9VSA21-00454-01 CSIRT advierte de vulnerabilidades críticas en productos Microsoft

Resumen

El Equipo de Respuesta ante Incidentes de Seguridad Informática del Gobierno de Chile, CSIRT de Gobierno, comparte información sobre vulnerabilidades en diversos productos de Microsoft, cinco de ellas críticas.

Este informe incluye las medidas de mitigación, consistentes en instalar la última actualización de los productos afectados.

Vulnerabilidades

CVE-2021-33739

CVE-2021-31985

CVE-2021-31978

CVE-2021-31957

CVE-2021-31959

CVE-2021-31971

CVE-2021-31980

CVE-2021-31977

CVE-2021-31976

CVE-2021-31975

CVE-2021-31974

CVE-2021-31973

CVE-2021-31972

CVE-2021-31970

CVE-2021-31968

CVE-2021-31969

CVE-2021-31967

CVE-2021-31966

CVE-2021-31965

CVE-2021-31964

CVE-2021-31963

CVE-2021-31950

CVE-2021-31949

CVE-2021-31948

CVE-2021-31944

CVE-2021-31943

CVE-2021-31942

CVE-2021-31941

CVE-2021-31940

CVE-2021-31939

CVE-2021-26420

CVE-2021-31983

CVE-2021-31946

CVE-2021-31945

CVE-2021-31955

CVE-2021-1675

CVE-2021-31952

CVE-2021-31958

CVE-2021-31960

CVE-2021-31956

CVE-2021-31954

CVE-2021-31201

CVE-2021-31199

CVE-2021-31951

CVE-2021-31953

CVE-2021-26414

CVE-2021-31962

CVE-2021-33742

CVE-2021-31938

Impactos

Cinco de las vulnerabilidades son consideradas críticas

CVE-2021-31985 es una vulnerabilidad crítica en el software antimalware Defender de Microsoft que permite la ejecución remota de código.

CVE-2021-31963 es una vulnerabilidad crítica en Microsoft SharePoint Server que permite la ejecución remota de código.

CVE-2021-31967 es una vulnerabilidad crítica en VP9 Video Extensions que permite la ejecución remota de código.

CVE-2021-31959 es una vulnerabilidad crítica en Windows que permite la ejecución remota de código.

CVE-2021-31942 es una vulnerabilidad crítica en Windows MSHTML Platform que permite la ejecución remota de código.

 Productos Afectados 

Microsoft Windows

.NET Core

Visual Studio

Microsoft Office

Microsoft Edge (Chromium-based y EdgeHTML)

Microsoft SharePoint Server

Hyper-V

Visual Studio Code – Kubernetes Tools

Windows HTML Platform

Windows Remote Desktop

Mitigación

Instalar las respectivas actualizaciones desde el sitio web del proveedor.

Enlaces

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31985

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31959

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31967

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31963

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33742

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33739

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31985

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31978

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31957

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31959

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31971

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31980

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31977

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31976

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31975

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31974

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31973

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31972

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31970

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31968

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31969

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31967

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31966

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31965

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31964

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31963

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31950

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31949

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31948

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31944

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31943

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31942

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31941

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31940

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31939

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26420

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31983

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31946

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31945

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31955

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1675

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31952

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31958

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31960

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31956

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31954

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31201

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31199

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31951

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31953

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26414

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31962

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33742

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31938

Informe

El informe oficial publicado por el CSIRT del Gobierno de Chile está disponible en el siguiente enlace: 9VSA21-00454-01

9VSA21-00454-01 CSIRT advierte de vulnerabilidades críticas en productos Microsoft