9VSA21-00421-01 CSIRT alerta de varias vulnerabilidades en Microsoft
El Equipo de Respuesta ante Incidentes de Seguridad Informática, CSIRT, comparte información sobre 108 vulnerabilidades reportadas por Microsoft. Este informe incluye las medidas de mitigación, consistentes en instalar la última actualización de los productos afectados.
Resumen
El Equipo de Respuesta ante Incidentes de Seguridad Informática, CSIRT, comparte información sobre 108 vulnerabilidades reportadas por Microsoft.
Este informe incluye las medidas de mitigación, consistentes en instalar la última actualización de los productos afectados.
Vulnerabilidad
CVE-2021-28452
CVE-2021-28447
CVE-2021-28440
CVE-2021-28437
CVE-2021-28345
CVE-2021-28344
CVE-2021-28342
CVE-2021-28341
CVE-2021-28334
CVE-2021-28330
CVE-2021-28446
CVE-2021-28445
CVE-2021-28443
CVE-2021-28442
CVE-2021-28441
CVE-2021-28329
CVE-2021-28328
CVE-2021-28327
CVE-2021-28355
CVE-2021-28354
CVE-2021-28319
CVE-2021-28318
CVE-2021-28313
CVE-2021-28312
CVE-2021-28453
CVE-2021-28434
CVE-2021-28358
CVE-2021-28353
CVE-2021-28347
CVE-2021-28339
CVE-2021-28333
CVE-2021-28311
CVE-2021-28309
CVE-2021-28352
CVE-2021-28351
CVE-2021-28346
CVE-2021-28338
CVE-2021-28317
CVE-2021-28325
CVE-2021-28323
CVE-2021-26415
CVE-2021-26413
CVE-2021-27095
CVE-2021-28451
CVE-2021-28449
CVE-2021-28322
CVE-2021-28321
CVE-2021-28439
CVE-2021-28356
CVE-2021-28350
CVE-2021-28343
CVE-2021-28337
CVE-2021-28335
CVE-2021-28483
CVE-2021-28482
CVE-2021-28481
CVE-2021-28480
CVE-2021-28477
CVE-2021-28438
CVE-2021-28349
CVE-2021-28332
CVE-2021-28320
CVE-2021-28475
CVE-2021-28470
CVE-2021-28473
CVE-2021-28472
CVE-2021-28471
CVE-2021-28469
CVE-2021-28464
CVE-2021-28468
CVE-2021-28466
CVE-2021-28458
CVE-2021-28460
CVE-2021-28459
CVE-2021-28448
CVE-2021-28457
CVE-2021-28456
CVE-2021-28454
CVE-2021-28444
CVE-2021-28436
CVE-2021-28357
CVE-2021-28348
CVE-2021-28340
CVE-2021-28336
CVE-2021-28331
CVE-2021-28324
CVE-2021-28316
CVE-2021-28314
CVE-2021-28435
CVE-2021-28326
CVE-2021-28315
CVE-2021-26417
CVE-2021-26416
CVE-2021-27096
CVE-2021-28450
CVE-2021-28310
CVE-2021-27094
CVE-2021-27093
CVE-2021-27092
CVE-2021-27091
CVE-2021-27090
CVE-2021-27089
CVE-2021-27088
CVE-2021-27086
CVE-2021-27079
CVE-2021-27064
CVE-2021-27072
CVE-2021-27067
Impactos
Microsoft calificó como críticas las siguientes vulnerabilidades:
Ejecución remota de código: CVE-2021-28334, CVE-2021-28330, CVE-2021-28329, CVE-2021-28333, CVE-2021-28338, CVE-2021-27095, CVE-2021-28343, CVE-2021-28337, CVE-2021-28335, CVE-2021-28483, CVE-2021-28482, CVE-2021-28481, CVE-2021-28480, CVE-2021-28332, CVE-2021-28460, CVE-2021-28336, CVE-2021-28331, CVE-2021-28315.
Microsoft calificó como de severidad importante las siguientes vulnerabilidades:
Denegación de servicio: CVE-2021-28443, CVE-2021-28319, CVE-2021-28311, CVE-2021-28439, CVE-2021-28438, CVE-2021-28326, CVE-2021-26416, CVE-2021-28450.
Elevación de privilegios: CVE-2021-28440, CVE-2021-28313, CVE-2021-28347, CVE-2021-28351, CVE-2021-26415, CVE-2021-28322, CVE-2021-28321, CVE-2021-28320, CVE-2021-28458, CVE-2021-28436, CVE-2021-28314, CVE-2021-27096, CVE-2021-28310, CVE-2021-27091, CVE-2021-27090, CVE-2021-27088, CVE-2021-27086, CVE-2021-27064, CVE-2021-27072.
Revelación de información: CVE-2021-28437, CVE-2021-28446, CVE-2021-28442, CVE-2021-28441, CVE-2021-28328, CVE-2021-28318, CVE-2021-28309, CVE-2021-28317, CVE-2021-28325, CVE-2021-28323, CVE-2021-28456, CVE-2021-28324, CVE-2021-28435, CVE-2021-26417, CVE-2021-27093, CVE-2021-27079, CVE-2021-27067.
Ejecución remota de código: CVE-2021-28352, CVE-2021-28346, CVE-2021-28451, CVE-2021-28449, CVE-2021-28356, CVE-2021-28350, CVE-2021-28477, CVE-2021-28349, CVE-2021-28475, CVE-2021-28470, CVE-2021-28473, CVE-2021-28472, CVE-2021-28471, CVE-2021-28469, CVE-2021-28464, CVE-2021-28468, CVE-2021-28466, CVE-2021-28448, CVE-2021-28457, CVE-2021-28454, CVE-2021-28357, CVE-2021-28348, CVE-2021-28340, CVE-2021-27089.
Evasión de medidas de seguridad: CVE-2021-28447, CVE-2021-28444, CVE-2021-28316, CVE-2021-27094, CVE-2021-27092.
Spoofing: CVE-2021-26413, CVE-2021-28459.
Productos Afectados
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for 32-bit Systems
Windows Server, version 1909 (Server Core installation)
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1803 for x64-based Systems
Windows 10 Version 1803 for 32-bit Systems
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows 7 for x64-based Systems Service Pack 1
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Microsoft Outlook 2013 Service Pack 1 (32-bit editions)
Microsoft Outlook 2016 (64-bit edition)
Microsoft SharePoint Enterprise Server 2016
Microsoft Outlook 2013 RT Service Pack 1
Microsoft Outlook 2010 Service Pack 2 (64-bit editions)
Microsoft Outlook 2010 Service Pack 2 (32-bit editions)
Microsoft Outlook 2013 Service Pack 1 (64-bit editions)
Microsoft Office Web Apps Server 2013 Service Pack 1
Microsoft Excel 2013 Service Pack 1 (64-bit editions)
Microsoft Excel 2013 Service Pack 1 (32-bit editions)
Microsoft Excel 2013 RT Service Pack 1
Microsoft Visual Studio 2015 Update 3
Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)
Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)
Microsoft Exchange Server 2019 Cumulative Update 8
Microsoft Exchange Server 2016 Cumulative Update 19
Microsoft Exchange Server 2013 Cumulative Update 23
Microsoft Exchange Server 2016 Cumulative Update 20
Microsoft Exchange Server 2019 Cumulative Update 9
Visual Studio Code
Visual Studio Code - GitHub Pull Requests and Issues Extension
Visual Studio Code - Maven for Java Extension
VP9 Video Extensions
Raw Image Extension
Azure Sphere
Azure DevOps Server 2020.0.1
Visual Studio Code - Kubernetes Tools
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft Excel 2010 Service Pack 2 (64-bit editions)
Microsoft Excel 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2016 (64-bit edition)
Microsoft Office 2016 (32-bit edition)
Microsoft Excel 2016 (64-bit edition)
Microsoft Excel 2016 (32-bit edition)
Microsoft Office Online Server
Microsoft Word 2013 Service Pack 1 (64-bit editions)
Microsoft Word 2013 Service Pack 1 (32-bit editions)
Microsoft Word 2013 RT Service Pack 1
Microsoft Word 2010 Service Pack 2 (64-bit editions)
Microsoft Word 2010 Service Pack 2 (32-bit editions)
Microsoft SharePoint Server 2010 Service Pack 2
Microsoft Office Web Apps 2010 Service Pack 2
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft Word 2016 (64-bit edition)
Microsoft Word 2016 (32-bit edition)
Microsoft Office 2019 for Mac
Microsoft SharePoint Server 2019
Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft Office 2013 Service Pack 1 (64-bit editions)
Microsoft Office 2013 Service Pack 1 (32-bit editions)
Microsoft Office 2013 RT Service Pack 1
Microsoft SharePoint Foundation 2010 Service Pack 2
Azure DevOps Server 2020
Azure DevOps Server 2019 Update 1.1
Azure DevOps Server 2019 Update 1
Team Foundation Server 2015 Update 4.2
Team Foundation Server 2018 Update 3.2
Team Foundation Server 2018 Update 1.2
Team Foundation Server 2017 Update 3.1
Azure DevOps Server 2019.0.1.
Mitigación
Instalar las respectivas actualizaciones desde el sitio web del proveedor.
Enlaces
https://msrc.microsoft.com/update-guide
Informe
El informe oficial publicado por el CSIRT del Gobierno de Chile está disponible en el siguiente enlace: 9VSA21-00421-01.