9VSA23-00859-01 CSIRT comparte vulnerabilidades incluidas en el Update Tuesday de Microsoft para julio 2023
El CSIRT de Gobierno comparte información del tradicional Update Tuesday de Microsoft, correspondiente a julio de 2023.
![9VSA23-00859-01.png](https://media.ciberseguridad.gob.cl/images/9VSA23-00859-01.2e16d0ba.format-jpeg.fill-1200x600.jpg)
Resumen
El CSIRT de Gobierno comparte información del tradicional Update Tuesday de Microsoft, correspondiente a julio de 2023.
Vulnerabilidades
CVE-2023-21526
CVE-2023-21756
CVE-2023-29347
CVE-2023-32033
CVE-2023-32034
CVE-2023-32035
CVE-2023-32037
CVE-2023-32038
CVE-2023-32039
CVE-2023-32040
CVE-2023-32041
CVE-2023-32042
CVE-2023-32043
CVE-2023-32044
CVE-2023-32045
CVE-2023-32046
CVE-2023-32047
CVE-2023-32049
CVE-2023-32050
CVE-2023-32051
CVE-2023-32052
CVE-2023-32053
CVE-2023-32054
CVE-2023-32055
CVE-2023-32056
CVE-2023-32057
CVE-2023-32083
CVE-2023-32084
CVE-2023-32085
CVE-2023-33127
CVE-2023-33134
CVE-2023-33148
CVE-2023-33149
CVE-2023-33150
CVE-2023-33151
CVE-2023-33152
CVE-2023-33153
CVE-2023-33154
CVE-2023-33155
CVE-2023-33156
CVE-2023-33157
CVE-2023-33158
CVE-2023-33159
CVE-2023-33160
CVE-2023-33161
CVE-2023-33162
CVE-2023-33163
CVE-2023-33164
CVE-2023-33165
CVE-2023-33166
CVE-2023-33167
CVE-2023-33168
CVE-2023-33169
CVE-2023-33170
CVE-2023-33171
CVE-2023-33172
CVE-2023-33173
CVE-2023-33174
CVE-2023-35296
CVE-2023-35297
CVE-2023-35298
CVE-2023-35299
CVE-2023-35300
CVE-2023-35302
CVE-2023-35303
CVE-2023-35304
CVE-2023-35305
CVE-2023-35306
CVE-2023-35308
CVE-2023-35309
CVE-2023-35310
CVE-2023-35311
CVE-2023-35312
CVE-2023-35313
CVE-2023-35314
CVE-2023-35315
CVE-2023-35316
CVE-2023-35317
CVE-2023-35318
CVE-2023-35319
CVE-2023-35320
CVE-2023-35321
CVE-2023-35322
CVE-2023-35323
CVE-2023-35324
CVE-2023-35325
CVE-2023-35326
CVE-2023-35328
CVE-2023-35329
CVE-2023-35330
CVE-2023-35331
CVE-2023-35332
CVE-2023-35333
CVE-2023-35335
CVE-2023-35336
CVE-2023-35337
CVE-2023-35338
CVE-2023-35339
CVE-2023-35340
CVE-2023-35341
CVE-2023-35342
CVE-2023-35343
CVE-2023-35344
CVE-2023-35345
CVE-2023-35346
CVE-2023-35347
CVE-2023-35348
CVE-2023-35350
CVE-2023-35351
CVE-2023-35352
CVE-2023-35353
CVE-2023-35356
CVE-2023-35357
CVE-2023-35358
CVE-2023-35360
CVE-2023-35361
CVE-2023-35362
CVE-2023-35363
CVE-2023-35364
CVE-2023-35365
CVE-2023-35366
CVE-2023-35367
CVE-2023-35373
CVE-2023-35374
CVE-2023-36867
CVE-2023-36868
CVE-2023-36871
CVE-2023-36872
CVE-2023-36874
CVE-2023-3688
Impacto
Vulnerabilidades de riesgo crítico
CVE-2023-32057: Vulnerabilidad de ejecución remota de código en Microsoft Message Queuing.
CVE-2023-33157: Vulnerabilidad de ejecución remota de código en Windows SharePoint.
CVE-2023-33160: Vulnerabilidad de ejecución remota de código en Windows SharePoint Server.
CVE-2023-35297: Vulnerabilidad de ejecución remota de código en Windows Pragmatic General Multicast (PGM).
CVE-2023-35315: Vulnerabilidad de ejecución remota de código en Windows Layer-2 Bridge Network Driver.
CVE-2023-35352: Vulnrabilidad de evasión de funciones de seguridad en Windows Remote Desktop.
CVE-2023-35365: Vulnerabilidad de ejecución remota de código en Windows Routing and Remote Access Service (RRAS).
CVE-2023-35366: Vulnerabilidad de ejecución remota de código en Windows Routing and Remote Access Service (RRAS).
CVE-2023-35367: Vulnerabilidad de ejecución remota de código en Windows Routing and Remote Access Service (RRAS).
Mitigación
Instalar las respectivas actualizaciones entregadas por el proveedor.
Productos afectados
.NET 6.0
Azure Service Fabric 9.1 for Windows
Microsoft 365 Apps for Enterprise for 64-bit Systems
Microsoft Dynamics 365 (on-premises) version 9.1
Microsoft Excel 2013 Service Pack 1 (64-bit editions)
Microsoft Malware Protection Engine
Microsoft Office 2013 Service Pack 1 (64-bit editions)
Microsoft Office for Universal
Microsoft Office LTSC 2021 for 32-bit editions
Microsoft Office LTSC for Mac 2021
Microsoft Outlook 2016 (32-bit edition)
Microsoft Power Apps (online)
Microsoft SharePoint Server Subscription Edition
Microsoft Visual Studio 2022 version 17.0
Microsoft Word 2013 Service Pack 1 (64-bit editions)
Mono 6.12.0
Paint 3D
PandocUpload
Raw Image Extension
Visual Studio Code - GitHub Pull Requests and Issues Extension
VP9 Video Extensions
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows Admin Center
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016 (Server Core installation)
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installation)
Enlaces
https://msrc.microsoft.com/update-guide/releaseNote/2023-Jul
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21526
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21756
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29347
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32033
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32034
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32035
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32037
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32038
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32039
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32040
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32041
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32042
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32043
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32044
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32045
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32046
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32047
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32049
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32050
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32051
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32052
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32053
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32054
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32055
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32056
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32057
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32083
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32084
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32085
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33127
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33134
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33148
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33149
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33150
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33151
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33152
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33153
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33154
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33155
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33156
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33157
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33158
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33159
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33160
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33161
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33162
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33163
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33164
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33165
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33166
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33167
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33168
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33169
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33170
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33171
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33172
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33173
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33174
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35296
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35297
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35298
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35299
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35300
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35302
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35303
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35304
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35305
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35306
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35308
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35309
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35310
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35311
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35312
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35313
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35314
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35315
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35316
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35317
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35318
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35319
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35320
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35321
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35322
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35323
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35324
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35325
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35326
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35328
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35329
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35330
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35331
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35332
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35333
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35335
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35336
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35337
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35338
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35339
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35340
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35341
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35342
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35343
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35344
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35345
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35346
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35347
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35348
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35350
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35351
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35352
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35353
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35356
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35357
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35358
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35360
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35361
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35362
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35363
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35364
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35365
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35366
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35367
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35373
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35374
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36867
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36868
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36871
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36872
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36874
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3688
Informe
El informe oficial publicado por el CSIRT del Gobierno de Chile está disponible en el siguiente enlace: 9VSA23-00859-01.