9VSA21-00361-01 CSIRT comparte mitigaciones obtenidas de Microsoft

Resumen

El Equipo de Respuesta ante Incidentes de Seguridad Informática, CSIRT, comparte la información entregada por Microsoft en su reporte mensual de actualizaciones correspondiente a enero de 2021, parchando 26 vulnerabilidades en sus softwares clasificando a 2 de ellas como críticas y 24 como importantes, además se informa de 57 vulnerabilidades adicionales al reporte mensual, 7 de ellas clasificadas como críticas y 50 como importantes.

Vulnerabilidades

Informadas en el reporte mensual correspondiente al mes de enero:

CVE-2020-26870           CVE-2021-1663               CVE-2021-1707

CVE-2021-1636               CVE-2021-1669               CVE-2021-1708

CVE-2021-1637               CVE-2021-1670               CVE-2021-1711

CVE-2021-1643               CVE-2021-1672               CVE-2021-1713

CVE-2021-1644               CVE-2021-1676               CVE-2021-1714

CVE-2021-1645               CVE-2021-1677               CVE-2021-1715

CVE-2021-1647               CVE-2021-1694               CVE-2021-1716

CVE-2021-1648               CVE-2021-1696               CVE-2021-1725

CVE-2021-1656               CVE-2021-1699

Vulnerabilidades adicionales informadas:

CVE-2021-1638               CVE-2021-1666               CVE-2021-1691

CVE-2021-1641               CVE-2021-1667               CVE-2021-1692

CVE-2021-1642               CVE-2021-1668               CVE-2021-1693

CVE-2021-1646               CVE-2021-1671               CVE-2021-1695

CVE-2021-1649               CVE-2021-1673               CVE-2021-1697

CVE-2021-1650               CVE-2021-1674               CVE-2021-1700

CVE-2021-1651               CVE-2021-1678               CVE-2021-1701

CVE-2021-1652               CVE-2021-1679               CVE-2021-1702

CVE-2021-1653               CVE-2021-1680               CVE-2021-1703

CVE-2021-1654               CVE-2021-1681               CVE-2021-1704

CVE-2021-1655               CVE-2021-1682               CVE-2021-1705

CVE-2021-1657               CVE-2021-1683               CVE-2021-1706

CVE-2021-1658               CVE-2021-1684               CVE-2021-1709

CVE-2021-1659               CVE-2021-1685               CVE-2021-1710

CVE-2021-1660               CVE-2021-1686               CVE-2021-1712

CVE-2021-1661               CVE-2021-1687               CVE-2021-1717

CVE-2021-1662               CVE-2021-1688               CVE-2021-1718

CVE-2021-1664               CVE-2021-1689               CVE-2021-1719

CVE-2021-1665               CVE-2021-1690               CVE-2021-1723

Impacto

Dependiendo de la vulnerabilidad informada por Microsoft se pueden provocar denegaciones de servicio, elevación de privilegios, acceso a información confidencial, ejecución de código remoto o spoofing. El detalle de cada una de ellas se podrá revisar en los enlaces.

Productos afectados

  • ASP.NET Core 3.1
  • ASP.NET Core 5.0
  • Bot Framework SDK for .NET Framework
  • Bot Framework SDK for JavaScript
  • Bot Framework SDK for Python
  • Excel Services
  • HEVC Video Extensions
  • Microsoft 365 Apps for Enterprise (para sistemas 32-bit y 64-bit)
  • Microsoft Azure Kubernetes Service
  • Microsoft Edge (EdgeHTML-based)
  • Microsoft Excel
  • 2010 Service Pack 2 (32-bit y 64-bit)
  • 2013 RT Service Pack 1
  • 2013 Service Pack 2 (32-bit y 64-bit)
  • 2016 (32-bit y 64-bit)
  • Microsoft Office
  • 2010 Service Pack 2 (32-bit y 64-bit editions)
  • 2013 RT Service Pack 1
  • 2013 (32-bit y 64-bit editions)
  • 2016 (32-bit y 64-bit editions)
  • 2019 (32-bit y 64-bit editions)
  • 2019 for Mac
  • Online Server
  • Web Apps 2010 Service Pack 2
  • Web Apps 2013 Service Pack 1
  • Microsoft Remote Desktop
  • Microsoft Remote Desktop for Android
  • Microsoft Security Essentials
  • Microsoft SharePoint
  • Enterprise Server 2013 Service Pack 1
  • Enterprise Server 2016
  • Foundation 2010 Service Pack 2
  • Foundation 2013 Service Pack 1
  • Server 2010 Service Pack 2
  • Server 2019
  • Microsoft SQL Server
  • 2012 for 32-bit Systems Service Pack 4 (QFE)
  • 2012 for x64-based Systems Service Pack 4 (QFE)
  • 2014 Service Pack 3 for 32-bit Systems (CU 4)
  • 2014 Service Pack 3 for 32-bit Systems (GDR)
  • 2014 Service Pack 3 for x64-based Systems (CU 4)
  • 2014 Service Pack 3 for x64-based Systems (GDR)
  • 2016 for x64-based Systems Service Pack 2 (GDR)
  • 2016 Service Pack 2 for x64-based Systems (CU 15)
  • 2017 for x64-based Systems (CU 22)
  • 2017 for x64-based Systems (GDR)
  • 2019 for x64-based Systems (CU 8)
  • 2019 for x64-based Systems (GDR)
  • Microsoft System Center
  • 2012 Endpoint Protection
  • 2012 R2 Endpoint Protection
  • Endpoint Protection
  • Microsoft Visual Studio
  • 2015 Update 3
  • 2017 version 15.9 (includes 15.0 – 15.8)
  • 2019 version 16.0
  • 2019 version 16.4 (includes 16.0 – 16.3)
  • 2019 version 16.7 (includes 16.0 – 16.6)
  • 2019 version 16.8
  • Microsoft Word
  • 2010 Service Pack 2 (32-bit y 64-bit editions)
  • 2013 RT Service Pack 1
  • 2013 Service Pack 1 (32-bit y 64-bit editions)
  • 2016 (32-bit y 64-bit editions)
  • Remote Desktop client for Windows Desktop
  • Windows 10 (32-bit y 64-bit)
  • Version 1607, 1803, 1809, 1909, 2004, 20H2, para 32 bit, 64 bit y ARM64-based
  • Windows 7
  • 32-bit Systems Service Pack 1
  • x64-based Systems Service Pack 1
  • Windows 8.1
  • 32-bit systems
  • x64-based systems
  • Windows Defender
  • Windows RT 8.1
  • Windows Server 2008
  • 32-bit Systems Service Pack 2
  • 32-bit Systems Service Pack 2 (Server Core installation)
  • x64-based Systems Service Pack 2
  • x64-based Systems Service Pack 2 (Server Core installation)
  • R2 for x64-based Systems Service Pack 1
  • R2 for x64-based Systems Service Pack 1 (Server Core installation)
  • Windows Server 2012
  • 2012
  • Server Core installation
  • R2 y R2 (Server Core installation)
  • Windows Server 2016
  • 2016
  • Server Core installation
  • Windows Server 2019
  • 2019
  • Server Core installation
  • Windows Server
  • version 1909 (Server Core installation)
  • version 2004 (Server Core installation)
  • version 20H2 (Server Core installation)

Mitigación

Aplicar las actualizaciones publicadas por el fabricante.

Enlace

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2020-26870

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1636

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1637

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1638

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1641

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1642

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1643

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1644

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1645

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1646

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1647

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1648

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1649

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1650

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1651

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1652

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1653

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1654

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1655

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1656

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1657

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1658

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1659

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1660

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1661

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1662

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1663

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1664

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1665

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1666

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1667

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1668

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1669

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1670

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1671

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1672

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1673

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1674

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1676

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1677

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1678

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1679

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1680

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1681

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1682

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1683

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1684

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1685

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1686

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1687

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1688

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1689

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1690

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1691

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1692

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1693

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1694

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1695

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1696

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1697

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1699

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1700

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1701

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1702

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1703

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1704

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1705

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1706

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1707

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1708

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1709

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1710

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1711

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1712

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1713

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1714

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1715

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1716

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1717

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1718

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1719

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1723

https:/msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1725

Informe

El informe oficial publicado por el CSIRT del Gobierno de Chile está disponible en el siguiente enlace: 9VSA21-00361-01

9VSA21-00361-01 CSIRT comparte mitigaciones obtenidas de Microsoft