Microsoft publicó 80 correcciones de seguridad en 15 productos y servicios, como parte del lote mensual de actualizaciones de seguridad de la compañía, conocido como Patch Tuesday. De las 80 vulnerabilidades parchadas, dos son de día cero, fallas de seguridad que habían sido explotadas antes de que Microsoft lanzara las correcciones. Los dos días cero […]
Microsoft publicó 80 correcciones de seguridad en 15 productos y servicios, como parte del lote mensual de actualizaciones de seguridad de la compañía, conocido como Patch Tuesday.
De las 80 vulnerabilidades parchadas, dos son de día cero, fallas de seguridad que habían sido explotadas antes de que Microsoft lanzara las correcciones.
Los dos días cero corresponden a CVE-2019-1214 y CVE-2019-1215. Ambas son vulnerabilidades de elevación de privilegios (EoP). Estos tipos de vulnerabilidades generalmente son explotados por malware para obtener la capacidad de ejecutar código malicioso con privilegios de administrador en hosts (previamente) infectados.
El primer error, CVE-2019-1214, es una EoP en el controlador del Sistema de archivos de registro común de Windows (CLFS). El segundo, CVE-2019-1215, afecta el servicio ws2ifsl.sys (Winsock).
Como de costumbre, Microsoft no reveló ningún detalle de cómo se estaban explotando los dos errores, solo reconoció a un investigador de seguridad del equipo Qihoo 360 Vulcan por descubrir el primero.
En general, el Patch Tuesday de este mes es tan voluminoso como todos los lanzamientos del Patch Tuesday de los últimos meses, que se han disparado regularmente a más de 70 errores corregidos de forma regular.
También, al igual que en los últimos meses, Microsoft parchó errores de ejecución remota de código en el Protocolo de escritorio remoto: CVE-2019-1290 y CVE-2019-1291.
Ambos errores fueron descubiertos por el equipo interno de Microsoft, y a diferencia de las vulnerabilidades BlueKeep y DejaBlue divulgadas en mayo y agosto, Microsoft no dijo si estos dos podrían ser abusados para crear malware / exploits auto propagables.
Actualizaciones que no pertenecen a Microsoft
Dado que el martes de parches de Microsoft también es el día en que otros proveedores lanzan parches de seguridad, los administradores del sistema también pueden querer instalar parches lanzados hoy por Adobe y SAP.
Adobe Flash Player | ADV190022 | September 2019 Adobe Flash Security Update |
Servicing Stack Updates | ADV990001 | Latest Servicing Stack Updates |
.NET Core | CVE-2019-1301 | .NET Core Denial of Service Vulnerability |
.NET Framework | CVE-2019-1142 | .NET Framework Elevation of Privilege Vulnerability |
Active Directory | CVE-2019-1273 | Active Directory Federation Services XSS Vulnerability |
ASP.NET | CVE-2019-1302 | ASP.NET Core Elevation Of Privilege Vulnerability |
Common Log File System Driver | CVE-2019-1282 | Windows Common Log File System Driver Information Disclosure Vulnerability |
Common Log File System Driver | CVE-2019-1214 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
Microsoft Browsers | CVE-2019-1220 | Microsoft Browser Security Feature Bypass Vulnerability |
Microsoft Edge | CVE-2019-1299 | Microsoft Edge based on Edge HTML Information Disclosure Vulnerability |
Microsoft Exchange Server | CVE-2019-1233 | Microsoft Exchange Denial of Service Vulnerability |
Microsoft Exchange Server | CVE-2019-1266 | Microsoft Exchange Spoofing Vulnerability |
Microsoft Graphics Component | CVE-2019-1245 | DirectWrite Information Disclosure Vulnerability |
Microsoft Graphics Component | CVE-2019-1252 | Windows GDI Information Disclosure Vulnerability |
Microsoft Graphics Component | CVE-2019-1284 | DirectX Elevation of Privilege Vulnerability |
Microsoft Graphics Component | CVE-2019-1283 | Microsoft Graphics Components Information Disclosure Vulnerability |
Microsoft Graphics Component | CVE-2019-1216 | DirectX Information Disclosure Vulnerability |
Microsoft Graphics Component | CVE-2019-1286 | Windows GDI Information Disclosure Vulnerability |
Microsoft Graphics Component | CVE-2019-1244 | DirectWrite Information Disclosure Vulnerability |
Microsoft Graphics Component | CVE-2019-1251 | DirectWrite Information Disclosure Vulnerability |
Microsoft JET Database Engine | CVE-2019-1248 | Jet Database Engine Remote Code Execution Vulnerability |
Microsoft JET Database Engine | CVE-2019-1246 | Jet Database Engine Remote Code Execution Vulnerability |
Microsoft JET Database Engine | CVE-2019-1243 | Jet Database Engine Remote Code Execution Vulnerability |
Microsoft JET Database Engine | CVE-2019-1247 | Jet Database Engine Remote Code Execution Vulnerability |
Microsoft JET Database Engine | CVE-2019-1241 | Jet Database Engine Remote Code Execution Vulnerability |
Microsoft JET Database Engine | CVE-2019-1240 | Jet Database Engine Remote Code Execution Vulnerability |
Microsoft JET Database Engine | CVE-2019-1250 | Jet Database Engine Remote Code Execution Vulnerability |
Microsoft JET Database Engine | CVE-2019-1249 | Jet Database Engine Remote Code Execution Vulnerability |
Microsoft JET Database Engine | CVE-2019-1242 | Jet Database Engine Remote Code Execution Vulnerability |
Microsoft Office | CVE-2019-1264 | Microsoft Office Security Feature Bypass Vulnerability |
Microsoft Office | CVE-2019-1263 | Microsoft Excel Information Disclosure Vulnerability |
Microsoft Office | CVE-2019-1297 | Microsoft Excel Remote Code Execution Vulnerability |
Microsoft Office SharePoint | CVE-2019-1259 | Microsoft SharePoint Spoofing Vulnerability |
Microsoft Office SharePoint | CVE-2019-1260 | Microsoft SharePoint Elevation of Privilege Vulnerability |
Microsoft Office SharePoint | CVE-2019-1295 | Microsoft SharePoint Remote Code Execution Vulnerability |
Microsoft Office SharePoint | CVE-2019-1257 | Microsoft SharePoint Remote Code Execution Vulnerability |
Microsoft Office SharePoint | CVE-2019-1296 | Microsoft SharePoint Remote Code Execution Vulnerability |
Microsoft Office SharePoint | CVE-2019-1262 | Microsoft Office SharePoint XSS Vulnerability |
Microsoft Office SharePoint | CVE-2019-1261 | Microsoft SharePoint Spoofing Vulnerability |
Microsoft Scripting Engine | CVE-2019-1298 | Chakra Scripting Engine Memory Corruption Vulnerability |
Microsoft Scripting Engine | CVE-2019-1300 | Chakra Scripting Engine Memory Corruption Vulnerability |
Microsoft Scripting Engine | CVE-2019-1217 | Chakra Scripting Engine Memory Corruption Vulnerability |
Microsoft Scripting Engine | CVE-2019-1208 | VBScript Remote Code Execution Vulnerability |
Microsoft Scripting Engine | CVE-2019-1138 | Chakra Scripting Engine Memory Corruption Vulnerability |
Microsoft Scripting Engine | CVE-2019-1221 | Scripting Engine Memory Corruption Vulnerability |
Microsoft Scripting Engine | CVE-2019-1237 | Chakra Scripting Engine Memory Corruption Vulnerability |
Microsoft Scripting Engine | CVE-2019-1236 | VBScript Remote Code Execution Vulnerability |
Microsoft Windows | CVE-2019-1219 | Windows Transaction Manager Information Disclosure Vulnerability |
Microsoft Windows | CVE-2019-1280 | LNK Remote Code Execution Vulnerability |
Microsoft Windows | CVE-2019-1277 | Windows Audio Service Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2019-1278 | Windows Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2019-1215 | Windows Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2019-1289 | Windows Update Delivery Optimization Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2019-1292 | Windows Denial of Service Vulnerability |
Microsoft Windows | CVE-2019-1294 | Windows Secure Boot Security Feature Bypass Vulnerability |
Microsoft Windows | CVE-2019-1287 | Windows Network Connectivity Assistant Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2019-1270 | Microsoft Windows Store Installer Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2019-1235 | Windows Text Service Framework Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2019-1271 | Windows Media Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2019-1303 | Windows Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2019-1272 | Windows ALPC Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2019-1269 | Windows ALPC Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2019-1253 | Windows Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2019-1267 | Microsoft Compatibility Appraiser Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2019-1268 | Winlogon Elevation of Privilege Vulnerability |
Microsoft Yammer | CVE-2019-1265 | Microsoft Yammer Security Feature Bypass Vulnerability |
Project Rome | CVE-2019-1231 | Rome SDK Information Disclosure Vulnerability |
Skype for Business and Microsoft Lync | CVE-2019-1209 | Lync 2013 Information Disclosure Vulnerability |
Team Foundation Server | CVE-2019-1305 | Team Foundation Server Cross-site Scripting Vulnerability |
Team Foundation Server | CVE-2019-1306 | Azure DevOps and Team Foundation Server Remote Code Execution Vulnerability |
Visual Studio | CVE-2019-1232 | Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability |
Windows Hyper-V | CVE-2019-0928 | Windows Hyper-V Denial of Service Vulnerability |
Windows Hyper-V | CVE-2019-1254 | Windows Hyper-V Information Disclosure Vulnerability |
Windows Kernel | CVE-2019-1274 | Windows Kernel Information Disclosure Vulnerability |
Windows Kernel | CVE-2019-1293 | Windows SMB Client Driver Information Disclosure Vulnerability |
Windows Kernel | CVE-2019-1285 | Win32k Elevation of Privilege Vulnerability |
Windows Kernel | CVE-2019-1256 | Win32k Elevation of Privilege Vulnerability |
Windows RDP | CVE-2019-1291 | Remote Desktop Client Remote Code Execution Vulnerability |
Windows RDP | CVE-2019-1290 | Remote Desktop Client Remote Code Execution Vulnerability |
Windows RDP | CVE-2019-0788 | Remote Desktop Client Remote Code Execution Vulnerability |
Windows RDP | CVE-2019-0787 | Remote Desktop Client Remote Code Execution Vulnerability |