Esta actualización de seguridad resuelve vulnerabilidades en el Framework de Microsoft .NET. La más grave de estas vulnerabilidades podría permitir elevación de privilegios si un usuario instala una aplicación especialmente diseñada y sea parcialmente de confianza.
Microsoft Windows Windows | Windows 7 for 32-bit Systems SP1 Microsoft .NET Framework 4.5/4.5.1/4.5.2 | < | 3023224 |
Microsoft Windows Windows | Windows 7 for 32-bit Systems SP1 Microsoft .NET Framework 4.5/4.5.1/4.5.2 | < | 3035490 |
Microsoft Windows Windows | Windows 7 for 32-bit Systems, Microsoft .NET Framework 4.0 | < | 3023221 |
Microsoft Windows Windows | Windows 7 for 32-bit Systems, Microsoft .NET Framework 4.0 | < | 3032662 |
Microsoft Windows Windows | Windows 7 for x64-based Systems SP1 Microsoft .NET Framework 4.5/4.5.1/4.5.2 | < | 3023224 |
Microsoft Windows Windows | Windows 7 for x64-based Systems SP1 Microsoft .NET Framework 4.5/4.5.1/4.5.2 | < | 3035490 |
Microsoft Windows Windows | Windows 7 for x64-based Systems SP1, Microsoft .NET Framework 3.5.1 | < | 3023215 |
Microsoft Windows Windows | Windows 7 for x64-based Systems SP1, Microsoft .NET Framework 3.5.1 | < | 3032655 |
Microsoft Windows Windows | Windows 7 for x64-based Systems SP1, Microsoft .NET Framework 4.0 | < | 3023221 |
Microsoft Windows Windows | Windows 7 for x64-based Systems SP1, Microsoft .NET Framework 4.0 | < | 3032662 |
Microsoft Windows Windows | Windows 8 for 32-bit Systems Microsoft .NET Framework 4.5/4.5.1/4.5.2 | < | 3023223 |
Microsoft Windows Windows | Windows 8 for 32-bit Systems Microsoft .NET Framework 4.5/4.5.1/4.5.2 | < | 3035489 |
Microsoft Windows Windows | Windows 8 for 32-bit Systems, Microsoft .NET Framework 3.5 | < | 3023217 |
Microsoft Windows Windows | Windows 8 for 32-bit Systems, Microsoft .NET Framework 3.5 | < | 3035486 |
Microsoft Windows Windows | Windows 8 for 64-bit Systems, Microsoft .NET Framework 3.5 | < | 3023217 |
Microsoft Windows Windows | Windows 8 for 64-bit Systems, Microsoft .NET Framework 3.5 | < | 3035486 |
Microsoft Windows Windows | Windows 8 for x64-based Systems Microsoft .NET Framework 4.5/4.5.1/4.5.2 | < | 3023223 |
Microsoft Windows Windows | Windows 8 for x64-based Systems Microsoft .NET Framework 4.5/4.5.1/4.5.2 | < | 3035489 |
Microsoft Windows Windows | Windows 8.1 for 32-bit Systems Microsoft .NET Framework 4.5/4.5.1/4.5.2 | < | 3023222 |
Microsoft Windows Windows | Windows 8.1 for 32-bit Systems Microsoft .NET Framework 4.5/4.5.1/4.5.2 | < | 3032663 |
Microsoft Windows Windows | Windows 8.1 for x64-based Systems Microsoft .NET Framework 4.5/4.5.1/4.5.2 | < | 3023222 |
Microsoft Windows Windows | Windows 8.1 for x64-based Systems Microsoft .NET Framework 4.5/4.5.1/4.5.2 | < | 3032663 |
Microsoft Windows Windows | Windows Server 2003 SP2, Microsoft .NET Framework 1.1 SP1 | < | 3023221 |
Microsoft Windows Windows | Windows Server 2003 SP2, Microsoft .NET Framework 2.0 SP2 | < | 3023221 |
Microsoft Windows Windows | Windows Server 2003 SP2, Microsoft .NET Framework 2.0 SP2 | < | 3035488 |
Microsoft Windows Windows | Windows Server 2003 SP2, Microsoft .NET Framework 4.0 | < | 3023221 |
Microsoft Windows Windows | Windows Server 2003 SP2, Microsoft .NET Framework 4.0 | < | 3032662 |
Microsoft Windows Windows | Windows Server 2003 with SP2 for Itanium-based Systems, Microsoft .NET Framework 2.0 SP2 | < | 3023220 |
Microsoft Windows Windows | Windows Server 2003 with SP2 for Itanium-based Systems, Microsoft .NET Framework 2.0 SP2 | < | 3035488 |
Microsoft Windows Windows | Windows Server 2003 with SP2 for Itanium-based Systems, Microsoft .NET Framework 4.0 | < | 3023221 |
Microsoft Windows Windows | Windows Server 2003 with SP2 for Itanium-based Systems, Microsoft .NET Framework 4.0 | < | 3032662 |
Microsoft Windows Windows | Windows Server 2003 x64 Edition SP2, Microsoft .NET Framework 2.0 SP2 | < | 3023220 |
Microsoft Windows Windows | Windows Server 2003 x64 Edition SP2, Microsoft .NET Framework 2.0 SP2 | < | 3035488 |
Microsoft Windows Windows | Windows Server 2003 x64 Edition SP2,Microsoft .NET Framework 4.0 | < | 3023221 |
Microsoft Windows Windows | Windows Server 2003 x64 Edition SP2,Microsoft .NET Framework 4.0 | < | 3032662 |
Microsoft Windows Windows | Windows Server 2008 R2 for Itanium-based Systems, Microsoft .NET Framework 3.5.1 | < | 3023215 |
Microsoft Windows Windows | Windows Server 2008 R2 for Itanium-based Systems, Microsoft .NET Framework 3.5.1 | < | 3032655 |
Microsoft Windows Windows | Windows Server 2008 R2 for Itanium-based Systems, Microsoft .NET Framework 4.0 | < | 3023221 |
Microsoft Windows Windows | Windows Server 2008 R2 for Itanium-based Systems, Microsoft .NET Framework 4.0 | < | 3032662 |
Microsoft Windows Windows | Windows Server 2008 R2 for x64-based Systems SP1 Microsoft .NET Framework 4.5/4.5.1/4.5.2 | < | 3023224 |
Microsoft Windows Windows | Windows Server 2008 R2 for x64-based Systems SP1 Microsoft .NET Framework 4.5/4.5.1/4.5.2 | < | 3035490 |
Microsoft Windows Windows | Windows Server 2008 R2 for x64-based Systems, Microsoft .NET Framework 3.5.1 | < | 3023215 |
Microsoft Windows Windows | Windows Server 2008 R2 for x64-based Systems, Microsoft .NET Framework 3.5.1 | < | 3032655 |
Microsoft Windows Windows | Windows Server 2008 R2 for x64-based Systems,Microsoft .NET Framework 4.0 | < | 3023221 |
Microsoft Windows Windows | Windows Server 2008 R2 for x64-based Systems,Microsoft .NET Framework 4.0 | < | 3032662 |
Microsoft Windows Windows | Windows Server 2008 for 32-bit Systems SP2 Microsoft .NET Framework 4.5/4.5.1/4.5.2 | < | 3023224 |
Microsoft Windows Windows | Windows Server 2008 for 32-bit Systems SP2 Microsoft .NET Framework 4.5/4.5.1/4.5.2 | < | 3035490 |
Microsoft Windows Windows | Windows Server 2008 for 32-bit Systems SP2, Microsoft .NET Framework 2.0 SP2 | < | 3023213 |
Microsoft Windows Windows | Windows Server 2008 for 32-bit Systems SP2, Microsoft .NET Framework 2.0 SP2 | < | 3035485 |
Microsoft Windows Windows | Windows Server 2008 for 32-bit Systems SP2,Microsoft .NET Framework 4.0 | < | 3023221 |
Microsoft Windows Windows | Windows Server 2008 for 32-bit Systems SP2,Microsoft .NET Framework 4.0 | < | 3032662 |
Microsoft Windows Windows | Windows Server 2008 for Itanium-based Systems SP2, Microsoft .NET Framework 2.0 SP2 | < | 3023213 |
Microsoft Windows Windows | Windows Server 2008 for Itanium-based Systems SP2, Microsoft .NET Framework 2.0 SP2 | < | 3035485 |
Microsoft Windows Windows | Windows Server 2008 for Itanium-based Systems SP2, Microsoft .NET Framework 4.0 | < | 3023221 |
Microsoft Windows Windows | Windows Server 2008 for Itanium-based Systems SP2, Microsoft .NET Framework 4.0 | < | 3032662 |
Microsoft Windows Windows | Windows Server 2008 for x64-based Systems SP2 Microsoft .NET Framework 4.5/4.5.1/4.5.2 | < | 3023224 |
Microsoft Windows Windows | Windows Server 2008 for x64-based Systems SP2, Microsoft .NET Framework 2.0 SP2 | < | 3023213 |
Microsoft Windows Windows | Windows Server 2008 for x64-based Systems SP2, Microsoft .NET Framework 2.0 SP2 | < | 3035485 |
Microsoft Windows Windows | Windows Server 2008 for x64-based Systems SP2, Microsoft .NET Framework 4.0 | < | 3023221 |
Microsoft Windows Windows | Windows Server 2008 for x64-based Systems SP2, Microsoft .NET Framework 4.0 | < | 3032662 |
Microsoft Windows Windows | Windows Server 2012 (Server Core installation) Microsoft .NET Framework 3.5 | < | 3023217 |
Microsoft Windows Windows | Windows Server 2012 (Server Core installation) Microsoft .NET Framework 3.5 | < | 3023223 |
Microsoft Windows Windows | Windows Server 2012 (Server Core installation) Microsoft .NET Framework 4.5/4.5.1/4.5.2 | < | 3023223 |
Microsoft Windows Windows | Windows Server 2012 (Server Core installation) Microsoft .NET Framework 4.5/4.5.1/4.5.2 | < | 3035489 |
Microsoft Windows Windows | Windows Server 2012 Microsoft .NET Framework 4.5/4.5.1/4.5.2 | < | 3023223 |
Microsoft Windows Windows | Windows Server 2012 Microsoft .NET Framework 4.5/4.5.1/4.5.2 | < | 3035489 |
Microsoft Windows Windows | Windows Server 2012 R2 (Server Core installation) | < | 3023219 |
Microsoft Windows Windows | Windows Server 2012 R2 (Server Core installation) | < | 3035487 |
Microsoft Windows Windows | Windows Server 2012 R2 (Server Core installation) Microsoft .NET Framework 3.5 | < | 3023219 |
Microsoft Windows Windows | Windows Server 2012 R2 (Server Core installation) Microsoft .NET Framework 3.5 | < | 3035487 |
Microsoft Windows Windows | Windows Server 2012 R2 Microsoft .NET Framework 4.5/4.5.1/4.5.2 | < | 3023222 |
Microsoft Windows Windows | Windows Server 2012 R2 Microsoft .NET Framework 4.5/4.5.1/4.5.2 | < | 3032663 |
Microsoft Windows Windows | Windows Server 2012, Microsoft .NET Framework 3.5 | < | 3023217 |
Microsoft Windows Windows | Windows Server 2012, Microsoft .NET Framework 3.5 | < | 3035486 |
Microsoft Windows Windows | Windows Vista SP2, Microsoft .NET Framework 2.0 SP2 | < | 3023213 |
Microsoft Windows Windows | Windows Vista SP2, Microsoft .NET Framework 2.0 SP2 | < | 3035485 |
Microsoft Windows Windows | Windows Vista SP2, Microsoft .NET Framework 4.0 | < | 3032662 |
Microsoft Windows Windows | Windows Vista SP2, Microsoft .NET Framework 4.0 | < | 3035485 |
Microsoft Windows Windows | Windows Vista Service Pack 2 Microsoft .NET Framework 4.5/4.5.1/4.5.2 | < | 3023224 |
Microsoft Windows Windows | Windows Vista Service Pack 2 Microsoft .NET Framework 4.5/4.5.1/4.5.2 | < | 3035490 |
Microsoft Windows Windows | Windows Vista x64 Edition SP2 Microsoft .NET Framework 4.5/4.5.1/4.5.2 | < | 3023224 |
Microsoft Windows Windows | Windows Vista x64 Edition SP2 Microsoft .NET Framework 4.5/4.5.1/4.5.2 | < | 3035490 |
Microsoft Windows Windows | Windows Vista x64 Edition SP2, Microsoft .NET Framework 2.0 SP2 | < | 3023213 |
Microsoft Windows Windows | Windows Vista x64 Edition SP2, Microsoft .NET Framework 4.0 | < | 3032662 |
Microsoft Windows Windows | Windows Server 2008 for x64-based Systems SP2 Microsoft .NET Framework 4.5/4.5.1/4.5.2 | < | 3035490 |
Vulnerabilidad de negación de servicio en descifrado de XML en .NET - CVE-2015-1672
Código de explotación consistente
Vulnerabilidad de elevación de privilegios en las formas de Windows - CVE-2015-1673
Código de explotación consistente
Vulnerabilidad de negación de servicio en descifrado de XML en .NET - CVE-2015-1672
Existe una vulnerabilidad de negación de servicio en Framework de Microsoft .NET que podría permitir a un atacante no autenticado degradar el rendimiento de un sitio web con .NET habilitad e interrumpir la disponibilidad de las aplicaciones que utilizan el Framework de Microsoft .NET.
Vulnerabilidad de elevación de privilegios en las formas de Windows - CVE-2015-1673
Existe una vulnerabilidad de elevación de privilegios en Framework de Microsoft .NET que es causado cuando las bibliotecas de las formas de Windows de .NET manejan de manera inpropiada los objetos en memoria.
Vulnerabilidad de negación de servicio en descifrado de XML en .NET - CVE-2015-1672
Para explotar esta vulnerabilidad un atacante podría enviardatos en XML especialmente diseñados a una aplicación .NET con la intensión de causar un proceso de recursividad que permita una negación de servicio.
Vulnerabilidad de elevación de privilegios en las formas de Windows - CVE-2015-1673
Un atacante que explote por completo esta vulnerabilidad podría tomar el control por completo del sistema afectado. Un atacante podría instalar programas; ver, cambiar o eliminar datos; o crear cuentas nuevas con todos los privilegios. Los usuarios cuyas cuentas estén configuradas con pocos privilegios en el sistema correrían un riesgo menor que aquellos que cuenten con privilegios de administrador.
La Coordinación de Seguridad de la Información/UNAM-CERT agradece el apoyo en la elaboración ó traducción y revisión de éste Documento a:
UNAM-CERT
Equipo de Respuesta a Incidentes UNAM
Coordinación de Seguridad de la Información
incidentes at seguridad.unam.mx
phishing at seguridad.unam.mx
http://www.cert.org.mx
http://www.seguridad.unam.mx
ftp://ftp.seguridad.unam.mx
Tel: 56 22 81 69
Fax: 56 22 80 47
Aviso legal |
Créditos |
Staff |
Administración
Copyright © Todos los derechos reservados
UNAM - CERT