alerta de seguridad informática2020/02/09 · el equipo de respuesta ante incidentes de seguridad...
TRANSCRIPT
Ministerio del Interior y Seguridad Pública Página 1 de 8
https://www.csirt.gob.cl + (562) 24863850 @CSIRTGOB https://www.linkedin.com/company/csirt-gob
Alerta de seguridad informática 9VSA20-00141-001
Clase de alerta Vulnerabilidad
Tipo de incidente Sistema y/o Software Abierto
Nivel de riesgo Alto
TLP Blanco
Fecha de lanzamiento original 13 de febrero de 2020
Última revisión 13 de febrero de 2020
NOTIFICACIÓN La información consignada en el presente informe es producto del análisis de múltiples fuentes, de terceras partes, del propio fabricante e investigación propia del equipo CSIRT. La información contenida en los informes o comunicados está afecta a actualizaciones.
Resumen El Equipo de Respuesta ante Incidentes de Seguridad Informática, CSIRT, comparte la información entregada por Microsoft en su reporte mensual de actualizaciones correspondiente a febrero de 2020, parchando 25 vulnerabilidades en sus softwares. Además se informa de 76 vulnerabilidades adicionales al reporte mensual. Vulnerabilidades Reportados en el informe de febrero: CVE-2020-0618 CVE-2020-0696 CVE-2020-0736 CVE-2020-0658 CVE-2020-0697 CVE-2020-0744 CVE-2020-0675 CVE-2020-0698 CVE-2020-0746 CVE-2020-0676 CVE-2020-0705 CVE-2020-0748 CVE-2020-0677 CVE-2020-0706 CVE-2020-0755 CVE-2020-0689 CVE-2020-0714 CVE-2020-0756 CVE-2020-0693 CVE-2020-0716 CVE-2020-0759 CVE-2020-0694 CVE-2020-0717
Alerta de Seguridad Informática
Ministerio del Interior y Seguridad Pública Página 2 de 8
CVE-2020-0695 CVE-2020-0728 Reportador adicionalmente: CVE-2020-0655 CVE-2020-0691 CVE-2020-0732 CVE-2020-0657 CVE-2020-0692 CVE-2020-0733 CVE-2020-0659 CVE-2020-0701 CVE-2020-0734 CVE-2020-0660 CVE-2020-0702 CVE-2020-0735 CVE-2020-0661 CVE-2020-0703 CVE-2020-0737 CVE-2020-0662 CVE-2020-0704 CVE-2020-0738 CVE-2020-0663 CVE-2020-0707 CVE-2020-0739 CVE-2020-0665 CVE-2020-0708 CVE-2020-0740 CVE-2020-0666 CVE-2020-0709 CVE-2020-0741 CVE-2020-0667 CVE-2020-0710 CVE-2020-0742 CVE-2020-0668 CVE-2020-0711 CVE-2020-0743 CVE-2020-0669 CVE-2020-0712 CVE-2020-0745 CVE-2020-0670 CVE-2020-0713 CVE-2020-0747 CVE-2020-0671 CVE-2020-0715
Ministerio del Interior y Seguridad Pública Página 3 de 8
CVE-2020-0749 CVE-2020-0672 CVE-2020-0719 CVE-2020-0750 CVE-2020-0673 CVE-2020-0720 CVE-2020-0751 CVE-2020-0674 CVE-2020-0721 CVE-2020-0752 CVE-2020-0678 CVE-2020-0722 CVE-2020-0753 CVE-2020-0679 CVE-2020-0723 CVE-2020-0754 CVE-2020-0680 CVE-2020-0724 CVE-2020-0757 CVE-2020-0681 CVE-2020-0725 CVE-2020-0767 CVE-2020-0682 CVE-2020-0726 CVE-2020-0792 CVE-2020-0683 CVE-2020-0727 CVE-2020-0817 CVE-2020-0685 CVE-2020-0729 CVE-2020-0818 CVE-2020-0686 CVE-2020-0730 CVE-2020-0688 CVE-2020-0731 Productos Afectados
ChakraCore
Internet Explorer 9, 10, 11
Microsoft Edge (EdgeHTML-based)
Microsoft Excel
◦ 2010 Service Pack 2 (32-bit y 64-bit editions)
◦ 2013 RT Service Pack 1
Ministerio del Interior y Seguridad Pública Página 4 de 8
◦ 2013 Service Pack 1 (32-bit y 64-bit editions)
◦ 2016 (32-bit y 64-bit editions)
Microsoft Exchange Server
◦ 2010 Service Pack 3 Update Rollup 30
◦ 2013 Cumulative Update 23
◦ 2016 Cumulative Update 14
◦ 2016 Cumulative Update 15
◦ 2019 Cumulative Update 3
◦ 2019 Cumulative Update 4
Microsoft Office
◦ 2016 (32-bit y 64-bit editions)
◦ 2016 for Mac
◦ 2019 (32-bit y 64-bit editions)
◦ 2019 for Mac
Microsoft Outlook
◦ 2010 Service Pack 2 (32-bit y 64-bit editions)
◦ 2013 RT Service Pack 1
◦ 2013 Service Pack 1 (32-bit y 64-bit editions)
◦ 2016 (32-bit y 64-bit editions)
Microsoft SharePoint
◦ Enterprise Server 2016
◦ Foundation 2013 Service Pack 1
◦ Server 2019
Microsoft SQL Server
◦ 2012 for 32-bit Systems Service Pack 4 (QFE)
◦ 2012 for x64-based Systems Service Pack 4 (QFE)
◦ 2014 Service Pack 3 for 32-bit Systems (CU)
◦ 2014 Service Pack 3 for 32-bit Systems (GDR)
◦ 2014 Service Pack 3 for x64-based Systems (CU)
◦ 2014 Service Pack 3 for x64-based Systems (GDR)
◦ 2016 for x64-based Systems Service Pack 2 (CU)
◦ 2016 for x64-based Systems Service Pack 2 (GDR)
Microsoft Surface Hub
Office 365 ProPlus (32-bit y 64-bit editions)
Office Online Server
Windows 10
◦ Version 1607, 1709, 1803, 1809, 1903, 1909, para 32 y 64 bit
Windows 7
Ministerio del Interior y Seguridad Pública Página 5 de 8
◦ 32-bit Systems Service Pack 1
◦ x64-based Systems Service Pack 1
Windows 8.1
◦ 32-bit systems
◦ x64-based systems
Windows RT 8.1
Windows Server 2008
◦ 32-bit Systems Service Pack 2
◦ 32-bit Systems Service Pack 2 (Server Core installation)
◦ Itanium-Based Systems Service Pack 2
◦ x64-based Systems Service Pack 2
◦ x64-based Systems Service Pack 2 (Server Core installation)
◦ R2 for Itanium-Based Systems Service Pack 1
◦ R2 for x64-based Systems Service Pack 1
◦ R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012
◦ 2012
◦ Server Core installation
◦ R2 y R2 (Server Core installation)
Windows Server 2016
◦ 2016
◦ Server Core installation
Windows Server 2019
◦ 2019
◦ Server Core installation
Windows Server
◦ version 1803 (Server Core Installation)
◦ version 1903 (Server Core installation)
◦ version 1909 (Server Core installation) Mitigación Aplicar las actualizaciones publicadas por el fabricante.
Ministerio del Interior y Seguridad Pública Página 6 de 8
Enlace https://portal.msrc.microsoft.com/en-us/security-guidance https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Feb https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0618 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0658 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0675 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0676 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0677 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0689 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0693 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0694 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0695 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0696 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0697 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0698 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0705 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0706 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0714 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0716 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0717 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0728 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0736 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0744 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0746 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0748 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0755 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0756 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0759 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0655 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0657 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0659 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0660 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0661 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0662 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0663 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0665 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0666 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0667 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0668 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0669 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0670 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0671 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0672 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0673 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0674
Ministerio del Interior y Seguridad Pública Página 7 de 8
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0678 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0679 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0680 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0681 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0682 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0683 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0685 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0686 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0688 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0691 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0692 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0701 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0702 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0703 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0704 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0707 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0708 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0709 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0710 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0711 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0712 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0713 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0715 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0719 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0720 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0721 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0722 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0723 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0724 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0725 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0726 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0727 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0729 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0730 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0731 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0732 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0733 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0734 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0735 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0737 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0738 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0739 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0740 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0741 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0742
Ministerio del Interior y Seguridad Pública Página 8 de 8
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0743 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0745 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0747 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0749 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0750 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0751 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0752 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0753 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0754 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0757 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0767 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0792 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0817 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0818