63 nuevos fallos de seguridad para Windows (0 Days)
Este mes (Noviembre 2018), los usuarios de Windows y administradores de sistemas deben preocuparse por un total de 63 vulnerabilidades de seguridad, de las cuales 12 se consideran críticas, 49 importantes, una moderada y una de gravedad baja.
Dos de las vulnerabilidades parcheadas por el gigante de la tecnología este mes se enumeran como públicamente conocidas en el momento de su publicación, y se informa que una falla está siendo explotada activamente por múltiples grupos de ciberdelincuentes.
[ms-protect-content id=”489,503″]
(En la imagen) Vulnerabilidad de día cero explotada por delincuentes cibernéticos
La vulnerabilidad de día cero, rastreada como CVE-2018-8589, está siendo explotada por múltiples grupos de hackers de sobrero negro y fue detectada e informada por primera vez por investigadores de seguridad de Kaspersky Labs.
La falla reside en el componente Win32k (win32k.sys), que permite a un programa malicioso ejecutar código arbitrario para elevar sus privilegios en un Windows 7, Server 2008 o Server 2008 R2.
[/ms-protect-content]
Estás son todas las vulnerabilidades en cuestión:
(Esta información solo esta disponible para miembros Wiser Elite, Adquiere tu membresía aquí)
[ms-protect-content id=”503″]
Windows Deployment Services TFTP Server Remote Code Execution Vulnerability | CVE-2018-8476 | Critical |
Microsoft Graphics Components Remote Code Execution Vulnerability | CVE-2018-8553 | Critical |
Chakra Scripting Engine Memory Corruption Vulnerability | CVE-2018-8588 | Critical |
Chakra Scripting Engine Memory Corruption Vulnerability | CVE-2018-8541 | Critical |
Chakra Scripting Engine Memory Corruption Vulnerability | CVE-2018-8542 | Critical |
Chakra Scripting Engine Memory Corruption Vulnerability | CVE-2018-8543 | Critical |
Windows VBScript Engine Remote Code Execution Vulnerability | CVE-2018-8544 | Critical |
Chakra Scripting Engine Memory Corruption Vulnerability | CVE-2018-8555 | Critical |
Chakra Scripting Engine Memory Corruption Vulnerability | CVE-2018-8556 | Critical |
Chakra Scripting Engine Memory Corruption Vulnerability | CVE-2018-8557 | Critical |
Chakra Scripting Engine Memory Corruption Vulnerability | CVE-2018-8551 | Critical |
Microsoft Dynamics 365 (on-premises) version 8 Remote Code Execution Vulnerability | CVE-2018-8609 | Critical |
Azure App Service Cross-site Scripting Vulnerability | CVE-2018-8600 | Important |
Windows Win32k Elevation of Privilege Vulnerability | CVE-2018-8589 | Important |
BitLocker Security Feature Bypass Vulnerability | CVE-2018-8566 | Important |
Windows ALPC Elevation of Privilege Vulnerability | CVE-2018-8584 | Important |
Team Foundation Server Cross-site Scripting Vulnerability | CVE-2018-8602 | Important |
Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability | CVE-2018-8605 | Important |
Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability | CVE-2018-8606 | Important |
Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability | CVE-2018-8607 | Important |
Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability | CVE-2018-8608 | Important |
Microsoft RemoteFX Virtual GPU miniport driver Elevation of Privilege Vulnerability | CVE-2018-8471 | Important |
DirectX Elevation of Privilege Vulnerability | CVE-2018-8485 | Important |
DirectX Elevation of Privilege Vulnerability | CVE-2018-8554 | Important |
DirectX Elevation of Privilege Vulnerability | CVE-2018-8561 | Important |
Win32k Elevation of Privilege Vulnerability | CVE-2018-8562 | Important |
Microsoft SharePoint Elevation of Privilege Vulnerability | CVE-2018-8572 | Important |
Microsoft Exchange Server Elevation of Privilege Vulnerability | CVE-2018-8581 | Important |
Windows COM Elevation of Privilege Vulnerability | CVE-2018-8550 | Important |
Windows VBScript Engine Remote Code Execution Vulnerability | CVE-2018-8552 | Important |
Microsoft SharePoint Elevation of Privilege Vulnerability | CVE-2018-8568 | Important |
Windows Elevation Of Privilege Vulnerability | CVE-2018-8592 | Important |
Microsoft Edge Elevation of Privilege Vulnerability | CVE-2018-8567 | Important |
DirectX Information Disclosure Vulnerability | CVE-2018-8563 | Important |
MSRPC Information Disclosure Vulnerability | CVE-2018-8407 | Important |
Windows Audio Service Information Disclosure Vulnerability | CVE-2018-8454 | Important |
Win32k Information Disclosure Vulnerability | CVE-2018-8565 | Important |
Microsoft Outlook Information Disclosure Vulnerability | CVE-2018-8558 | Important |
Windows Kernel Information Disclosure Vulnerability | CVE-2018-8408 | Important |
Microsoft Edge Information Disclosure Vulnerability | CVE-2018-8545 | Important |
Microsoft SharePoint Information Disclosure Vulnerability | CVE-2018-8578 | Important |
Microsoft Outlook Information Disclosure Vulnerability | CVE-2018-8579 | Important |
PowerShell Remote Code Execution Vulnerability | CVE-2018-8256 | Important |
Microsoft Outlook Remote Code Execution Vulnerability | CVE-2018-8522 | Important |
Microsoft Outlook Remote Code Execution Vulnerability | CVE-2018-8576 | Important |
Microsoft Outlook Remote Code Execution Vulnerability | CVE-2018-8524 | Important |
Microsoft Word Remote Code Execution Vulnerability | CVE-2018-8539 | Important |
Microsoft Word Remote Code Execution Vulnerability | CVE-2018-8573 | Important |
Microsoft Excel Remote Code Execution Vulnerability | CVE-2018-8574 | Important |
Microsoft Project Remote Code Execution Vulnerability | CVE-2018-8575 | Important |
Microsoft Outlook Remote Code Execution Vulnerability | CVE-2018-8582 | Important |
Windows Search Remote Code Execution Vulnerability | CVE-2018-8450 | Important |
Microsoft Excel Remote Code Execution Vulnerability | CVE-2018-8577 | Important |
Internet Explorer Memory Corruption Vulnerability | CVE-2018-8570 | Important |
Microsoft JScript Security Feature Bypass Vulnerability | CVE-2018-8417 | Important |
Windows Security Feature Bypass Vulnerability | CVE-2018-8549 | Important |
Microsoft Edge Spoofing Vulnerability | CVE-2018-8564 | Important |
Active Directory Federation Services XSS Vulnerability | CVE-2018-8547 | Important |
Team Foundation Server Remote Code Execution Vulnerability | CVE-2018-8529 | Important |
Yammer Desktop Application Remote Code Execution Vulnerability | CVE-2018-8569 | Important |
Microsoft Powershell Tampering Vulnerability | CVE-2018-8415 | Important |
.NET Core Tampering Vulnerability | CVE-2018-8416 | Moderate |
Microsoft Skype for Business Denial of Service Vulnerability | CVE-2018-8546 | Low |
[/ms-protect-content]
[ms-protect-content id=”489,503″]
Se recomienda a los usuarios y administradores de sistemas Windows que apliquen los parches de seguridad mencionados lo antes posible para evitar que delincuentes cibernéticos tomen el control de sus sistemas.
[/ms-protect-content]