CSIRT de Gobierno /
Alertas /
9VSA24-00951-01 CSIRT comparte información de actualización Microsoft Update Tuesday 2024 enero

10 de enero de 2024 a las 16:03

9VSA24-00951-01 CSIRT comparte información de actualización Microsoft Update Tuesday 2024 enero

El CSIRT de Gobierno comparte información sobre las vulnerabilidades parchadas por Microsoft en su más reciente actualización mensual Update Tuesday, correspondiente a enero de 2024.

Resumen

El CSIRT de Gobierno comparte información sobre las vulnerabilidades parchadas por Microsoft en su más reciente actualización mensual Update Tuesday, correspondiente a enero de 2024.

Vulnerabilidades

Impacto

Vulnerabilidades de riesgo crítico:

CVE-2024-20674: Vulnerabilidad de evasión de las funciones de seguridad en Windows Kerberos. CVSS:3.1 9.0.

CVE-2024-20700: Vulnerabilidad de ejecución remota de código Windows Hyper-V Remote Code. CVSS:3.1 7.5.

Mitigación

Implementar los parches correspondientes. Detalles y enlaces de descarga en https://msrc.microsoft.com/update-guide/.

Productos afectados

.NET 6.0

.NET 7.0

.NET 8.0

Azure Storage Mover Agent

CBL Mariner 1.0 ARM

CBL Mariner 1.0 x64

CBL Mariner 2.0 ARM

CBL Mariner 2.0 x64

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5

Microsoft .NET Framework 3.5 AND 4.7.2

Microsoft .NET Framework 3.5 AND 4.8

Microsoft .NET Framework 3.5 AND 4.8.1

Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2

Microsoft .NET Framework 4.8

Microsoft 365 Apps for Enterprise for 32-bit Systems

Microsoft 365 Apps for Enterprise for 64-bit Systems

Microsoft Identity Model v5.0.0

Microsoft Identity Model v5.0.0 for Nuget

Microsoft Identity Model v6.0.0

Microsoft Identity Model v6.0.0 for Nuget

Microsoft Identity Model v7.0.0

Microsoft Identity Model v7.0.0 for Nuget

Microsoft Office 2019 for 32-bit editions

Microsoft Office 2019 for 64-bit editions

Microsoft Office LTSC 2021 for 32-bit editions

Microsoft Office LTSC 2021 for 64-bit editions

Microsoft Office LTSC for Mac 2021

Microsoft Printer Metadata Troubleshooter Tool

Microsoft SharePoint Enterprise Server 2016

Microsoft SharePoint Server 2019

Microsoft SharePoint Server Subscription Edition

Microsoft SQL Server 2022 for x64-based Systems (CU 10)

Microsoft SQL Server 2022 for x64-based Systems (GDR)

Microsoft Visual Studio 2015 Update 3

Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)

Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)

Microsoft Visual Studio 2022 version 17.2

Microsoft Visual Studio 2022 version 17.4

Microsoft Visual Studio 2022 version 17.6

Microsoft Visual Studio 2022 version 17.8

Microsoft.Data.SqlClient 2.1

Microsoft.Data.SqlClient 3.1

Microsoft.Data.SqlClient 4.0

Microsoft.Data.SqlClient 5.1

System.Data.SqlClient

Windows 10 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 22H2 for 32-bit Systems

Windows 10 Version 22H2 for ARM64-based Systems

Windows 10 Version 22H2 for x64-based Systems

Windows 11 version 21H2 for ARM64-based Systems

Windows 11 version 21H2 for x64-based Systems

Windows 11 Version 22H2 for ARM64-based Systems

Windows 11 Version 22H2 for x64-based Systems

Windows 11 Version 23H2 for ARM64-based Systems

Windows 11 Version 23H2 for x64-based Systems

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2012

Windows Server 2012 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 R2 (Server Core installation)

Windows Server 2016

Windows Server 2016 (Server Core installation)

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows Server 2022

Windows Server 2022 (Server Core installation)

Windows Server 2022, 23H2 Edition (Server Core installation)

Enlaces

https://msrc.microsoft.com/update-guide/releaseNote/2024-Jan

Informe

El informe oficial publicado por el CSIRT del Gobierno de Chile está disponible en el siguiente enlace: 9VSA24-00951-01.

Enlaces Relacionados

CVE-2024-0056
CVE-2024-21312
CVE-2024-0057
CVE-2024-21319
CVE-2024-20677
CVE-2024-21320
CVE-2024-21318
CVE-2024-21307
CVE-2024-21306
CVE-2024-21305
CVE-2024-20697
CVE-2022-35737
CVE-2024-20692
CVE-2024-20687
CVE-2024-20683
CVE-2024-21316
CVE-2024-20660
CVE-2024-20652
CVE-2024-20658
CVE-2024-20656
CVE-2024-20653
CVE-2024-20674
CVE-2024-20672
CVE-2024-21325
CVE-2024-20666
CVE-2024-21310
CVE-2024-21314
CVE-2024-21313
CVE-2024-21311
CVE-2024-21309
CVE-2024-20700
CVE-2024-20699
CVE-2024-20698
CVE-2024-20696
CVE-2024-20694
CVE-2024-20691
CVE-2024-20690
CVE-2024-20662
CVE-2024-20661
CVE-2024-20657
CVE-2024-20655
CVE-2024-20654
CVE-2024-20676
https://msrc.microsoft.com/update-guide/
https://msrc.microsoft.com/update-guide/releaseNote/2024-Jan

Documentos Relacionados

9VSA24-00951-01