Boletín de seguridad de Microsoft de noviembre de 2019

Fecha de publicación: 13/11/2019
Importancia: 5 - Crítica

Recursos afectados: 
Microsoft Windows,
Internet Explorer,
Microsoft Edge (Edge basado en HTML),
ChakraCore,
Microsoft Office y Microsoft Office Services y Web Apps,
Open Source Software,
Microsoft Exchange Server,
Visual Studio,
Azure Stack.

Descripción: 
La publicación de actualizaciones de seguridad de Microsoft correspondiente al mes de noviembre consta de 75 vulnerabilidades, 13 clasificadas como críticas y 62 como importantes.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/boletin-seguridad-microsoft-noviembre-2019

Debian Security Advisory

DSA-4565-1 intel-microcode -- security update

Date Reported:13 Nov 2019

https://www.debian.org/security/2019/dsa-4565

VMware Releases Security Updates

Original release date: November 12, 2019

VMware has released security updates to address vulnerabilities in ESXi, Workstation, and Fusion. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review VMware Security Advisories VMSA-2019-0020 and VMSA-2019-0021 and apply the necessary updates.

https://www.us-cert.gov/ncas/current-activity/2019/11/12/vmware-releases-security-updates

Intel Releases Security Updates

Original release date: November 12, 2019

Intel has released security updates to address vulnerabilities in multiple products. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Intel advisories and apply the necessary updates:

BMC Advisory INTEL-SA-00313

UEFI Advisory INTEL-SA-00280

SGX and TXT Advisory INTEL-SA-00220

Processor Security Advisory INTEL-SA-00240

CSME, Intel SPS, Intel TXE, Intel AMT, Intel PTT and Intel DAL Advisory INTEL-SA-00241

Graphics Driver for Windows Advisory INTEL-SA-00242

Ethernet 700 Series Controllers Advisory INTEL-SA-00255

SGX Advisory INTEL-SA-00293

Proset/Wireless Wifi Software Security Advisory INTEL-SA-00288

WIFI Drivers and Intel® PROSet/Wireless WiFi Software Extension DLL Advisory INTEL-SA-00287

For updates addressing medium severity vulnerabilities, see the Intel Security Advisories page.

https://www.us-cert.gov/ncas/current-activity/2019/11/12/intel-releases-security-updates

Adobe Releases Security Updates

Original release date: November 12, 2019

Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates.
Animate CC 2019 APSB19-34
Illustrator CC APSB19-36
Media Encoder APSB19-52
Bridge CC APSB19-53

https://www.us-cert.gov/ncas/current-activity/2019/11/12/adobe-releases-security-updates

Vulnerability Spotlight: Remote code execution vulnerability in Microsoft Media Foundation

Microsoft Media Foundation’s framework contains a remote code execution vulnerability that exists due to a use-after-free condition. This specific bug lies in Media Foundation's MPEG4 DLL. An attacker could provide a user with a specially crafted QuickTime file to exploit this vulnerability.

https://blog.talosintelligence.com/2019/11/vuln-spotlight-microsoft-media-foundation-nov-2019-RCE.html

Vulnerability Spotlight: Remote code execution vulnerability in Microsoft Excel


Cisco Talos recently discovered a remote code execution vulnerability in Microsoft Excel. Microsoft disclosed this bug as part of their monthly security update Tuesday. This vulnerability exists in the component responsible for handling the “MicrosoftÆ Office HTML and XML” format introduced in Microsoft Office 2000. A specially crafted XLS file could lead to a user-after-free vulnerability and remote code execution.

https://blog.talosintelligence.com/2019/11/vuln-spotlight-microsoft-excel-nov-2019-RCE.html

[SECURITY] [DLA 1991-1] libssh2 security update


Package : libssh2 Version : 1.4.3-4.1+deb8u6 CVE ID : CVE-2019-17498 Debian Bug : 943562 In libssh2, SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server For Debian 8 "Jessie", this problem has been fixed in version 1.4.3-4.1+deb8u6.

https://lists.debian.org/debian-lts-announce/2019/11/msg00010.html

Cross-site scripting (XSS) en TIBCO EBX

Fecha de publicación: 13/11/2019
Importancia: 4 - Alta

Recursos afectados: 
El servidor web de las siguientes versiones de TIBCO EBX:
5.8.1.fixR y anteriores
5.9.3, 5.9.4, 5.9.5 y 5.9.6
En el interfaz web del Digital Asset Manager de las siguientes versiones de los complementos (Add-ons) de TIBCO EBX:
3.20.13 y anteriores
4.1.0, 4.2.0, 4.2.1 y 4.2.2
En el interfaz web del Data Exchange las siguientes versiones de los complementos (Add-ons) de TIBCO EBX:
3.20.13 y anteriores
4.1.0

Descripción: 
TIBCO ha publicado 3 vulnerabilidades que afectan a varios de sus productos, que permitirían a un atacante realizar ataques cross-site scripting (XSS).

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/cross-site-scripting-xss-tibco-ebx

SCShell: movimientos laterales a través del service manager

https://www.hackplayers.com/2019/11/scshell-movimientos-laterales-sc.html

#Google Fixes White Screen Problem in #Chrome, Admins Furious

Google has rolled back an experimental WebContent Occlusion feature that caused major disruption for enterprise users using Chrome in a multi-user terminal server environment. While the issue is now fixed, enterprise admins are furious that this feature was enabled in the first place without their knowledge or permission.

https://www.bleepingcomputer.com/news/software/google-fixes-white-screen-problem-in-chrome-admins-furious/

Vulnerabilidad de inyección CSV en UCD de IBM

Fecha de publicación: 15/11/2019
Importancia: 4 - Alta

Recursos afectados: 
UCD - IBM UrbanCode Deploy.

Descripción: 
Se ha publicado una vulnerabilidad de inyección CSV que podría permitir la generación de un archivo de descarga CSV malicioso.

Solución: 
Actualizar a la versión 7.0.4.0 o posterior.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-inyeccion-csv-ucd-ibm

Vulnerabilidad de denegación de servicio en BIG-IP de F5

Fecha de publicación: 15/11/2019
Importancia: 4 - Alta

Recursos afectados: 
BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator), versiones desde 14.0.0, hasta 14.1.0.1.

Descripción: 
Los servidores virtuales BIG-IP, con TLS 1.3, activado podrían experimentar una denegación de servicio (DoS) debido a mensajes entrantes no revelados.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-denegacion-servicio-big-ip-f5

Attention is All They Need: Combatting Social Media Information Operations With Neural Language Models

https://www.fireeye.com/blog/threat-research/2019/11/combatting-social-media-information-operations-neural-language-models.html

Changing security incident response by utilizing the power of the cloud— #DART tools, techniques, and procedures: part 1

This is the first in a blog series discussing the tools, techniques, and procedures that the #Microsoft Detection and Response Team (DART) use to investigate cybersecurity incidents at our customer organizations.

https://www.microsoft.com/security/blog/2019/11/14/security-incident-response-utilizing-cloud-dart-tools-techniques-procedures-part-1/

#Microsoft issues patch for Internet Explorer zero‑day

The critical vulnerability could also be exploited via a malicious Microsoft Office document

Microsoft has shipped out a fix for a critical flaw in Internet Explorer (IE) that is being exploited in the wild. Tracked as CVE-2019-1429, the vulnerability is part of this month’s batch of regular security updates known as Patch Tuesday.

https://www.welivesecurity.com/2019/11/14/microsoft-patch-internet-explorer-zero-day/

#Microsoft Removes #Windows10 1909 Realtek Driver Update Block

Microsoft removed a compatibility hold caused by outdated Realtek Bluetooth drivers and published a support document describing a workaround designed to help Windows 10 users still affected by the safeguard hold.

https://www.bleepingcomputer.com/news/microsoft/microsoft-removes-windows-10-1909-realtek-driver-update-block/

Experts found undocumented access feature in Siemens SIMATIC PLCs

Researchers discovered a vulnerability in Siemens SIMATIC S7-1200 programmable logic controller (PLC) that could allow attackers to execute arbitrary code on vulnerable devices.

https://securityaffairs.co/wordpress/93939/ics-scada/siemens-simatic-flaw.html

Critical Vulnerability in Android Phone Let Hackers Execute an Arbitrary Code Remotely

Researchers discovered a new Critical Android vulnerability that may allow attackers to perform remote code execution on a vulnerable Android device and to take control of it.

https://gbhackers.com/android-vulnerability/

[SECURITY] [DSA 4571-1] thunderbird security update

Package : thunderbird
CVE ID : CVE-2019-15903 CVE-2019-11764 CVE-2019-11763 CVE-2019-11762 CVE-2019-11761 CVE-2019-11760 CVE-2019-11759 CVE-2019-11757 CVE-2019-11755

Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code or denial of service.

https://lists.debian.org/debian-security-announce/2019/msg00223.html

Actualiza a la última versión de #WhatsApp

Se ha hecho pública una vulnerabilidad en la aplicación de mensajería instantánea, WhatsApp. Esta vulnerabilidad podría explotarse mediante un vídeo, en formato MP4, manipulado de forma maliciosa. Después de enviar dicho vídeo a la víctima en cuestión, el ciberdelincuente podría ejecutar código malicioso en el dispositivo de manera remota.

Recursos afectados:
La vulnerabilidad afecta a dispositivos:
Android con versión anterior a 2.19.274;
iOS con versión anterior a 2.19.100;
Enterprise Client, versión anterior a 2.25.3;
Windows Phone, versión 2.18.368 y anteriores;
WhastApp Business para Android, versión anterior a 2.19.104;
WhatsApp Business para iOS, versión anterior a 2.19.100.

Detalles
El fallo de seguridad, que ha sido confirmado por Facebook a través de un comunicado publicado en su web, podría permitir a un ciberdelincuente lanzar ataques #DoS (denegación del servicio) o #RCE (ejecución de código de manera remota).

https://www.osi.es/es/actualidad/avisos/2019/11/actualiza-la-ultima-version-de-whatsapp