9VSA21-00388-01 CSIRT comparte vulnerabilidades que afectan a Microsoft

Resumen

El Equipo de Respuesta ante Incidentes de Seguridad Informática, CSIRT, comparte la información entregada por Microsoft en su reporte mensual de actualizaciones correspondiente a febrero de 2021, entre las que se encuentran 59 vulnerabilidades, algunas de ellas críticas.

Actualización: Microsoft informó de problemas con el parche originalmente difundido el 9 de febrero, en su tradicional Patch Tuesday mensual. La actualización corregida por Microsoft es la KB5001078, enlace a la cual se puede encontrar al final de este documento.

Vulnerabilidades

CVE-2021-1639

CVE-2021-1698

CVE-2021-1721

CVE-2021-1722

CVE-2021-1724

CVE-2021-1726

CVE-2021-1727

CVE-2021-1728

CVE-2021-1730

CVE-2021-1731

CVE-2021-1732

CVE-2021-1733

CVE-2021-1734

CVE-2021-24066

CVE-2021-24067

CVE-2021-24068

CVE-2021-24069

CVE-2021-24070

CVE-2021-24071

CVE-2021-24072

CVE-2021-24073

CVE-2021-24074

CVE-2021-24075

CVE-2021-24076

CVE-2021-24077

CVE-2021-24078

CVE-2021-24079

CVE-2021-24080

CVE-2021-24081

CVE-2021-24082

CVE-2021-24083

CVE-2021-24084

CVE-2021-24085

CVE-2021-24086

CVE-2021-24087

CVE-2021-24088

CVE-2021-24091

CVE-2021-24092

CVE-2021-24093

CVE-2021-24094

CVE-2021-24096

CVE-2021-24098

CVE-2021-24099

CVE-2021-24100

CVE-2021-24101

CVE-2021-24102

CVE-2021-24103

CVE-2021-24105

CVE-2021-24106

CVE-2021-24109

CVE-2021-24111

CVE-2021-24112

CVE-2021-24112

CVE-2021-24112

CVE-2021-24114

CVE-2021-25195

CVE-2021-25195

CVE-2021-26700

Impacto

Dependiendo de la vulnerabilidad informada por Microsoft se pueden provocar denegación de

servicio, elevación de privilegios, acceso a información confidencial, ejecución de código remoto o

spoofing. El detalle de cada una de ellas se podrá revisar en los enlaces.

Productos Afectados

Microsoft .NET 5.0, Core 2.1 y Core 3.1.

Microsoft .NET Framework 4.6.2 al 4.8.

Microsoft 365 Apps for Enterprise para sistemas 32 bit y 64 bit.

Microsoft Azure Kubernetes Service.

Microsoft Defender.

Microsoft Dynamics 365 on-premises versiones 8.2 y 9.0.

Microsoft Dynamics 365 Business Central 2020 Release Wave 1 y 2.

Microsoft Dynamics NAV 2015, 2016, 2017 y 2018.

Microsoft Edge for Android.

Microsoft Endpoint Protection.

Microsoft Excel 2010 Service Pack 2 32-bit y 64-bit.

Microsoft Exchange Server 2016 Cumulative Update 18 y 19, 2019 Cumulative Update 7 y 8.

Microsoft Lync Server 2013.

Microsoft Teams for iOS.

Microsoft Office 2019 32-bit y 64-bit.

Microsoft Office 2019 para Mac.

Microsoft Office Online Server.

Microsoft Office Web Apps Server 2013 Service Pack 1.

Microsoft Office Online Server.

Microsoft Security Essentials.

Microsoft SharePoint Enterprise Server 2016.

Microsoft SharePoint Foundation 2010 Service Pack 2.

Microsoft SharePoint Foundation 2013 Service Pack 1.

Microsoft SharePoint Server 2019.

Microsoft System Center 2012 Endpoint Protection, 2012 R2 Endpoint Protection.

Microsoft System Center Endpoint Protection.

Microsoft Visual Studio 2017 versión 15.9 y 2019 versiones 16.4, 16.7 y 16.8.

Microsoft Visual Studio Code y npm-script Extension.

Skype for Business Server 2015 CU 8, y 2019 CU2.

System Center 2019 Operations Manager.

Windows 7 Service Pack 1.

Windows 8.1.

Windows RT 8.1

Windows 10, versiones 20H2, 1607, 1803, 1809, 1909 y 2004.

Windows Server versiones 2004, 2016, 2019, 2019 20H2, 2019 1909 y 2019 2004.

Windows Server 2012, Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2012 (Server Core installation).

Windows Server 2008 R2, Windows Server 2008 R2 (Server Core installation).

Windows Server 2012, Windows Server 2012 (Server Core installation).

Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation).

Windows Server 2016, Windows Server 2016 (Server Core installation).

Windows Server 2019, Windows Server 2019 (Server Core installation).

WindowsServer versiones 1909 (Server Core installation), 2004 (Server Core installation) y 20H2 (Server Core Installation).

Mitigación

Instalar las respectivas actualizaciones desde el sitio del proveedor.

Enlaces

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1639

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1698

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1721

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1722

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1724

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1726

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1727

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1728

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1730

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1731

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1732

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1733

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1734

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24066

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24067

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24068

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24069

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24070

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24071

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24072

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24073

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24074

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24075

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24076

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24077

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24078

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24079

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24080

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24081

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24082

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24083

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24084

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24085

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24086

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24087

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24088

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24091

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24092

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24093

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24094

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24096

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24098

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24099

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24100

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24101

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24102

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24103

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24105

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24106

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24109

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24111

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24112

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24112

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24112

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24114

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25195

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25195

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26700

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1639

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1698

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1721

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1722

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1724

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1726

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1727

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1728

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1730

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1731

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1732

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1733

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1734

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24066

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24067

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24068

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24069

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24070

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24071

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24072

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24073

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24074

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24075

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24076

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24077

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24078

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24079

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24080

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24081

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24082

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24083

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24084

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24085

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24086

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24087

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24088

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24091

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24092

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24093

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24094

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24096

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24098

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24099

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24100

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24101

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24102

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24103

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24105

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24106

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24109

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24111

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24112

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24112

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24112

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24114

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-25195

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-25195

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26700

Informe

El informe oficial publicado por el CSIRT del Gobierno de Chile está disponible en el siguiente enlace: 9VSA21-00388-01

9VSA21-00388-01 CSIRT comparte vulnerabilidades que afectan a Microsoft