Microsoft Update Tuesday Abril 2024 - Vulnerabilidades
VSA24-00998En el CSIRT de Gobierno informamos frecuentemente de vulnerabilidades importantes que pueden afectar sus aplicaciones, datos o equipos.
En esta ocasión, compartimos las vulnerabilidades compartidas por Microsoft para su paquete de parches Update Tuesday correspondiente a abril de 2024.
Nota: las siguientes vulnerabilidades incluyen el puntaje CVSS base seguido del puntaje temporal al momento de su revisión (9 de abril 2024).
Vulnerabilidades
| ID | CVSS | EPSS |
|---|---|---|
| CVE-2024-20665 | 6.1 / 5.3 | |
| CVE-2024-20669 | 6.7 / 5.8 | |
| CVE-2024-20670 | 8.1 / 7.1 | |
| CVE-2024-20678 | 8.8 / 7.7 | |
| CVE-2024-20685 | 5.9 / 5.2 | |
| CVE-2024-20688 | 7.1 / 6.2 | |
| CVE-2024-20689 | 7.1 / 6.2 | |
| CVE-2024-20693 | 7.8 / 6.8 | |
| CVE-2024-21322 | 7.2 / 6.3 | |
| CVE-2024-21323 | 8.8 / 7.7 | |
| CVE-2024-21324 | 7.2 / 6.3 | |
| CVE-2024-21409 | 7.3 / 6.4 | |
| CVE-2024-21424 | 6.5 / 5.7 | |
| CVE-2024-21447 | 7.8 / 6.8 | |
| CVE-2024-2201 | 4.7 / 4.1 | |
| CVE-2024-23593 | 7.8 / 6.8 | |
| CVE-2024-23594 | 6.4 / 5.6 | |
| CVE-2024-26158 | 7.8 / 6.8 | |
| CVE-2024-26168 | 6.8 / 5.9 | |
| CVE-2024-26171 | 6.7 / 5.8 | |
| CVE-2024-26172 | 5.5 / 4.8 | |
| CVE-2024-26175 | 7.8 / 6.8 | |
| CVE-2024-26179 | 8.8 / 7.7 | |
| CVE-2024-26180 | 8.0 / 7.0 | |
| CVE-2024-26183 | 6.5 / 5.7 | |
| CVE-2024-26189 | 8.0 / 7.0 | |
| CVE-2024-26193 | 6.4 / 5.9 | |
| CVE-2024-26194 | 7.4 / 6.4 | |
| CVE-2024-26195 | 7.2 / 6.3 | |
| CVE-2024-26200 | 8.8 / 7.7 | |
| CVE-2024-26202 | 7.2 / 6.3 | |
| CVE-2024-26205 | 8.8 / 7.7 | |
| CVE-2024-26207 | 5.5 / 4.8 | |
| CVE-2024-26208 | 7.2 / 6.3 | |
| CVE-2024-26209 | 5.5 / 4.8 | |
| CVE-2024-26210 | 8.8 / 7.7 | |
| CVE-2024-26211 | 7.8 / 6.8 | |
| CVE-2024-26212 | 7.5 / 6.5 | |
| CVE-2024-26213 | 7.0 / 6.1 | |
| CVE-2024-26214 | 8.8 / 7.7 | |
| CVE-2024-26215 | 7.5 / 7.2 | |
| CVE-2024-26216 | 7.3 / 6.4 | |
| CVE-2024-26217 | 5.5 / 4.8 | |
| CVE-2024-26218 | 7.8 / 6.8 | |
| CVE-2024-26219 | 7.5 / 6.5 | |
| CVE-2024-26220 | 5.0 / 4.4 | |
| CVE-2024-26221 | 7.2 / 6.3 | |
| CVE-2024-26222 | 7.2 / 6.3 | |
| CVE-2024-26223 | 7.2 / 6.3 | |
| CVE-2024-26224 | 7.2 / 6.3 | |
| CVE-2024-26226 | 6.5 / 5.7 | |
| CVE-2024-26227 | 7.2 / 6.3 | |
| CVE-2024-26228 | 7.8 / 6.8 | |
| CVE-2024-26229 | 7.8 / 6.8 | |
| CVE-2024-26230 | 7.8 / 6.8 | |
| CVE-2024-26231 | 7.2 / 6.3 | |
| CVE-2024-26232 | 7.3 / 6.4 | |
| CVE-2024-26233 | 7.2 / 6.3 | |
| CVE-2024-26234 | 6.7 / 5.8 | |
| CVE-2024-26235 | 7.8 / 6.8 | |
| CVE-2024-26236 | 7.0 / 6.1 | |
| CVE-2024-26237 | 7.8 / 6.8 | |
| CVE-2024-26239 | 7.8 / 6.8 | |
| CVE-2024-26240 | 8.0 / 7.0 | |
| CVE-2024-26241 | 7.8 / 6.8 | |
| CVE-2024-26242 | 7.0 / 6.1 | |
| CVE-2024-26243 | 7.0 / 6.1 | |
| CVE-2024-26244 | 8.8 / 7.7 | |
| CVE-2024-26245 | 7.8 / 6.8 | |
| CVE-2024-26248 | 7.5 / 6.5 | |
| CVE-2024-26250 | 6.7 / 5.8 | |
| CVE-2024-26251 | 6.8 / 6.5 | |
| CVE-2024-26252 | 6.8 / 5.9 | |
| CVE-2024-26253 | 6.8 / 5.9 | |
| CVE-2024-26254 | 7.5 / 6.5 | |
| CVE-2024-26255 | 5.5 / 4.8 | |
| CVE-2024-26256 | 7.8 / 6.8 | |
| CVE-2024-26257 | 7.8 / 7.5 | |
| CVE-2024-28896 | 7.5 / 6.5 | |
| CVE-2024-28897 | 6.8 / 5.9 | |
| CVE-2024-28898 | 6.3 / 5.5 | |
| CVE-2024-28900 | 5.5 / 4.8 | |
| CVE-2024-28901 | 5.5 / 4.8 | |
| CVE-2024-28902 | 5.5 / 4.8 | |
| CVE-2024-28903 | 6.7 / 5.8 | |
| CVE-2024-28904 | 7.8 / 6.8 | |
| CVE-2024-28905 | 7.8 / 6.8 | |
| CVE-2024-28906 | 8.8 / 7.7 | |
| CVE-2024-28907 | 7.8 / 6.8 | |
| CVE-2024-28908 | 8.8 / 7.7 | |
| CVE-2024-28909 | 8.8 / 7.7 | |
| CVE-2024-28910 | 8.8 / 7.7 | |
| CVE-2024-28911 | 8.8 / 7.7 | |
| CVE-2024-28912 | 8.8 / 7.7 | |
| CVE-2024-28913 | 8.8 / 7.7 | |
| CVE-2024-28914 | 8.8 / 7.7 | |
| CVE-2024-28915 | 8.8 / 7.7 | |
| CVE-2024-28917 | 6.2 / 5.4 | |
| CVE-2024-28919 | 6.7 / 5.8 | |
| CVE-2024-28920 | 7.8 / 6.8 | |
| CVE-2024-28921 | 6.7 / 5.8 | |
| CVE-2024-28922 | 4.1 / 3.6 | |
| CVE-2024-28923 | 6.4 / 5.6 | |
| CVE-2024-28924 | 6.7 / 5.8 | |
| CVE-2024-28925 | 8.0 / 7.0 | |
| CVE-2024-28926 | 8.8 / 7.7 | |
| CVE-2024-28927 | 8.8 / 7.7 | |
| CVE-2024-28929 | 8.8 / 7.7 | |
| CVE-2024-28930 | 8.8 / 7.7 | |
| CVE-2024-28931 | 8.8 / 7.7 | |
| CVE-2024-28932 | 8.8 / 7.7 | |
| CVE-2024-28933 | 8.8 / 7.7 | |
| CVE-2024-28934 | 8.8 / 7.7 | |
| CVE-2024-28935 | 8.8 / 7.7 | |
| CVE-2024-28936 | 8.8 / 7.7 | |
| CVE-2024-28937 | 8.8 / 7.7 | |
| CVE-2024-28938 | 8.8 / 7.7 | |
| CVE-2024-28939 | 8.8 / 7.7 | |
| CVE-2024-28940 | 8.8 / 7.7 | |
| CVE-2024-28941 | 8.8 / 7.7 | |
| CVE-2024-28942 | 8.8 / 7.7 | |
| CVE-2024-28943 | 8.8 / 7.7 | |
| CVE-2024-28944 | 8.8 / 7.7 | |
| CVE-2024-28945 | 8.8 / 7.7 | |
| CVE-2024-29043 | 8.8 / 7.7 | |
| CVE-2024-29044 | 8.8 / 7.7 | |
| CVE-2024-29045 | 7.5 / 6.5 | |
| CVE-2024-29046 | 8.8 / 7.7 | |
| CVE-2024-29047 | 8.8 / 7.7 | |
| CVE-2024-29048 | 8.8 / 7.7 | |
| CVE-2024-29050 | 8.4 / 7.3 | |
| CVE-2024-29052 | 7.8 / 6.8 | |
| CVE-2024-29053 | 8.8 / 7.7 | |
| CVE-2024-29054 | 7.2 / 6.3 | |
| CVE-2024-29055 | 7.2 / 6.3 | |
| CVE-2024-29056 | 4.3 / 3.8 | |
| CVE-2024-29061 | 7.8 / 6.8 | |
| CVE-2024-29062 | 7.1 / 6.2 | |
| CVE-2024-29063 | 7.3 / 6.6 | |
| CVE-2024-29064 | 6.2 / 5.4 | |
| CVE-2024-29066 | 7.2 / 6.3 | |
| CVE-2024-29982 | 8.8 / 7.7 | |
| CVE-2024-29983 | 8.8 / 7.7 | |
| CVE-2024-29984 | 8.8 / 7.7 | |
| CVE-2024-29985 | 8.8 / 7.7 | |
| CVE-2024-29988 | 8.8 / 8.2 | |
| CVE-2024-29989 | 8.4 / 7.3 | |
| CVE-2024-29990 | 9.0 / 8.1 | |
| CVE-2024-29992 | 5.5 / 5.3 | |
| CVE-2024-29993 | 8.8 / 7.7 |
Versiones Afectadas
| Producto | Versiones |
|---|---|
| .NET 6.0 |
|
| .NET 7.0 |
|
| .NET 8.0 |
|
| Azure AI Search |
|
| Azure Compute Gallery |
|
| Azure Arc Cluster microsoft.azstackhci.operator Extension |
|
| Azure Arc Cluster microsoft.azure.hybridnetwork Extension |
|
| Azure Arc Cluster microsoft.azurekeyvaultsecretsprovider Extension |
|
| Azure Arc Cluster microsoft.iotoperations.mq Extension |
|
| Azure Arc Cluster microsoft.networkfabricserviceextension Extension |
|
| Azure Arc Cluster microsoft.openservicemesh Extension |
|
| Azure Arc Cluster microsoft.videoindexer Extension |
|
| Azure Identity Library for .NET |
|
| Azure Kubernetes Service Confidential Containers |
|
| Azure Migrate |
|
| Azure Migrate |
|
| Azure Monitor Agent |
|
| Azure Private 5G Core |
|
| Microsoft .NET Framework |
|
| Microsoft 365 Apps for Enterprise for 32-bit Systems |
|
| Microsoft 365 Apps for Enterprise for 64-bit Systems |
|
| Microsoft Defender for IoT |
|
| Microsoft ODBC Driver 17 for SQL Server on Linux |
|
| Microsoft ODBC Driver 17 for SQL Server on MacOS |
|
| Microsoft ODBC Driver 17 for SQL Server on Windows |
|
| Microsoft ODBC Driver 18 for SQL Server on Linux |
|
| Microsoft ODBC Driver 18 for SQL Server on MacOS |
|
| Microsoft ODBC Driver 18 for SQL Server on Windows |
|
| Microsoft Office LTSC for Mac 2021 |
|
| Microsoft OLE DB Driver 18 for SQL Server |
|
| Microsoft OLE DB Driver 19 for SQL Server |
|
| Microsoft SharePoint Server 2016 |
|
| Microsoft SharePoint Server 2019 |
|
| Microsoft SharePoint Server Subscription Edition |
|
| Microsoft SQL Server 2019 for x64-based Systems (CU 25) |
|
| Microsoft SQL Server 2019 for x64-based Systems (GDR) |
|
| Microsoft SQL Server 2022 for x64-based Systems (CU 12) |
|
| Microsoft SQL Server 2022 for x64-based Systems (GDR) |
|
| Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) |
|
| Microsoft Visual Studio 2022 |
|
| Outlook for Windows |
|
| Windows 10 for 32-bit Systems |
|
| Windows 10 for x64-based Systems |
|
| Windows 10 Version 1607 for 32-bit Systems |
|
| Windows 10 Version 1607 for x64-based Systems |
|
| Windows 10 Version 1809 for 32-bit Systems |
|
| Windows 10 Version 1809 for ARM64-based Systems |
|
| Windows 10 Version 1809 for x64-based Systems |
|
| Windows 10 Version 21H2 for 32-bit Systems |
|
| Windows 10 Version 21H2 for ARM64-based Systems |
|
| Windows 10 Version 21H2 for x64-based Systems |
|
| Windows 10 Version 22H2 for 32-bit Systems |
|
| Windows 10 Version 22H2 for ARM64-based Systems |
|
| Windows 10 Version 22H2 for x64-based Systems |
|
| Windows 11 version 21H2 for ARM64-based Systems |
|
| Windows 11 version 21H2 for x64-based Systems |
|
| Windows 11 Version 22H2 for ARM64-based Systems |
|
| Windows 11 Version 22H2 for x64-based Systems |
|
| Windows 11 Version 23H2 for ARM64-based Systems |
|
| Windows 11 Version 23H2 for x64-based Systems |
|
| Windows Server 2008 for 32-bit Systems Service Pack 2 |
|
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) |
|
| Windows Server 2008 for x64-based Systems Service Pack 2 |
|
| Windows Server 2008 for x64-based Systems Service Pack 2 |
|
| Windows Server 2008 for x64-based Systems Service Pack 2 |
|
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) |
|
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) |
|
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 |
|
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) |
|
| Windows Server 2012 |
|
| Windows Server 2012 (Server Core installation) |
|
| Windows Server 2012 R2 |
|
| Windows Server 2012 R2 (Server Core installation) |
|
| Windows Server 2016 |
|
| Windows Server 2016 (Server Core installation) |
|
| Windows Server 2019 |
|
| Windows Server 2019 (Server Core installation) |
|
| Windows Server 2022 |
|
| Windows Server 2022 (Server Core installation) |
|
| Windows Server 2022, 23H2 Edition (Server Core installation) |
|