9VSA21-00361-01 CSIRT comparte mitigaciones obtenidas de Microsoft
CSIRT comparte la información entregada por Microsoft en su reporte mensual de actualizaciones correspondiente a enero de 2021.
Resumen
El Equipo de Respuesta ante Incidentes de Seguridad Informática, CSIRT, comparte la información entregada por Microsoft en su reporte mensual de actualizaciones correspondiente a enero de 2021, parchando 26 vulnerabilidades en sus softwares clasificando a 2 de ellas como críticas y 24 como importantes, además se informa de 57 vulnerabilidades adicionales al reporte mensual, 7 de ellas clasificadas como críticas y 50 como importantes.
Vulnerabilidades
Informadas en el reporte mensual correspondiente al mes de enero:
CVE-2020-26870 CVE-2021-1663 CVE-2021-1707
CVE-2021-1636 CVE-2021-1669 CVE-2021-1708
CVE-2021-1637 CVE-2021-1670 CVE-2021-1711
CVE-2021-1643 CVE-2021-1672 CVE-2021-1713
CVE-2021-1644 CVE-2021-1676 CVE-2021-1714
CVE-2021-1645 CVE-2021-1677 CVE-2021-1715
CVE-2021-1647 CVE-2021-1694 CVE-2021-1716
CVE-2021-1648 CVE-2021-1696 CVE-2021-1725
CVE-2021-1656 CVE-2021-1699
Vulnerabilidades adicionales informadas:
CVE-2021-1638 CVE-2021-1666 CVE-2021-1691
CVE-2021-1641 CVE-2021-1667 CVE-2021-1692
CVE-2021-1642 CVE-2021-1668 CVE-2021-1693
CVE-2021-1646 CVE-2021-1671 CVE-2021-1695
CVE-2021-1649 CVE-2021-1673 CVE-2021-1697
CVE-2021-1650 CVE-2021-1674 CVE-2021-1700
CVE-2021-1651 CVE-2021-1678 CVE-2021-1701
CVE-2021-1652 CVE-2021-1679 CVE-2021-1702
CVE-2021-1653 CVE-2021-1680 CVE-2021-1703
CVE-2021-1654 CVE-2021-1681 CVE-2021-1704
CVE-2021-1655 CVE-2021-1682 CVE-2021-1705
CVE-2021-1657 CVE-2021-1683 CVE-2021-1706
CVE-2021-1658 CVE-2021-1684 CVE-2021-1709
CVE-2021-1659 CVE-2021-1685 CVE-2021-1710
CVE-2021-1660 CVE-2021-1686 CVE-2021-1712
CVE-2021-1661 CVE-2021-1687 CVE-2021-1717
CVE-2021-1662 CVE-2021-1688 CVE-2021-1718
CVE-2021-1664 CVE-2021-1689 CVE-2021-1719
CVE-2021-1665 CVE-2021-1690 CVE-2021-1723
Impacto
Dependiendo de la vulnerabilidad informada por Microsoft se pueden provocar denegaciones de servicio, elevación de privilegios, acceso a información confidencial, ejecución de código remoto o spoofing. El detalle de cada una de ellas se podrá revisar en los enlaces.
Productos afectados
- ASP.NET Core 3.1
- ASP.NET Core 5.0
- Bot Framework SDK for .NET Framework
- Bot Framework SDK for JavaScript
- Bot Framework SDK for Python
- Excel Services
- HEVC Video Extensions
- Microsoft 365 Apps for Enterprise (para sistemas 32-bit y 64-bit)
- Microsoft Azure Kubernetes Service
- Microsoft Edge (EdgeHTML-based)
- Microsoft Excel
- 2010 Service Pack 2 (32-bit y 64-bit)
- 2013 RT Service Pack 1
- 2013 Service Pack 2 (32-bit y 64-bit)
- 2016 (32-bit y 64-bit)
- Microsoft Office
- 2010 Service Pack 2 (32-bit y 64-bit editions)
- 2013 RT Service Pack 1
- 2013 (32-bit y 64-bit editions)
- 2016 (32-bit y 64-bit editions)
- 2019 (32-bit y 64-bit editions)
- 2019 for Mac
- Online Server
- Web Apps 2010 Service Pack 2
- Web Apps 2013 Service Pack 1
- Microsoft Remote Desktop
- Microsoft Remote Desktop for Android
- Microsoft Security Essentials
- Microsoft SharePoint
- Enterprise Server 2013 Service Pack 1
- Enterprise Server 2016
- Foundation 2010 Service Pack 2
- Foundation 2013 Service Pack 1
- Server 2010 Service Pack 2
- Server 2019
- Microsoft SQL Server
- 2012 for 32-bit Systems Service Pack 4 (QFE)
- 2012 for x64-based Systems Service Pack 4 (QFE)
- 2014 Service Pack 3 for 32-bit Systems (CU 4)
- 2014 Service Pack 3 for 32-bit Systems (GDR)
- 2014 Service Pack 3 for x64-based Systems (CU 4)
- 2014 Service Pack 3 for x64-based Systems (GDR)
- 2016 for x64-based Systems Service Pack 2 (GDR)
- 2016 Service Pack 2 for x64-based Systems (CU 15)
- 2017 for x64-based Systems (CU 22)
- 2017 for x64-based Systems (GDR)
- 2019 for x64-based Systems (CU 8)
- 2019 for x64-based Systems (GDR)
- Microsoft System Center
- 2012 Endpoint Protection
- 2012 R2 Endpoint Protection
- Endpoint Protection
- Microsoft Visual Studio
- 2015 Update 3
- 2017 version 15.9 (includes 15.0 - 15.8)
- 2019 version 16.0
- 2019 version 16.4 (includes 16.0 - 16.3)
- 2019 version 16.7 (includes 16.0 – 16.6)
- 2019 version 16.8
- Microsoft Word
- 2010 Service Pack 2 (32-bit y 64-bit editions)
- 2013 RT Service Pack 1
- 2013 Service Pack 1 (32-bit y 64-bit editions)
- 2016 (32-bit y 64-bit editions)
- Remote Desktop client for Windows Desktop
- Windows 10 (32-bit y 64-bit)
- Version 1607, 1803, 1809, 1909, 2004, 20H2, para 32 bit, 64 bit y ARM64-based
- Windows 7
- 32-bit Systems Service Pack 1
- x64-based Systems Service Pack 1
- Windows 8.1
- 32-bit systems
- x64-based systems
- Windows Defender
- Windows RT 8.1
- Windows Server 2008
- 32-bit Systems Service Pack 2
- 32-bit Systems Service Pack 2 (Server Core installation)
- x64-based Systems Service Pack 2
- x64-based Systems Service Pack 2 (Server Core installation)
- R2 for x64-based Systems Service Pack 1
- R2 for x64-based Systems Service Pack 1 (Server Core installation)
- Windows Server 2012
- 2012
- Server Core installation
- R2 y R2 (Server Core installation)
- Windows Server 2016
- 2016
- Server Core installation
- Windows Server 2019
- 2019
- Server Core installation
- Windows Server
- version 1909 (Server Core installation)
- version 2004 (Server Core installation)
- version 20H2 (Server Core installation)
Mitigación
Aplicar las actualizaciones publicadas por el fabricante.
Enlace
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2020-26870
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1636
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1637
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1638
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1641
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1642
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1643
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1644
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1645
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1646
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1647
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1648
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1649
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1650
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1651
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1652
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1653
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1654
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1655
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1656
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1657
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1658
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1659
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1660
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1661
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1662
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1663
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1664
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1665
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1666
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1667
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1668
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1669
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1670
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1671
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1672
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1673
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1674
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1676
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1677
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1678
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1679
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1680
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1681
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1682
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1683
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1684
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1685
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1686
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1687
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1688
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1689
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1690
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1691
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1692
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1693
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1694
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1695
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1696
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1697
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1699
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1700
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1701
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1702
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1703
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1704
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1705
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1706
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1707
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1708
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1709
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1710
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1711
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1712
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1713
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1714
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1715
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1716
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1717
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1718
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1719
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1723
https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1725
Informe
El informe oficial publicado por el CSIRT del Gobierno de Chile está disponible en el siguiente enlace: 9VSA21-00361-01