Estimados Clientes,

El equipo de Ciberseguridad de Netglobalis informa que Microsoft lanza una alerta critica de seguridad para  varios de sus Productos. Estas fueron difundidas por la empresa en su actualización mensual de agosto.

Microsoft recomienda tomar las siguientes medidas de mitigación, instalar la última actualización de los productos afectados cuando estén disponibles.

Vulnerabilidades:

CVE-2021-36936
CVE-2021-26432
CVE-2021-26424
CVE-2021-34535
CVE-2021-34534
CVE-2021-34480
CVE-2021-34530
CVE-2021-36949
CVE-2021-36946
CVE-2021-34485
CVE-2021-36948
CVE-2021-36943
CVE-2021-36938
CVE-2021-36937
CVE-2021-36933
CVE-2021-36932
CVE-2021-36927
CVE-2021-36926
CVE-2021-26433
CVE-2021-26431
CVE-2021-26430
CVE-2021-26429
CVE-2021-26428
CVE-2021-26426
CVE-2021-34537
CVE-2021-34487
CVE-2021-34536
CVE-2021-34486
CVE-2021-34483
CVE-2021-34478
CVE-2021-34524
CVE-2021-33762
CVE-2021-34471
CVE-2021-36950
CVE-2021-34532
CVE-2021-26423
CVE-2021-36947
CVE-2021-36945
CVE-2021-36941
CVE-2021-36940
CVE-2021-36942
CVE-2021-26425
CVE-2021-34484
CVE-2021-34533

Impactos: Microsoft considera como más críticas las siguientes vulnerabilidades

CVE-2021-36936: Vulnerabilidad de ejecución remota de código en Windows Print Spooler.
CVE-2021-26432: Vulnerabilidad de ejecución remota de código en el Windows Services for NFS ONCRPC XDR Driver.
CVE-2021-26424: Vulnerabilidad de ejecución remota de código en Windows TCP/IP.
CVE-2021-34535: Vulnerabilidad de ejecución remota de código en el Escritorio Remoto (Remote Desktop).
CVE-2021-34534: Vulnerabilidad de ejecución remota de código en Windows MSHTML Platform.
CVE-2021-34480: Vulnerabilidad de corrupción en la memoria del motor de secuencias de comandos (scripting engine memory).
CVE-2021-34530: Vulnerabilidad de ejecución remota de código en Windows Graphics Component.

Asimismo, Microsoft considera como importantes las siguientes vulnerabilidades:

CVE-2021-36949
CVE-2021-36946
CVE-2021-34485
CVE-2021-36948
CVE-2021-36943
CVE-2021-36938
CVE-2021-36937
CVE-2021-36933
CVE-2021-36932
CVE-2021-36927
CVE-2021-36926
CVE-2021-26433
CVE-2021-26431
CVE-2021-26430
CVE-2021-26429
CVE-2021-26428
CVE-2021-26426
CVE-2021-34537
CVE-2021-34487
CVE-2021-34536
CVE-2021-34486
CVE-2021-34483
CVE-2021-34478
CVE-2021-34524
CVE-2021-33762
CVE-2021-34471
CVE-2021-36950
CVE-2021-34532
CVE-2021-26423
CVE-2021-36947
CVE-2021-36945
CVE-2021-36941
CVE-2021-36940
CVE-2021-36942
CVE-2021-26425
CVE-2021-34484
CVE-2021-34533

Productos Afectados

.NET Core & Visual Studio
ASP .NET
Azure
Azure Sphere
Microsoft Azure Active Directory Connect
Microsoft Dynamics
Microsoft Graphics Component
Microsoft Office
Microsoft Office SharePoint
Microsoft Office Word
Microsoft Scripting Engine
Microsoft Windows Codecs Library
Remote Desktop Client
Windows Bluetooth Service
Windows Cryptographic Services
Windows Defender
Windows Event Tracing
Windows Media
Windows MSHTML Platform
Windows NTLM
Windows Print Spooler Components
Windows Services for NFS ONCRPC XDR Driver
Windows Storage Spaces Controller
Windows TCP/IP
Windows Update
Windows Update Assistant
Windows User Profile Service 

Mitigación:

Instalar las respectivas actualizaciones entregadas por el proveedor.

Enlaces:

https://msrc.microsoft.com/update-guide/

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26432

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26424

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34535

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34534

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34480

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34530

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36949

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36946

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34485

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36948

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36943

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36938

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36937

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36933

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36932

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36927

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36926

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26433

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26431

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26430

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26429

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26428

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26426

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34537

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34487

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34536

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34486

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34483

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34478

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34524

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33762

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34471

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36950

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34532

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26423

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36947

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36945

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36941

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36940

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36942

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26425

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34484

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34533

Contacto

Avenida del Valle N° 928, Of. 101, Ciudad Empresarial, Huechuraba, Región Metropolitana, Chile.

Mesa Central: +56 (2) 2 588 9000 Fax: +56 (2) 2 248 4634

E-mail: contacto@netglobalis.net

Información de Clientes Consultas y Reclamos al 600 961 0000