9VSA21-00388-01 CSIRT comparte vulnerabilidades que afectan a Microsoft
CSIRT comparte la información entregada por Microsoft en su reporte mensual de actualizaciones correspondiente a febrero de 2021.
Resumen
El Equipo de Respuesta ante Incidentes de Seguridad Informática, CSIRT, comparte la información entregada por Microsoft en su reporte mensual de actualizaciones correspondiente a febrero de 2021, entre las que se encuentran 59 vulnerabilidades, algunas de ellas críticas.
Actualización: Microsoft informó de problemas con el parche originalmente difundido el 9 de febrero, en su tradicional Patch Tuesday mensual. La actualización corregida por Microsoft es la KB5001078, enlace a la cual se puede encontrar al final de este documento.
Vulnerabilidades
CVE-2021-1639
CVE-2021-1698
CVE-2021-1721
CVE-2021-1722
CVE-2021-1724
CVE-2021-1726
CVE-2021-1727
CVE-2021-1728
CVE-2021-1730
CVE-2021-1731
CVE-2021-1732
CVE-2021-1733
CVE-2021-1734
CVE-2021-24066
CVE-2021-24067
CVE-2021-24068
CVE-2021-24069
CVE-2021-24070
CVE-2021-24071
CVE-2021-24072
CVE-2021-24073
CVE-2021-24074
CVE-2021-24075
CVE-2021-24076
CVE-2021-24077
CVE-2021-24078
CVE-2021-24079
CVE-2021-24080
CVE-2021-24081
CVE-2021-24082
CVE-2021-24083
CVE-2021-24084
CVE-2021-24085
CVE-2021-24086
CVE-2021-24087
CVE-2021-24088
CVE-2021-24091
CVE-2021-24092
CVE-2021-24093
CVE-2021-24094
CVE-2021-24096
CVE-2021-24098
CVE-2021-24099
CVE-2021-24100
CVE-2021-24101
CVE-2021-24102
CVE-2021-24103
CVE-2021-24105
CVE-2021-24106
CVE-2021-24109
CVE-2021-24111
CVE-2021-24112
CVE-2021-24112
CVE-2021-24112
CVE-2021-24114
CVE-2021-25195
CVE-2021-25195
CVE-2021-26700
Impacto
Dependiendo de la vulnerabilidad informada por Microsoft se pueden provocar denegación de
servicio, elevación de privilegios, acceso a información confidencial, ejecución de código remoto o
spoofing. El detalle de cada una de ellas se podrá revisar en los enlaces.
Productos Afectados
Microsoft .NET 5.0, Core 2.1 y Core 3.1.
Microsoft .NET Framework 4.6.2 al 4.8.
Microsoft 365 Apps for Enterprise para sistemas 32 bit y 64 bit.
Microsoft Azure Kubernetes Service.
Microsoft Defender.
Microsoft Dynamics 365 on-premises versiones 8.2 y 9.0.
Microsoft Dynamics 365 Business Central 2020 Release Wave 1 y 2.
Microsoft Dynamics NAV 2015, 2016, 2017 y 2018.
Microsoft Edge for Android.
Microsoft Endpoint Protection.
Microsoft Excel 2010 Service Pack 2 32-bit y 64-bit.
Microsoft Exchange Server 2016 Cumulative Update 18 y 19, 2019 Cumulative Update 7 y 8.
Microsoft Lync Server 2013.
Microsoft Teams for iOS.
Microsoft Office 2019 32-bit y 64-bit.
Microsoft Office 2019 para Mac.
Microsoft Office Online Server.
Microsoft Office Web Apps Server 2013 Service Pack 1.
Microsoft Office Online Server.
Microsoft Security Essentials.
Microsoft SharePoint Enterprise Server 2016.
Microsoft SharePoint Foundation 2010 Service Pack 2.
Microsoft SharePoint Foundation 2013 Service Pack 1.
Microsoft SharePoint Server 2019.
Microsoft System Center 2012 Endpoint Protection, 2012 R2 Endpoint Protection.
Microsoft System Center Endpoint Protection.
Microsoft Visual Studio 2017 versión 15.9 y 2019 versiones 16.4, 16.7 y 16.8.
Microsoft Visual Studio Code y npm-script Extension.
Skype for Business Server 2015 CU 8, y 2019 CU2.
System Center 2019 Operations Manager.
Windows 7 Service Pack 1.
Windows 8.1.
Windows RT 8.1
Windows 10, versiones 20H2, 1607, 1803, 1809, 1909 y 2004.
Windows Server versiones 2004, 2016, 2019, 2019 20H2, 2019 1909 y 2019 2004.
Windows Server 2012, Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2012 (Server Core installation).
Windows Server 2008 R2, Windows Server 2008 R2 (Server Core installation).
Windows Server 2012, Windows Server 2012 (Server Core installation).
Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation).
Windows Server 2016, Windows Server 2016 (Server Core installation).
Windows Server 2019, Windows Server 2019 (Server Core installation).
WindowsServer versiones 1909 (Server Core installation), 2004 (Server Core installation) y 20H2 (Server Core Installation).
Mitigación
Instalar las respectivas actualizaciones desde el sitio del proveedor.
Enlaces
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1639
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1698
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1721
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1722
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1724
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1726
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1727
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1728
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1730
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1731
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1732
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1733
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1734
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24066
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24067
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24068
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24069
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24070
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24071
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24072
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24073
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24074
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24075
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24076
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24077
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24078
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24079
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24080
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24081
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24082
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24083
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24084
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24085
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24086
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24087
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24088
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24091
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24092
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24093
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24094
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24096
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24098
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24099
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24100
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24101
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24102
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24103
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24105
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24106
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24109
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24111
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24112
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24112
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24112
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24114
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25195
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25195
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26700
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1639
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1698
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1721
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1722
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1724
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1726
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1727
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1728
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1730
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1731
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1732
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1733
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1734
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24066
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24067
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24068
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24069
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24070
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24071
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24072
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24073
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24074
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24075
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24076
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24077
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24078
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24079
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24080
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24081
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24082
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24083
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24084
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24085
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24086
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24087
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24088
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24091
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24092
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24093
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24094
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24096
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24098
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24099
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24100
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24101
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24102
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24103
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24105
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24106
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24109
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24111
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24112
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24112
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24112
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24114
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-25195
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-25195
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26700
Informe
El informe oficial publicado por el CSIRT del Gobierno de Chile está disponible en el siguiente enlace: 9VSA21-00388-01