CSIRT Panamá Aviso 2021-mar-10 Actualizaciones de Microsoft corrigen 82 fallas y 2 dia-zero.

TOPICS:

Posted By: CSIRT Panamá March 10, 2021


Gravedad: Alta
Fecha de publicación: marzo 10, 2021
Última revisión: marzo 10, 2021
https://msrc.microsoft.com/update-guide/releaseNote/2021-Mar

Sistemas Afectados:
Application Virtualization
Azure
Azure DevOps
Azure Sphere
Internet Explorer
Microsoft ActiveX
Microsoft Exchange Server
Microsoft Edge (Chromium-based)
Microsoft Graphics Component
Microsoft Office
Microsoft Office Excel
Microsoft Office PowerPoint
Microsoft Office SharePoint
Microsoft Office Visio
Microsoft Windows Codecs Library
Power BI
Role: DNS Server
Role: Hyper-V
Visual Studio
Visual Studio Code
Windows Admin Center
Windows Container Execution Agent
Windows DirectX
Windows Error Reporting
Windows Event Tracing
Windows Extensible Firmware Interface
Windows Folder Redirection
Windows Installer
Windows Media
Windows Overlay Filter
Windows Print Spooler Components
Windows Projected File System Filter Driver
Windows Registry
Windows Remote Access API
Windows Storage Spaces Controller
Windows Update Assistant
Windows Update Stack
Windows UPnP Device Host
Windows User Profile Service
Windows WalletService
Windows Win32K

I. Descripción
Microsoft ha publicado actualizaciones de seguridad para solucionar varias vulnerabilidades que afectan a productos de Microsoft.

II. Detalle
Con la actualización de hoy, Microsoft ha corregido 82 vulnerabilidades, 10 clasificadas como críticas y 72 como importantes.

TagCVE IDCVE TitleSeverity
Application VirtualizationCVE-2021-26890Application Virtualization Remote Code Execution VulnerabilityImportant
AzureCVE-2021-27075Azure Virtual Machine Information Disclosure VulnerabilityImportant
Azure SphereCVE-2021-27074Azure Sphere Unsigned Code Execution VulnerabilityCritical
Azure SphereCVE-2021-27080Azure Sphere Unsigned Code Execution VulnerabilityCritical
Internet ExplorerCVE-2021-27085Internet Explorer Remote Code Execution VulnerabilityImportant
Internet ExplorerCVE-2021-26411Internet Explorer Memory Corruption VulnerabilityCritical
Microsoft ActiveXCVE-2021-26869Windows ActiveX Installer Service Information Disclosure VulnerabilityImportant
Microsoft Edge on ChromiumCVE-2021-21173Chromium CVE-2021-21173: Side-channel information leakage in Network InternalsUnknown
Microsoft Edge on ChromiumCVE-2021-21172Chromium CVE-2021-21172: Insufficient policy enforcement in File System APIUnknown
Microsoft Edge on ChromiumCVE-2021-21169Chromium CVE-2021-21169: Out of bounds memory access in V8Unknown
Microsoft Edge on ChromiumCVE-2021-21170Chromium CVE-2021-21170: Incorrect security UI in LoaderUnknown
Microsoft Edge on ChromiumCVE-2021-21171Chromium CVE-2021-21171: Incorrect security UI in TabStrip and NavigationUnknown
Microsoft Edge on ChromiumCVE-2021-21175Chromium CVE-2021-21175: Inappropriate implementation in Site isolationUnknown
Microsoft Edge on ChromiumCVE-2021-21176Chromium CVE-2021-21176: Inappropriate implementation in full screen modeUnknown
Microsoft Edge on ChromiumCVE-2021-21177Chromium CVE-2021-21177: Insufficient policy enforcement in AutofillUnknown
Microsoft Edge on ChromiumCVE-2021-21174Chromium CVE-2021-21174: Inappropriate implementation in ReferrerUnknown
Microsoft Edge on ChromiumCVE-2021-21178Chromium CVE-2021-21178 : Inappropriate implementation in CompositingUnknown
Microsoft Edge on ChromiumCVE-2021-21161Chromium CVE-2021-21161: Heap buffer overflow in TabStripUnknown
Microsoft Edge on ChromiumCVE-2021-21162Chromium CVE-2021-21162: Use after free in WebRTCUnknown
Microsoft Edge on ChromiumCVE-2021-21160Chromium CVE-2021-21160: Heap buffer overflow in WebAudioUnknown
Microsoft Edge on ChromiumCVE-2020-27844Chromium CVE-2020-27844: Heap buffer overflow in OpenJPEGUnknown
Microsoft Edge on ChromiumCVE-2021-21159Chromium CVE-2021-21159: Heap buffer overflow in TabStripUnknown
Microsoft Edge on ChromiumCVE-2021-21163Chromium CVE-2021-21163: Insufficient data validation in Reader ModeUnknown
Microsoft Edge on ChromiumCVE-2021-21167Chromium CVE-2021-21167: Use after free in bookmarksUnknown
Microsoft Edge on ChromiumCVE-2021-21168Chromium CVE-2021-21168: Insufficient policy enforcement in appcacheUnknown
Microsoft Edge on ChromiumCVE-2021-21166Chromium CVE-2021-21166: Object lifecycle issue in audioUnknown
Microsoft Edge on ChromiumCVE-2021-21164Chromium CVE-2021-21164: Insufficient data validation in Chrome for iOSUnknown
Microsoft Edge on ChromiumCVE-2021-21165Chromium CVE-2021-21165: Object lifecycle issue in audioUnknown
Microsoft Edge on ChromiumCVE-2021-21189Chromium CVE-2021-21189: Insufficient policy enforcement in paymentsUnknown
Microsoft Edge on ChromiumCVE-2021-21181Chromium CVE-2021-21181: Side-channel information leakage in autofillUnknown
Microsoft Edge on ChromiumCVE-2021-21186Chromium CVE-2021-21186: Insufficient policy enforcement in QR scanningUnknown
Microsoft Edge on ChromiumCVE-2021-21190Chromium CVE-2021-21190 : Uninitialized Use in PDFiumUnknown
Microsoft Edge on ChromiumCVE-2021-21183Chromium CVE-2021-21183: Inappropriate implementation in performance APIsUnknown
Microsoft Edge on ChromiumCVE-2021-21185Chromium CVE-2021-21185: Insufficient policy enforcement in extensionsUnknown
Microsoft Edge on ChromiumCVE-2021-21187Chromium CVE-2021-21187: Insufficient data validation in URL formattingUnknown
Microsoft Edge on ChromiumCVE-2021-21182Chromium CVE-2021-21182: Insufficient policy enforcement in navigationsUnknown
Microsoft Edge on ChromiumCVE-2021-21180Chromium CVE-2021-21180: Use after free in tab searchUnknown
Microsoft Edge on ChromiumCVE-2021-21184Chromium CVE-2021-21184: Inappropriate implementation in performance APIsUnknown
Microsoft Edge on ChromiumCVE-2021-21179Chromium CVE-2021-21179: Use after free in Network InternalsUnknown
Microsoft Edge on ChromiumCVE-2021-21188Chromium CVE-2021-21188: Use after free in BlinkUnknown
Microsoft Exchange ServerCVE-2021-26412Microsoft Exchange Server Remote Code Execution VulnerabilityCritical
Microsoft Exchange ServerCVE-2021-27065Microsoft Exchange Server Remote Code Execution VulnerabilityCritical
Microsoft Exchange ServerCVE-2021-27078Microsoft Exchange Server Remote Code Execution VulnerabilityImportant
Microsoft Exchange ServerCVE-2021-26854Microsoft Exchange Server Remote Code Execution VulnerabilityImportant
Microsoft Exchange ServerCVE-2021-26857Microsoft Exchange Server Remote Code Execution VulnerabilityCritical
Microsoft Exchange ServerCVE-2021-26855Microsoft Exchange Server Remote Code Execution VulnerabilityCritical
Microsoft Exchange ServerCVE-2021-26858Microsoft Exchange Server Remote Code Execution VulnerabilityImportant
Microsoft Graphics ComponentCVE-2021-26863Windows Win32k Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2021-27077Windows Win32k Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2021-26861Windows Graphics Component Remote Code Execution VulnerabilityImportant
Microsoft Graphics ComponentCVE-2021-26876OpenType Font Parsing Remote Code Execution VulnerabilityCritical
Microsoft Graphics ComponentCVE-2021-26875Windows Win32k Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2021-26868Windows Graphics Component Elevation of Privilege VulnerabilityImportant
Microsoft OfficeCVE-2021-24108Microsoft Office Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2021-27058Microsoft Office ClickToRun Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2021-27059Microsoft Office Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2021-27053Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2021-27054Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2021-27057Microsoft Office Remote Code Execution VulnerabilityImportant
Microsoft Office PowerPointCVE-2021-27056Microsoft PowerPoint Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2021-27052Microsoft SharePoint Server Information Disclosure VulnerabilityImportant
Microsoft Office SharePointCVE-2021-24104Microsoft SharePoint Spoofing VulnerabilityImportant
Microsoft Office SharePointCVE-2021-27076Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
Microsoft Office VisioCVE-2021-27055Microsoft Visio Security Feature Bypass VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2021-27050HEVC Video Extensions Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2021-27049HEVC Video Extensions Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2021-26884Windows Media Photo Codec Information Disclosure VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2021-27051HEVC Video Extensions Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2021-27062HEVC Video Extensions Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2021-24110HEVC Video Extensions Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2021-24089HEVC Video Extensions Remote Code Execution VulnerabilityCritical
Microsoft Windows Codecs LibraryCVE-2021-27061HEVC Video Extensions Remote Code Execution VulnerabilityCritical
Microsoft Windows Codecs LibraryCVE-2021-27048HEVC Video Extensions Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2021-27047HEVC Video Extensions Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2021-26902HEVC Video Extensions Remote Code Execution VulnerabilityCritical
Power BICVE-2021-26859Microsoft Power BI Information Disclosure VulnerabilityImportant
Role: DNS ServerCVE-2021-27063Windows DNS Server Denial of Service VulnerabilityImportant
Role: DNS ServerCVE-2021-26893Windows DNS Server Remote Code Execution VulnerabilityImportant
Role: DNS ServerCVE-2021-26897Windows DNS Server Remote Code Execution VulnerabilityCritical
Role: DNS ServerCVE-2021-26894Windows DNS Server Remote Code Execution VulnerabilityImportant
Role: DNS ServerCVE-2021-26895Windows DNS Server Remote Code Execution VulnerabilityImportant
Role: DNS ServerCVE-2021-26896Windows DNS Server Denial of Service VulnerabilityImportant
Role: DNS ServerCVE-2021-26877Windows DNS Server Remote Code Execution VulnerabilityImportant
Role: Hyper-VCVE-2021-26867Windows Hyper-V Remote Code Execution VulnerabilityCritical
Role: Hyper-VCVE-2021-26879Windows NAT Denial of Service VulnerabilityImportant
Visual StudioCVE-2021-27084Visual Studio Code Java Extension Pack Remote Code Execution VulnerabilityImportant
Visual StudioCVE-2021-21300Git for Visual Studio Remote Code Execution VulnerabilityCritical
Visual Studio CodeCVE-2021-27060Visual Studio Code Remote Code Execution VulnerabilityImportant
Visual Studio CodeCVE-2021-27081Visual Studio Code ESLint Extension Remote Code Execution VulnerabilityImportant
Visual Studio CodeCVE-2021-27083Remote Development Extension for Visual Studio Code Remote Code Execution VulnerabilityImportant
Visual Studio CodeCVE-2021-27082Quantum Development Kit for Visual Studio Code Remote Code Execution VulnerabilityImportant
Windows Admin CenterCVE-2021-27066Windows Admin Center Security Feature Bypass VulnerabilityImportant
Windows Container Execution AgentCVE-2021-26891Windows Container Execution Agent Elevation of Privilege VulnerabilityImportant
Windows Container Execution AgentCVE-2021-26865Windows Container Execution Agent Elevation of Privilege VulnerabilityImportant
Windows DirectXCVE-2021-24095DirectX Elevation of Privilege VulnerabilityImportant
Windows Error ReportingCVE-2021-24090Windows Error Reporting Elevation of Privilege VulnerabilityImportant
Windows Event TracingCVE-2021-24107Windows Event Tracing Information Disclosure VulnerabilityImportant
Windows Event TracingCVE-2021-26872Windows Event Tracing Elevation of Privilege VulnerabilityImportant
Windows Event TracingCVE-2021-26901Windows Event Tracing Elevation of Privilege VulnerabilityImportant
Windows Event TracingCVE-2021-26898Windows Event Tracing Elevation of Privilege VulnerabilityImportant
Windows Extensible Firmware InterfaceCVE-2021-26892Windows Extensible Firmware Interface Security Feature Bypass VulnerabilityImportant
Windows Folder RedirectionCVE-2021-26887Microsoft Windows Folder Redirection Elevation of Privilege VulnerabilityImportant
Windows InstallerCVE-2021-26862Windows Installer Elevation of Privilege VulnerabilityImportant
Windows MediaCVE-2021-26881Microsoft Windows Media Foundation Remote Code Execution VulnerabilityImportant
Windows Overlay FilterCVE-2021-26874Windows Overlay Filter Elevation of Privilege VulnerabilityImportant
Windows Overlay FilterCVE-2021-26860Windows App-V Overlay Filter Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2021-1640Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2021-26878Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Projected File System Filter DriverCVE-2021-26870Windows Projected File System Elevation of Privilege VulnerabilityImportant
Windows RegistryCVE-2021-26864Windows Virtual Registry Provider Elevation of Privilege VulnerabilityImportant
Windows Remote Access APICVE-2021-26882Remote Access API Elevation of Privilege VulnerabilityImportant
Windows Storage Spaces ControllerCVE-2021-26880Storage Spaces Controller Elevation of Privilege VulnerabilityImportant
Windows Update AssistantCVE-2021-27070Windows 10 Update Assistant Elevation of Privilege VulnerabilityImportant
Windows Update StackCVE-2021-1729Windows Update Stack Setup Elevation of Privilege VulnerabilityImportant
Windows Update StackCVE-2021-26889Windows Update Stack Elevation of Privilege VulnerabilityImportant
Windows Update StackCVE-2021-26866Windows Update Service Elevation of Privilege VulnerabilityImportant
Windows UPnP Device HostCVE-2021-26899Windows UPnP Device Host Elevation of Privilege VulnerabilityImportant
Windows User Profile ServiceCVE-2021-26873Windows User Profile Service Elevation of Privilege VulnerabilityImportant
Windows User Profile ServiceCVE-2021-26886User Profile Service Denial of Service VulnerabilityImportant
Windows WalletServiceCVE-2021-26871Windows WalletService Elevation of Privilege VulnerabilityImportant
Windows WalletServiceCVE-2021-26885Windows WalletService Elevation of Privilege VulnerabilityImportant
Windows Win32KCVE-2021-26900Windows Win32k Elevation of Privilege VulnerabilityImportant

III. Referencia a soluciones, herramientas e información
Actualizar utilizando Microsoft Windows Update o herramientas de administracion de actualizaciones centralizadas.

IV. Información de contacto
CSIRT PANAMA
Computer Security Incident Response Team Autoridad Nacional para la Innovacion Gubernamental
E-Mail: info@cert.pa
Phone: +507 520-CERT (2378)
Web: https://cert.pa
Twitter: @CSIRTPanama
Key ID: 16F2B124