■ Descripción
El 13 de junio del presente año, Microsoft ha lanzado su nueva ronda de actualizaciones para su producto estrella, Windows, corrigiendo en esta misma 94 vulnerabilidades, las cuales 4 han sido clasificadas como Críticas (Mediante la severidad CVSS 3.1). Como también la corrección de 26 vulnerabilidades que permitía la Ejecución Remota de Código en los Productos y Servicios de Microsoft.
El número de las principales vulnerabilidades en cada categoría se enumeran de la siguiente forma:
- 📌 18 Vulnerabilidades de elevación de privilegios.
- 📌 4 Vulnerabilidades de omisión de funciones de seguridad.
- 📌 26 Vulnerabilidades de ejecución remota de código.
- 📌 5 Vulnerabilidades de divulgación de información.
- 📌 10 Vulnerabilidades de denegación de servicio.
- 📌 9 Vulnerabilidades de suplantación de identidad.
El número de Vulnerabilidades por severidad en Colores se enumeran de la siguiente forma:
| Color | Severidad | Número de Vulnerabilidades |
| 🟣 | Crítico | 4 |
| 🔴 | Alto | 44 |
| 🟡 | Medio | 22 |
| 🟢 | Bajo | 2 |
| ⚫ | Desconocido | 22 |
Dato Curioso: La actualización del pasado martes no corrige ninguna vulnerabilidad ZERO-DAY ni errores explotados activamente, lo que alivia en parte la presión que generalmente sienten los administradores de Sistemas. 🥳
■ Vulnerabilidades Destacadas:
- CVE-2023-29357: Vulnerabilidad de elevación de privilegios de Microsoft SharePoint Server
Información: Un atacante que ha obtenido acceso a tokens de autenticación JWT falsificados puede usarlos para ejecutar un ataque de red que pasa por alto la autenticación y les permite obtener acceso a los privilegios de un usuario autenticado.
Descubierto por: Jang (Nguyễn Tiến Giang) de StarLabs SG
- CVE-2023-32031 y CVE-2023-28310: Vulnerabilidad de ejecución remota de código de Microsoft Exchange Server
Información: El atacante de esta vulnerabilidad podría apuntar a las cuentas del servidor en una ejecución de código arbitraria o remota. Como usuario autenticado, el atacante podría intentar activar un código malicioso en el contexto de la cuenta del servidor a través de una llamada de red.
Descubierto por: Piotr Bazydlo de Trend Micro Zero Day Initiative.
- CVE-2023-29362: Vulnerabilidad de ejecución remota de código de cliente de escritorio remoto
Información: Esta vulnerabilidad está actualmente pendiente de análisis. – NIST.GOV
Descubierto por: Dor Dalí con Cyolo.
■ Mitigación
La solución principal es actualizar los sistemas vía Windows Update.
■ Resumen de Vulnerabilidades por Colores:
🟢 = Bajo | 🟡 = Medio | 🔴 = Alto | 🟣 = Crítico | ⚫ = Desconocido
| Tecnología | CVE | Titulo de la Vulnerabilidad | Severidad |
| .NET and Visual Studio | CVE-2023-24895 | .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability | 🔴 |
| .NET and Visual Studio | CVE-2023-33126 | .NET and Visual Studio Remote Code Execution Vulnerability | 🔴 |
| .NET and Visual Studio | CVE-2023-24936 | .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability | 🔴 |
| .NET and Visual Studio | CVE-2023-33135 | .NET and Visual Studio Elevation of Privilege Vulnerability | 🔴 |
| .NET and Visual Studio | CVE-2023-32032 | .NET and Visual Studio Elevation of Privilege Vulnerability | 🟡 |
| .NET and Visual Studio | CVE-2023-32030 | .NET and Visual Studio Denial of Service Vulnerability | 🔴 |
| .NET and Visual Studio | CVE-2023-33128 | .NET and Visual Studio Remote Code Execution Vulnerability | 🔴 |
| .NET and Visual Studio | CVE-2023-24897 | .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability | 🔴 |
| .NET Core | CVE-2023-29331 | .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability | 🟡 |
| .NET Framework | CVE-2023-29326 | .NET Framework Remote Code Execution Vulnerability | 🔴 |
| ASP .NET | CVE-2023-33141 | Yet Another Reverse Proxy (YARP) Denial of Service Vulnerability | 🔴 |
| Azure DevOps | CVE-2023-21569 | Azure DevOps Server Spoofing Vulnerability | 🟡 |
| Azure DevOps | CVE-2023-21565 | Azure DevOps Server Spoofing Vulnerability | 🔴 |
| Microsoft Dynamics | CVE-2023-24896 | Dynamics 365 Finance Spoofing Vulnerability | 🟡 |
| Microsoft Edge (Chromium-based) | CVE-2023-2941 | Chromium: CVE-2023-2941 Inappropriate implementation in Extensions API | ⚫ |
| Microsoft Edge (Chromium-based) | CVE-2023-33145 | Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | 🟡 |
| Microsoft Edge (Chromium-based) | CVE-2023-2937 | Chromium: CVE-2023-2937 Inappropriate implementation in Picture In Picture | ⚫ |
| Microsoft Edge (Chromium-based) | CVE-2023-2936 | Chromium: CVE-2023-2936 Type Confusion in V8 | ⚫ |
| Microsoft Edge (Chromium-based) | CVE-2023-2935 | Chromium: CVE-2023-2935 Type Confusion in V8 | ⚫ |
| Microsoft Edge (Chromium-based) | CVE-2023-2940 | Chromium: CVE-2023-2940 Inappropriate implementation in Downloads | ⚫ |
| Microsoft Edge (Chromium-based) | CVE-2023-2939 | Chromium: CVE-2023-2939 Insufficient data validation in Installer | ⚫ |
| Microsoft Edge (Chromium-based) | CVE-2023-2938 | Chromium: CVE-2023-2938 Inappropriate implementation in Picture In Picture | ⚫ |
| Microsoft Edge (Chromium-based) | CVE-2023-2931 | Chromium: CVE-2023-2931 Use after free in PDF | ⚫ |
| Microsoft Edge (Chromium-based) | CVE-2023-2930 | Chromium: CVE-2023-2930 Use after free in Extensions | ⚫ |
| Microsoft Edge (Chromium-based) | CVE-2023-2929 | Chromium: CVE-2023-2929 Out of bounds write in Swiftshader | ⚫ |
| Microsoft Edge (Chromium-based) | CVE-2023-2934 | Chromium: CVE-2023-2934 Out of bounds memory access in Mojo | ⚫ |
| Microsoft Edge (Chromium-based) | CVE-2023-2933 | Chromium: CVE-2023-2933 Use after free in PDF | ⚫ |
| Microsoft Edge (Chromium-based) | CVE-2023-2932 | Chromium: CVE-2023-2932 Use after free in PDF | ⚫ |
| Microsoft Edge (Chromium-based) | CVE-2023-3079 | Chromium: CVE-2023-3079 Type Confusion in V8 | ⚫ |
| Microsoft Edge (Chromium-based) | CVE-2023-29345 | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | 🟡 |
| Microsoft Edge (Chromium-based) | CVE-2023-33143 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | 🔴 |
| Microsoft Exchange Server | CVE-2023-32031 | Microsoft Exchange Server Remote Code Execution Vulnerability | 🔴 |
| Microsoft Exchange Server | CVE-2023-28310 | Microsoft Exchange Server Remote Code Execution Vulnerability | 🔴 |
| Microsoft Office | CVE-2023-33146 | Microsoft Office Remote Code Execution Vulnerability | 🔴 |
| Microsoft Office Excel | CVE-2023-33133 | Microsoft Excel Remote Code Execution Vulnerability | 🔴 |
| Microsoft Office Excel | CVE-2023-32029 | Microsoft Excel Remote Code Execution Vulnerability | 🔴 |
| Microsoft Office Excel | CVE-2023-33137 | Microsoft Excel Remote Code Execution Vulnerability | 🔴 |
| Microsoft Office OneNote | CVE-2023-33140 | Microsoft OneNote Spoofing Vulnerability | 🟡 |
| Microsoft Office Outlook | CVE-2023-33131 | Microsoft Outlook Remote Code Execution Vulnerability | 🔴 |
| Microsoft Office SharePoint | CVE-2023-33142 | Microsoft SharePoint Server Elevation of Privilege Vulnerability | 🟡 |
| Microsoft Office SharePoint | CVE-2023-33129 | Microsoft SharePoint Denial of Service Vulnerability | 🟡 |
| Microsoft Office SharePoint | CVE-2023-33130 | Microsoft SharePoint Server Spoofing Vulnerability | 🔴 |
| Microsoft Office SharePoint | CVE-2023-33132 | Microsoft SharePoint Server Spoofing Vulnerability | 🟡 |
| Microsoft Office SharePoint | CVE-2023-29357 | Microsoft SharePoint Server Elevation of Privilege Vulnerability | 🟣 |
| Microsoft Power Apps | CVE-2023-32024 | Microsoft Power Apps Spoofing Vulnerability | 🟢 |
| Microsoft Printer Drivers | CVE-2023-32017 | Microsoft PostScript Printer Driver Remote Code Execution Vulnerability | 🔴 |
| Microsoft WDAC OLE DB provider for SQL | CVE-2023-29372 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 🔴 |
| Microsoft Windows Codecs Library | CVE-2023-29370 | Windows Media Remote Code Execution Vulnerability | 🔴 |
| Microsoft Windows Codecs Library | CVE-2023-29365 | Windows Media Remote Code Execution Vulnerability | 🔴 |
| NuGet Client | CVE-2023-29337 | NuGet Client Remote Code Execution Vulnerability | 🔴 |
| Remote Desktop Client | CVE-2023-29362 | Remote Desktop Client Remote Code Execution Vulnerability | 🔴 |
| Remote Desktop Client | CVE-2023-29352 | Windows Remote Desktop Security Feature Bypass Vulnerability | 🟡 |
| Role: DNS Server | CVE-2023-32020 | Windows DNS Spoofing Vulnerability | 🟢 |
| SysInternals | CVE-2023-29353 | Sysinternals Process Monitor for Windows Denial of Service Vulnerability | 🟡 |
| Visual Studio | CVE-2023-29007 | GitHub: CVE-2023-29007 Arbitrary configuration injection via `git submodule deinit` | ⚫ |
| Visual Studio | CVE-2023-33139 | Visual Studio Information Disclosure Vulnerability | 🟡 |
| Visual Studio | CVE-2023-25652 | GitHub: CVE-2023-25652 «git apply –reject» partially-controlled arbitrary file write | ⚫ |
| Visual Studio | CVE-2023-25815 | GitHub: CVE-2023-25815 Git looks for localized messages in an unprivileged place | ⚫ |
| Visual Studio | CVE-2023-27911 | AutoDesk: CVE-2023-27911 Heap buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior | ⚫ |
| Visual Studio | CVE-2023-27910 | AutoDesk: CVE-2023-27910 stack buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior | ⚫ |
| Visual Studio | CVE-2023-29011 | GitHub: CVE-2023-29011 The config file of `connect.exe` is susceptible to malicious placing | ⚫ |
| Visual Studio | CVE-2023-29012 | GitHub: CVE-2023-29012 Git CMD erroneously executes `doskey.exe` in current directory, if it exists | ⚫ |
| Visual Studio | CVE-2023-27909 | AutoDesk: CVE-2023-27909 Out-Of-Bounds Write Vulnerability in Autodesk® FBX® SDK 2020 or prior | ⚫ |
| Visual Studio Code | CVE-2023-33144 | Visual Studio Code Spoofing Vulnerability | 🟡 |
| Windows Authentication Methods | CVE-2023-29364 | Windows Authentication Elevation of Privilege Vulnerability | 🔴 |
| Windows Bus Filter Driver | CVE-2023-32010 | Windows Bus Filter Driver Elevation of Privilege Vulnerability | 🔴 |
| Windows Cloud Files Mini Filter Driver | CVE-2023-29361 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | 🔴 |
| Windows Collaborative Translation Framework | CVE-2023-32009 | Windows Collaborative Translation Framework Elevation of Privilege Vulnerability | 🔴 |
| Windows Container Manager Service | CVE-2023-32012 | Windows Container Manager Service Elevation of Privilege Vulnerability | 🟡 |
| Windows CryptoAPI | CVE-2023-24937 | Windows CryptoAPI Denial of Service Vulnerability | 🟡 |
| Windows CryptoAPI | CVE-2023-24938 | Windows CryptoAPI Denial of Service Vulnerability | 🟡 |
| Windows DHCP Server | CVE-2023-29355 | DHCP Server Service Information Disclosure Vulnerability | 🟡 |
| Windows Filtering | CVE-2023-29368 | Windows Filtering Platform Elevation of Privilege Vulnerability | 🔴 |
| Windows GDI | CVE-2023-29358 | Windows GDI Elevation of Privilege Vulnerability | 🔴 |
| Windows Geolocation Service | CVE-2023-29366 | Windows Geolocation Service Remote Code Execution Vulnerability | 🔴 |
| Windows Group Policy | CVE-2023-29351 | Windows Group Policy Elevation of Privilege Vulnerability | 🔴 |
| Windows Hello | CVE-2023-32018 | Windows Hello Remote Code Execution Vulnerability | 🔴 |
| Windows Hyper-V | CVE-2023-32013 | Windows Hyper-V Denial of Service Vulnerability | 🟡 |
| Windows Installer | CVE-2023-32016 | Windows Installer Information Disclosure Vulnerability | 🟡 |
| Windows iSCSI | CVE-2023-32011 | Windows iSCSI Discovery Service Denial of Service Vulnerability | 🔴 |
| Windows Kernel | CVE-2023-32019 | Windows Kernel Information Disclosure Vulnerability | 🟡 |
| Windows NTFS | CVE-2023-29346 | NTFS Elevation of Privilege Vulnerability | 🔴 |
| Windows ODBC Driver | CVE-2023-29373 | Microsoft ODBC Driver Remote Code Execution Vulnerability | 🔴 |
| Windows OLE | CVE-2023-29367 | iSCSI Target WMI Provider Remote Code Execution Vulnerability | 🔴 |
| Windows PGM | CVE-2023-29363 | Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | 🟣 |
| Windows PGM | CVE-2023-32014 | Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | 🟣 |
| Windows PGM | CVE-2023-32015 | Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | 🟣 |
| Windows Remote Procedure Call Runtime | CVE-2023-29369 | Remote Procedure Call Runtime Denial of Service Vulnerability | 🟡 |
| Windows Resilient File System (ReFS) | CVE-2023-32008 | Windows Resilient File System (ReFS) Remote Code Execution Vulnerability | 🔴 |
| Windows Server Service | CVE-2023-32022 | Windows Server Service Security Feature Bypass Vulnerability | 🔴 |
| Windows SMB | CVE-2023-32021 | Windows SMB Witness Service Security Feature Bypass Vulnerability | 🔴 |
| Windows TPM Device Driver | CVE-2023-29360 | Windows TPM Device Driver Elevation of Privilege Vulnerability | 🔴 |
| Windows Win32K | CVE-2023-29371 | Windows GDI Elevation of Privilege Vulnerability | 🔴 |
| Windows Win32K | CVE-2023-29359 | GDI Elevation of Privilege Vulnerability | 🔴 |
Alerta Temprana de Riesgos Cibernéticos (ATRc®)
Attack Surface Management
Cyber Threat Intelligence
