microsoft Visual Studio 2013 Update 5
Microsoft Visual Studio 2015 Update 3
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
Microsoft Visual Studio 2022 version 17.0
Microsoft Visual Studio 2022 version 17.2
Microsoft Visual Studio 2022 version 17.4
Microsoft Visual Studio 2022 version 17.5
Microsoft Visual Studio 2022 version 17.6
NuGet 6.0.4
NuGet 6.2.3
NuGet 6.3.2
NuGet 6.4.1
NuGet 6.5.0
NuGet 6.6.0
Remote Desktop client for Windows Desktop
Sysinternals Suite
Visual Studio Code
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installation)
Windows Sysinternals Process Monitor
YARP 2.0
Enlaces
https://msrc.microsoft.com/update-guide/releaseNote/2023-Jun
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32030
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29326
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24895
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24936
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29331
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24897
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29337
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33140
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29357
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33142
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29353
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32031
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28310
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33146
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33145
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33144
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21569
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21565
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33141
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27911
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33128
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32032
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33126
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33135
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29007
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25652
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33139
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27910
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27909
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29012
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29011
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25815
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32024
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33137
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33133
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33132
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33131
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33130
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33129
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32029
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32022
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32021
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32020
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32019
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32018
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32017
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32016
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32015
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32014
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32013
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32012
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32011
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32010
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32009
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32008
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29373
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29372
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29371
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29370
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29369
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29368
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29367
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29366
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29365
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29364
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29363
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29362
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29361
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29360
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29359
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29358
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29355
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29352
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29351
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29346
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24896
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24938
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24937
Informe
El informe oficial publicado por el CSIRT del Gobierno de Chile está disponible en el siguiente enlace: 9VSA23-00848-01.