CSIRT de Gobierno /
Alertas /
9VSA23-00848-01 CSIRT comparte vulnerabilidades parchadas en el Update Tuesday de Microsoft para junio 2023

14 de junio de 2023 a las 00:03

9VSA23-00848-01 CSIRT comparte vulnerabilidades parchadas en el Update Tuesday de Microsoft para junio 2023

El CSIRT de Gobierno comparte información de las vulnerabilidades parchadas por Microsoft como parte de su tradicional Update Tuesday, en este caso correspondiente a junio de 2023.

Resumen

El CSIRT de Gobierno comparte información de las vulnerabilidades parchadas por Microsoft como parte de su tradicional Update Tuesday, en este caso correspondiente a junio de 2023.

Vulnerabilidades

CVE-2023-32030

CVE-2023-29326

CVE-2023-24895

CVE-2023-24936

CVE-2023-29331

CVE-2023-24897

CVE-2023-29337

CVE-2023-33140

CVE-2023-29357

CVE-2023-33142

CVE-2023-29353

CVE-2023-32031

CVE-2023-28310

CVE-2023-33146

CVE-2023-33145

CVE-2023-33144

CVE-2023-21569

CVE-2023-21565

CVE-2023-33141

CVE-2023-27911

CVE-2023-33128

CVE-2023-32032

CVE-2023-33126

CVE-2023-33135

CVE-2023-29007

CVE-2023-25652

CVE-2023-33139

CVE-2023-27910

CVE-2023-27909

CVE-2023-29012

CVE-2023-29011

CVE-2023-25815

CVE-2023-32024

CVE-2023-33137

CVE-2023-33133

CVE-2023-33132

CVE-2023-33131

CVE-2023-33130

CVE-2023-33129

CVE-2023-32029

CVE-2023-32022

CVE-2023-32021

CVE-2023-32020

CVE-2023-32019

CVE-2023-32018

CVE-2023-32017

CVE-2023-32016

CVE-2023-32015

CVE-2023-32014

CVE-2023-32013

CVE-2023-32012

CVE-2023-32011

CVE-2023-32010

CVE-2023-32009

CVE-2023-32008

CVE-2023-29373

CVE-2023-29372

CVE-2023-29371

CVE-2023-29370

CVE-2023-29369

CVE-2023-29368

CVE-2023-29367

CVE-2023-29366

CVE-2023-29365

CVE-2023-29364

CVE-2023-29363

CVE-2023-29362

CVE-2023-29361

CVE-2023-29360

CVE-2023-29359

CVE-2023-29358

CVE-2023-29355

CVE-2023-29352

CVE-2023-29351

CVE-2023-29346

CVE-2023-24896

CVE-2023-24937

CVE-2023-24938

Impacto

Vulnerabilidades de riesgo crítico

CVE-2023-24897: Vulnerabilidad de ejecución remota de código en .NET, .NET Framework y Visual Studio Remote.

CVE-2023-29357: Vulnerabilidad de elevación de privilegios en Microsoft SharePoint Server.

CVE-2023-32015: Vulnerabilidad de ejecución remota de código en Windows Pragmatic General Multicast (PGM).

CVE-2023-32014: Vulnerabilidad de ejecución remota de código en Windows Pragmatic General Multicast (PGM).

CVE-2023-32013: Vulnerabilidad de denegación de servicio en Windows Hyper-V.

CVE-2023-29363: Vulnerabilidad de ejecución remota de código en Windows Pragmatic General Multicast (PGM).

Mitigación

Instalar las respectivas actualizaciones entregadas por el proveedor.

Productos afectados

.NET 6.0

.NET 7.0

Azure DevOps Server 2020.1.2

Azure DevOps Server 2022

Azure DevOps Server 2022.0.1

Dynamics 365 for Finance and Operations

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5

Microsoft .NET Framework 3.5 and 4.6.2

Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2

Microsoft .NET Framework 3.5 AND 4.7.2

Microsoft .NET Framework 3.5 AND 4.8

Microsoft .NET Framework 3.5 AND 4.8.1

Microsoft .NET Framework 3.5.1

Microsoft .NET Framework 4.6.2

Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2

Microsoft .NET Framework 4.8

Microsoft 365 Apps for Enterprise for 32-bit Systems

Microsoft 365 Apps for Enterprise for 64-bit Systems

Microsoft Edge (Chromium-based)

Microsoft Excel 2013 RT Service Pack 1

Microsoft Excel 2013 Service Pack 1 (32-bit editions)

Microsoft Excel 2013 Service Pack 1 (64-bit editions)

Microsoft Excel 2016 (32-bit edition)

Microsoft Excel 2016 (64-bit edition)

Microsoft Exchange Server 2016 Cumulative Update 23

Microsoft Exchange Server 2019 Cumulative Update 12

Microsoft Exchange Server 2019 Cumulative Update 13

Microsoft Office 2019 for 32-bit editions

Microsoft Office 2019 for 64-bit editions

Microsoft Office 2019 for Mac

Microsoft Office LTSC 2021 for 32-bit editions

Microsoft Office LTSC 2021 for 64-bit editions

Microsoft Office LTSC for Mac 2021

Microsoft Office Online Server

Microsoft OneNote for Universal

Microsoft Outlook 2013 (32-bit editions)

Microsoft Outlook 2013 (64-bit editions)

Microsoft Outlook 2013 RT Service Pack 1

Microsoft Outlook 2016 (32-bit edition)

Microsoft Outlook 2016 (64-bit edition)

Microsoft Power Apps

Microsoft SharePoint Enterprise Server 2016

Microsoft SharePoint Server 2019

Microsoft SharePoint Server Subscription Edition

Microsoft Visual Studio 2013 Update 5

Microsoft Visual Studio 2015 Update 3

Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)

Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)

Microsoft Visual Studio 2022 version 17.0

Microsoft Visual Studio 2022 version 17.2

Microsoft Visual Studio 2022 version 17.4

Microsoft Visual Studio 2022 version 17.5

Microsoft Visual Studio 2022 version 17.6

NuGet 6.0.4

NuGet 6.2.3

NuGet 6.3.2

NuGet 6.4.1

NuGet 6.5.0

NuGet 6.6.0

Remote Desktop client for Windows Desktop

Sysinternals Suite

Visual Studio Code

Windows 10 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 22H2 for 32-bit Systems

Windows 10 Version 22H2 for ARM64-based Systems

Windows 10 Version 22H2 for x64-based Systems

Windows 11 version 21H2 for ARM64-based Systems

Windows 11 version 21H2 for x64-based Systems

Windows 11 Version 22H2 for ARM64-based Systems

Windows 11 Version 22H2 for x64-based Systems

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2012

Windows Server 2012 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 R2 (Server Core installation)

Windows Server 2016

Windows Server 2016 (Server Core installation)

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows Server 2022

Windows Server 2022 (Server Core installation)

Windows Sysinternals Process Monitor

YARP 2.0

Enlaces

https://msrc.microsoft.com/update-guide/releaseNote/2023-Jun

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32030

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29326

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24895

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24936

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29331

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24897

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29337

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33140

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29357

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33142

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29353

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32031

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28310

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33146

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33145

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33144

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21569

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21565

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33141

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27911

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33128

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32032

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33126

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33135

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29007

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25652

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33139

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27910

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27909

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29012

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29011

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25815

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32024

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33137

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33133

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33132

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33131

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33130

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33129

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32029

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32022

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32021

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32020

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32019

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32018

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32017

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32016

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32015

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32014

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32013

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32012

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32011

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32010

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32009

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32008

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29373

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29372

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29371

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29370

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29369

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29368

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29367

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29366

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29365

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29364

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29363

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29362

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29361

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29360

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29359

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29358

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29355

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29352

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29351

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29346

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24896

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24938

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24937

Informe

El informe oficial publicado por el CSIRT del Gobierno de Chile está disponible en el siguiente enlace: 9VSA23-00848-01.

Documentos Relacionados

9VSA23-00848-01