63 nuevos fallos de seguridad para Windows (0 Days)
Este mes (Noviembre 2018), los usuarios de Windows y administradores de sistemas deben preocuparse por un total de 63 vulnerabilidades de seguridad, de las cuales 12 se consideran críticas, 49 importantes, una moderada y una de gravedad baja.
Dos de las vulnerabilidades parcheadas por el gigante de la tecnología este mes se enumeran como públicamente conocidas en el momento de su publicación, y se informa que una falla está siendo explotada activamente por múltiples grupos de ciberdelincuentes.
[ms-protect-content id=”489,503″]
(En la imagen) Vulnerabilidad de día cero explotada por delincuentes cibernéticos
La vulnerabilidad de día cero, rastreada como CVE-2018-8589, está siendo explotada por múltiples grupos de hackers de sobrero negro y fue detectada e informada por primera vez por investigadores de seguridad de Kaspersky Labs.
La falla reside en el componente Win32k (win32k.sys), que permite a un programa malicioso ejecutar código arbitrario para elevar sus privilegios en un Windows 7, Server 2008 o Server 2008 R2.
[/ms-protect-content]
Estás son todas las vulnerabilidades en cuestión:
(Esta información solo esta disponible para miembros Wiser Elite, Adquiere tu membresía aquí)
[ms-protect-content id=”503″]
| Windows Deployment Services TFTP Server Remote Code Execution Vulnerability | CVE-2018-8476 | Critical |
| Microsoft Graphics Components Remote Code Execution Vulnerability | CVE-2018-8553 | Critical |
| Chakra Scripting Engine Memory Corruption Vulnerability | CVE-2018-8588 | Critical |
| Chakra Scripting Engine Memory Corruption Vulnerability | CVE-2018-8541 | Critical |
| Chakra Scripting Engine Memory Corruption Vulnerability | CVE-2018-8542 | Critical |
| Chakra Scripting Engine Memory Corruption Vulnerability | CVE-2018-8543 | Critical |
| Windows VBScript Engine Remote Code Execution Vulnerability | CVE-2018-8544 | Critical |
| Chakra Scripting Engine Memory Corruption Vulnerability | CVE-2018-8555 | Critical |
| Chakra Scripting Engine Memory Corruption Vulnerability | CVE-2018-8556 | Critical |
| Chakra Scripting Engine Memory Corruption Vulnerability | CVE-2018-8557 | Critical |
| Chakra Scripting Engine Memory Corruption Vulnerability | CVE-2018-8551 | Critical |
| Microsoft Dynamics 365 (on-premises) version 8 Remote Code Execution Vulnerability | CVE-2018-8609 | Critical |
| Azure App Service Cross-site Scripting Vulnerability | CVE-2018-8600 | Important |
| Windows Win32k Elevation of Privilege Vulnerability | CVE-2018-8589 | Important |
| BitLocker Security Feature Bypass Vulnerability | CVE-2018-8566 | Important |
| Windows ALPC Elevation of Privilege Vulnerability | CVE-2018-8584 | Important |
| Team Foundation Server Cross-site Scripting Vulnerability | CVE-2018-8602 | Important |
| Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability | CVE-2018-8605 | Important |
| Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability | CVE-2018-8606 | Important |
| Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability | CVE-2018-8607 | Important |
| Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability | CVE-2018-8608 | Important |
| Microsoft RemoteFX Virtual GPU miniport driver Elevation of Privilege Vulnerability | CVE-2018-8471 | Important |
| DirectX Elevation of Privilege Vulnerability | CVE-2018-8485 | Important |
| DirectX Elevation of Privilege Vulnerability | CVE-2018-8554 | Important |
| DirectX Elevation of Privilege Vulnerability | CVE-2018-8561 | Important |
| Win32k Elevation of Privilege Vulnerability | CVE-2018-8562 | Important |
| Microsoft SharePoint Elevation of Privilege Vulnerability | CVE-2018-8572 | Important |
| Microsoft Exchange Server Elevation of Privilege Vulnerability | CVE-2018-8581 | Important |
| Windows COM Elevation of Privilege Vulnerability | CVE-2018-8550 | Important |
| Windows VBScript Engine Remote Code Execution Vulnerability | CVE-2018-8552 | Important |
| Microsoft SharePoint Elevation of Privilege Vulnerability | CVE-2018-8568 | Important |
| Windows Elevation Of Privilege Vulnerability | CVE-2018-8592 | Important |
| Microsoft Edge Elevation of Privilege Vulnerability | CVE-2018-8567 | Important |
| DirectX Information Disclosure Vulnerability | CVE-2018-8563 | Important |
| MSRPC Information Disclosure Vulnerability | CVE-2018-8407 | Important |
| Windows Audio Service Information Disclosure Vulnerability | CVE-2018-8454 | Important |
| Win32k Information Disclosure Vulnerability | CVE-2018-8565 | Important |
| Microsoft Outlook Information Disclosure Vulnerability | CVE-2018-8558 | Important |
| Windows Kernel Information Disclosure Vulnerability | CVE-2018-8408 | Important |
| Microsoft Edge Information Disclosure Vulnerability | CVE-2018-8545 | Important |
| Microsoft SharePoint Information Disclosure Vulnerability | CVE-2018-8578 | Important |
| Microsoft Outlook Information Disclosure Vulnerability | CVE-2018-8579 | Important |
| PowerShell Remote Code Execution Vulnerability | CVE-2018-8256 | Important |
| Microsoft Outlook Remote Code Execution Vulnerability | CVE-2018-8522 | Important |
| Microsoft Outlook Remote Code Execution Vulnerability | CVE-2018-8576 | Important |
| Microsoft Outlook Remote Code Execution Vulnerability | CVE-2018-8524 | Important |
| Microsoft Word Remote Code Execution Vulnerability | CVE-2018-8539 | Important |
| Microsoft Word Remote Code Execution Vulnerability | CVE-2018-8573 | Important |
| Microsoft Excel Remote Code Execution Vulnerability | CVE-2018-8574 | Important |
| Microsoft Project Remote Code Execution Vulnerability | CVE-2018-8575 | Important |
| Microsoft Outlook Remote Code Execution Vulnerability | CVE-2018-8582 | Important |
| Windows Search Remote Code Execution Vulnerability | CVE-2018-8450 | Important |
| Microsoft Excel Remote Code Execution Vulnerability | CVE-2018-8577 | Important |
| Internet Explorer Memory Corruption Vulnerability | CVE-2018-8570 | Important |
| Microsoft JScript Security Feature Bypass Vulnerability | CVE-2018-8417 | Important |
| Windows Security Feature Bypass Vulnerability | CVE-2018-8549 | Important |
| Microsoft Edge Spoofing Vulnerability | CVE-2018-8564 | Important |
| Active Directory Federation Services XSS Vulnerability | CVE-2018-8547 | Important |
| Team Foundation Server Remote Code Execution Vulnerability | CVE-2018-8529 | Important |
| Yammer Desktop Application Remote Code Execution Vulnerability | CVE-2018-8569 | Important |
| Microsoft Powershell Tampering Vulnerability | CVE-2018-8415 | Important |
| .NET Core Tampering Vulnerability | CVE-2018-8416 | Moderate |
| Microsoft Skype for Business Denial of Service Vulnerability | CVE-2018-8546 | Low |
[/ms-protect-content]
[ms-protect-content id=”489,503″]
Se recomienda a los usuarios y administradores de sistemas Windows que apliquen los parches de seguridad mencionados lo antes posible para evitar que delincuentes cibernéticos tomen el control de sus sistemas.
[/ms-protect-content]
