Estimados Clientes,
El equipo de Ciberseguridad de Netglobalis informa que Microsoft lanza una alerta critica de seguridad para varios de sus Productos. Estas fueron difundidas por la empresa en su actualización mensual de agosto.
Microsoft recomienda tomar las siguientes medidas de mitigación, instalar la última actualización de los productos afectados cuando estén disponibles.
Vulnerabilidades:
CVE-2021-36936
CVE-2021-26432
CVE-2021-26424
CVE-2021-34535
CVE-2021-34534
CVE-2021-34480
CVE-2021-34530
CVE-2021-36949
CVE-2021-36946
CVE-2021-34485
CVE-2021-36948
CVE-2021-36943
CVE-2021-36938
CVE-2021-36937
CVE-2021-36933
CVE-2021-36932
CVE-2021-36927
CVE-2021-36926
CVE-2021-26433
CVE-2021-26431
CVE-2021-26430
CVE-2021-26429
CVE-2021-26428
CVE-2021-26426
CVE-2021-34537
CVE-2021-34487
CVE-2021-34536
CVE-2021-34486
CVE-2021-34483
CVE-2021-34478
CVE-2021-34524
CVE-2021-33762
CVE-2021-34471
CVE-2021-36950
CVE-2021-34532
CVE-2021-26423
CVE-2021-36947
CVE-2021-36945
CVE-2021-36941
CVE-2021-36940
CVE-2021-36942
CVE-2021-26425
CVE-2021-34484
CVE-2021-34533
Impactos: Microsoft considera como más críticas las siguientes vulnerabilidades
CVE-2021-36936: Vulnerabilidad de ejecución remota de código en Windows Print Spooler.
CVE-2021-26432: Vulnerabilidad de ejecución remota de código en el Windows Services for NFS ONCRPC XDR Driver.
CVE-2021-26424: Vulnerabilidad de ejecución remota de código en Windows TCP/IP.
CVE-2021-34535: Vulnerabilidad de ejecución remota de código en el Escritorio Remoto (Remote Desktop).
CVE-2021-34534: Vulnerabilidad de ejecución remota de código en Windows MSHTML Platform.
CVE-2021-34480: Vulnerabilidad de corrupción en la memoria del motor de secuencias de comandos (scripting engine memory).
CVE-2021-34530: Vulnerabilidad de ejecución remota de código en Windows Graphics Component.
Asimismo, Microsoft considera como importantes las siguientes vulnerabilidades:
CVE-2021-36949
CVE-2021-36946
CVE-2021-34485
CVE-2021-36948
CVE-2021-36943
CVE-2021-36938
CVE-2021-36937
CVE-2021-36933
CVE-2021-36932
CVE-2021-36927
CVE-2021-36926
CVE-2021-26433
CVE-2021-26431
CVE-2021-26430
CVE-2021-26429
CVE-2021-26428
CVE-2021-26426
CVE-2021-34537
CVE-2021-34487
CVE-2021-34536
CVE-2021-34486
CVE-2021-34483
CVE-2021-34478
CVE-2021-34524
CVE-2021-33762
CVE-2021-34471
CVE-2021-36950
CVE-2021-34532
CVE-2021-26423
CVE-2021-36947
CVE-2021-36945
CVE-2021-36941
CVE-2021-36940
CVE-2021-36942
CVE-2021-26425
CVE-2021-34484
CVE-2021-34533
Productos Afectados
.NET Core & Visual Studio
ASP .NET
Azure
Azure Sphere
Microsoft Azure Active Directory Connect
Microsoft Dynamics
Microsoft Graphics Component
Microsoft Office
Microsoft Office SharePoint
Microsoft Office Word
Microsoft Scripting Engine
Microsoft Windows Codecs Library
Remote Desktop Client
Windows Bluetooth Service
Windows Cryptographic Services
Windows Defender
Windows Event Tracing
Windows Media
Windows MSHTML Platform
Windows NTLM
Windows Print Spooler Components
Windows Services for NFS ONCRPC XDR Driver
Windows Storage Spaces Controller
Windows TCP/IP
Windows Update
Windows Update Assistant
Windows User Profile Service
Mitigación:
Instalar las respectivas actualizaciones entregadas por el proveedor.
Enlaces:
https://msrc.microsoft.com/update-guide/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26432
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26424
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34535
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34534
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34480
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34530
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36949
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36946
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34485
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36948
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36943
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36938
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36937
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36933
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36932
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36927
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36926
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26433
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26431
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26430
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26429
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26428
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26426
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34537
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34487
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34536
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34486
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34483
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34478
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34524
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33762
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34471
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36950
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34532
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26423
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36947
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36945
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36941
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36940
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36942
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26425
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34484
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34533