9VSA24-00976-01 CSIRT comparte información de actualización Microsoft Update Tuesday 2024 febrero

Resumen
El CSIRT de Gobierno comparte información de las vulnerabilidades parchadas en la actualización de seguridad mensual de Microsoft, Update Tuesday, correspondiente a febrero de 2024.
Vulnerabilidades
Impacto
Vulnerabilidades de riesgo crítico:
CVE-2024-21380: Vulnerabilidad de revelación de información en Microsoft Dynamics Business Central /NAV. CVSS: 8.0.
CVE-2024-21410: Vulnerabilidad de elevación de privilegios en Microsoft Exchange Server. CVSS: 9.8.
CVE-2024-21357: Vulnerabilidad de ejecución remota de código en Windows Pragmatic General Multicast (PGM). CVSS: 7.5.
CVE-2024-20684: Vulnerabilidad de denegación de servicio en Windows Hyper-V. CVSS: 6.4.
CVE-2024-21413: Vulnerabilidad de ejecución remota de código en Microsoft Outlook. CVSS: 9.8.
Mitigación
Implementar los parches correspondientes. Detalles y enlaces de descarga en https://msrc.microsoft.com/update-guide/.
Productos afectados
.NET 6.0
.NET 7.0
.NET 8.0
ASP.NET Core 6.0
ASP.NET Core 7.0
ASP.NET Core 8.0
Azure Connected Machine Agent
Azure DevOps Server 2019.1.2
Azure DevOps Server 2020.1.2
Azure DevOps Server 2022.1
Azure File Sync v14.0
Azure File Sync v15.0
Azure File Sync v16.0
Azure File Sync v17.0
Azure Kubernetes Service Confidential Containers
Azure Site Recovery
Azure Stack Hub
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft 365 Apps for Enterprise for 64-bit Systems
Microsoft Azure Active Directory B2C
Microsoft Defender for Endpoint for Windows
Microsoft Dynamics 365 (on-premises) version 9.1
Microsoft Dynamics 365 Business Central 2022 Release Wave 2
Microsoft Dynamics 365 Business Central 2023 Release Wave 1
Microsoft Dynamics 365 Business Central 2023 Release Wave 2
Microsoft Dynamics 365 Customer Engagement V9.1
Microsoft Entra Jira Single-Sign-On Plugin
Microsoft Excel 2016 (32-bit edition)
Microsoft Excel 2016 (64-bit edition)
Microsoft Exchange Server 2016 Cumulative Update 23
Microsoft Exchange Server 2019 Cumulative Update 13
Microsoft Exchange Server 2019 Cumulative Update 14
Microsoft Office 2016 (32-bit edition)
Microsoft Office 2016 (64-bit edition)
Microsoft Office 2019 for 32-bit editions
Microsoft Office 2019 for 64-bit editions
Microsoft Office LTSC 2021 for 32-bit editions
Microsoft Office LTSC 2021 for 64-bit editions
Microsoft Outlook 2016 (32-bit edition)
Microsoft Outlook 2016 (64-bit edition)
Microsoft PowerPoint 2016 (32-bit edition)
Microsoft PowerPoint 2016 (64-bit edition)
Microsoft Publisher 2016 (32-bit edition)
Microsoft Publisher 2016 (64-bit edition)
Microsoft Teams for Android
Microsoft Visio 2016 (32-bit edition)
Microsoft Visio 2016 (64-bit edition)
Microsoft Visual Studio 2022 version 17.4
Microsoft Visual Studio 2022 version 17.6
Microsoft Visual Studio 2022 version 17.8
Microsoft Word 2016 (32-bit edition)
Microsoft Word 2016 (64-bit edition)
Skype for Business 2016 (32-bit)
Skype for Business 2016 (64-bit)
Skype for Business Server 2019 CU7
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows 11 Version 23H2 for ARM64-based Systems
Windows 11 Version 23H2 for x64-based Systems
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installation)
Windows Server 2022, 23H2 Edition (Server Core installation)
Enlaces
https://msrc.microsoft.com/update-guide/releaseNote/2024-Feb
Informe
El informe oficial publicado por el CSIRT del Gobierno de Chile está disponible en el siguiente enlace: 9VSA24-00976-01.