Comparte en:

Este mes (Noviembre 2018), los usuarios de Windows y administradores de sistemas deben preocuparse por un total de 63 vulnerabilidades de seguridad, de las cuales 12 se consideran críticas, 49 importantes, una moderada y una de gravedad baja.

Dos de las vulnerabilidades parcheadas por el gigante de la tecnología este mes se enumeran como públicamente conocidas en el momento de su publicación, y se informa que una falla está siendo explotada activamente por múltiples grupos de ciberdelincuentes.

[ms-protect-content id=”489,503″]
(En la imagen) Vulnerabilidad de día cero explotada por delincuentes cibernéticos
La vulnerabilidad de día cero, rastreada como CVE-2018-8589, está siendo explotada por múltiples grupos de hackers de sobrero negro y fue detectada e informada por primera vez por investigadores de seguridad de Kaspersky Labs.

La falla reside en el componente Win32k (win32k.sys), que permite a un programa malicioso ejecutar código arbitrario para elevar sus privilegios en un Windows 7, Server 2008 o Server 2008 R2.

[/ms-protect-content]

Estás son todas las vulnerabilidades en cuestión:
(Esta información solo esta disponible para miembros Wiser Elite, Adquiere tu membresía aquí)
[ms-protect-content id=”503″]

Windows Deployment Services TFTP Server Remote Code Execution Vulnerability CVE-2018-8476 Critical
Microsoft Graphics Components Remote Code Execution Vulnerability CVE-2018-8553 Critical
Chakra Scripting Engine Memory Corruption Vulnerability CVE-2018-8588 Critical
Chakra Scripting Engine Memory Corruption Vulnerability CVE-2018-8541 Critical
Chakra Scripting Engine Memory Corruption Vulnerability CVE-2018-8542 Critical
Chakra Scripting Engine Memory Corruption Vulnerability CVE-2018-8543 Critical
Windows VBScript Engine Remote Code Execution Vulnerability CVE-2018-8544 Critical
Chakra Scripting Engine Memory Corruption Vulnerability CVE-2018-8555 Critical
Chakra Scripting Engine Memory Corruption Vulnerability CVE-2018-8556 Critical
Chakra Scripting Engine Memory Corruption Vulnerability CVE-2018-8557 Critical
Chakra Scripting Engine Memory Corruption Vulnerability CVE-2018-8551 Critical
Microsoft Dynamics 365 (on-premises) version 8 Remote Code Execution Vulnerability CVE-2018-8609 Critical
Azure App Service Cross-site Scripting Vulnerability CVE-2018-8600 Important
Windows Win32k Elevation of Privilege Vulnerability CVE-2018-8589 Important
BitLocker Security Feature Bypass Vulnerability CVE-2018-8566 Important
Windows ALPC Elevation of Privilege Vulnerability CVE-2018-8584 Important
Team Foundation Server Cross-site Scripting Vulnerability CVE-2018-8602 Important
Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability CVE-2018-8605 Important
Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability CVE-2018-8606 Important
Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability CVE-2018-8607 Important
Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability CVE-2018-8608 Important
Microsoft RemoteFX Virtual GPU miniport driver Elevation of Privilege Vulnerability CVE-2018-8471 Important
DirectX Elevation of Privilege Vulnerability CVE-2018-8485 Important
DirectX Elevation of Privilege Vulnerability CVE-2018-8554 Important
DirectX Elevation of Privilege Vulnerability CVE-2018-8561 Important
Win32k Elevation of Privilege Vulnerability CVE-2018-8562 Important
Microsoft SharePoint Elevation of Privilege Vulnerability CVE-2018-8572 Important
Microsoft Exchange Server Elevation of Privilege Vulnerability CVE-2018-8581 Important
Windows COM Elevation of Privilege Vulnerability CVE-2018-8550 Important
Windows VBScript Engine Remote Code Execution Vulnerability CVE-2018-8552 Important
Microsoft SharePoint Elevation of Privilege Vulnerability CVE-2018-8568 Important
Windows Elevation Of Privilege Vulnerability CVE-2018-8592 Important
Microsoft Edge Elevation of Privilege Vulnerability CVE-2018-8567 Important
DirectX Information Disclosure Vulnerability CVE-2018-8563 Important
MSRPC Information Disclosure Vulnerability CVE-2018-8407 Important
Windows Audio Service Information Disclosure Vulnerability CVE-2018-8454 Important
Win32k Information Disclosure Vulnerability CVE-2018-8565 Important
Microsoft Outlook Information Disclosure Vulnerability CVE-2018-8558 Important
Windows Kernel Information Disclosure Vulnerability CVE-2018-8408 Important
Microsoft Edge Information Disclosure Vulnerability CVE-2018-8545 Important
Microsoft SharePoint Information Disclosure Vulnerability CVE-2018-8578 Important
Microsoft Outlook Information Disclosure Vulnerability CVE-2018-8579 Important
PowerShell Remote Code Execution Vulnerability CVE-2018-8256 Important
Microsoft Outlook Remote Code Execution Vulnerability CVE-2018-8522 Important
Microsoft Outlook Remote Code Execution Vulnerability CVE-2018-8576 Important
Microsoft Outlook Remote Code Execution Vulnerability CVE-2018-8524 Important
Microsoft Word Remote Code Execution Vulnerability CVE-2018-8539 Important
Microsoft Word Remote Code Execution Vulnerability CVE-2018-8573 Important
Microsoft Excel Remote Code Execution Vulnerability CVE-2018-8574 Important
Microsoft Project Remote Code Execution Vulnerability CVE-2018-8575 Important
Microsoft Outlook Remote Code Execution Vulnerability CVE-2018-8582 Important
Windows Search Remote Code Execution Vulnerability CVE-2018-8450 Important
Microsoft Excel Remote Code Execution Vulnerability CVE-2018-8577 Important
Internet Explorer Memory Corruption Vulnerability CVE-2018-8570 Important
Microsoft JScript Security Feature Bypass Vulnerability CVE-2018-8417 Important
Windows Security Feature Bypass Vulnerability CVE-2018-8549 Important
Microsoft Edge Spoofing Vulnerability CVE-2018-8564 Important
Active Directory Federation Services XSS Vulnerability CVE-2018-8547 Important
Team Foundation Server Remote Code Execution Vulnerability CVE-2018-8529 Important
Yammer Desktop Application Remote Code Execution Vulnerability CVE-2018-8569 Important
Microsoft Powershell Tampering Vulnerability CVE-2018-8415 Important
.NET Core Tampering Vulnerability CVE-2018-8416 Moderate
Microsoft Skype for Business Denial of Service Vulnerability CVE-2018-8546 Low

[/ms-protect-content]

[ms-protect-content id=”489,503″]
Se recomienda a los usuarios y administradores de sistemas Windows que apliquen los parches de seguridad mencionados lo antes posible para evitar que delincuentes cibernéticos tomen el control de sus sistemas.
[/ms-protect-content]




0 Comments

Deja un comentario