CSIRT Panamá Aviso 2021-nov-12 Microsoft Libera actualizaciones que corrigen 6 dia cero y 55 fallas.

TOPICS:

Posted By: CSIRT Panamá November 12, 2021

CSIRT Panamá Aviso 2021-nov-12 Microsoft Libera actualizaciones que corrigen 6 dia cero y 55 fallas.
Gravedad: Alta
Fecha de publicación: noviembre 12, 2021
Última revisión: noviembre 12, 2021
https://msrc.microsoft.com/update-guide/releaseNote/2021-Nov

Sistemas Afectados:
3D Viewer
Azure
Azure RTOS
Azure Sphere
Microsoft Dynamics
Microsoft Edge (Chromium-based)
Microsoft Edge (Chromium-based) in IE Mode
Microsoft Exchange Server
Microsoft Office
Microsoft Office Access
Microsoft Office Excel
Microsoft Office SharePoint
Microsoft Office Word
Microsoft Windows
Microsoft Windows Codecs Library
Power BI
Role: Windows Hyper-V
Visual Studio
Visual Studio Code
Windows Active Directory
Windows COM
Windows Core Shell
Windows Cred SSProvider Protocol
Windows Defender
Windows Desktop Bridge
Windows Diagnostic Hub
Windows Fastfat Driver
Windows Feedback Hub
Windows Hello
Windows Installer
Windows Kernel
Windows NTFS
Windows RDP
Windows Scripting
Windows Virtual Machine Bus

I. Descripción
Con el lanzamiento de las actualizaciones de seguridad de noviembre de 2021, Microsoft lanzó correcciones para 55 vulnerabilidades en los productos de Microsoft y 6 vulnerabilidades de dia cero.
De estas vulnerabilidades, 10 se clasifican como críticas, 73 como importantes.

II. Problemas Conocidos

TagCVE IDCVE TitleSeverity
3D ViewerCVE-2021-432093D Viewer Remote Code Execution VulnerabilityImportant
3D ViewerCVE-2021-432083D Viewer Remote Code Execution VulnerabilityImportant
AzureCVE-2021-41373FSLogix Information Disclosure VulnerabilityImportant
Azure RTOSCVE-2021-42303Azure RTOS Elevation of Privilege VulnerabilityImportant
Azure RTOSCVE-2021-42302Azure RTOS Elevation of Privilege VulnerabilityImportant
Azure RTOSCVE-2021-42301Azure RTOS Information Disclosure VulnerabilityImportant
Azure RTOSCVE-2021-42323Azure RTOS Information Disclosure VulnerabilityImportant
Azure RTOSCVE-2021-26444Azure RTOS Information Disclosure VulnerabilityImportant
Azure RTOSCVE-2021-42304Azure RTOS Elevation of Privilege VulnerabilityImportant
Azure SphereCVE-2021-41374Azure Sphere Information Disclosure VulnerabilityImportant
Azure SphereCVE-2021-41376Azure Sphere Information Disclosure VulnerabilityImportant
Azure SphereCVE-2021-42300Azure Sphere Tampering VulnerabilityImportant
Azure SphereCVE-2021-41375Azure Sphere Information Disclosure VulnerabilityImportant
Microsoft DynamicsCVE-2021-42316Microsoft Dynamics 365 (on-premises) Remote Code Execution VulnerabilityCritical
Microsoft Edge (Chromium-based) in IE ModeCVE-2021-41351Microsoft Edge (Chrome based) Spoofing on IE ModeImportant
Microsoft Exchange ServerCVE-2021-42305Microsoft Exchange Server Spoofing VulnerabilityImportant
Microsoft Exchange ServerCVE-2021-41349Microsoft Exchange Server Spoofing VulnerabilityImportant
Microsoft Exchange ServerCVE-2021-42321Microsoft Exchange Server Remote Code Execution VulnerabilityImportant
Microsoft Office AccessCVE-2021-41368Microsoft Access Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2021-40442Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2021-42292Microsoft Excel Security Feature Bypass VulnerabilityImportant
Microsoft Office WordCVE-2021-42296Microsoft Word Remote Code Execution VulnerabilityImportant
Microsoft WindowsCVE-2021-41356Windows Denial of Service VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2021-42276Microsoft Windows Media Foundation Remote Code Execution VulnerabilityImportant
Power BICVE-2021-41372Power BI Report Server Spoofing VulnerabilityImportant
Role: Windows Hyper-VCVE-2021-42284Windows Hyper-V Denial of Service VulnerabilityImportant
Role: Windows Hyper-VCVE-2021-42274Windows Hyper-V Discrete Device Assignment (DDA) Denial of Service VulnerabilityImportant
Visual StudioCVE-2021-3711OpenSSL: CVE-2021-3711 SM2 Decryption Buffer OverflowCritical
Visual StudioCVE-2021-42319Visual Studio Elevation of Privilege VulnerabilityImportant
Visual Studio CodeCVE-2021-42322Visual Studio Code Elevation of Privilege VulnerabilityImportant
Windows Active DirectoryCVE-2021-42278Active Directory Domain Services Elevation of Privilege VulnerabilityImportant
Windows Active DirectoryCVE-2021-42291Active Directory Domain Services Elevation of Privilege VulnerabilityImportant
Windows Active DirectoryCVE-2021-42287Active Directory Domain Services Elevation of Privilege VulnerabilityImportant
Windows Active DirectoryCVE-2021-42282Active Directory Domain Services Elevation of Privilege VulnerabilityImportant
Windows COMCVE-2021-42275Microsoft COM for Windows Remote Code Execution VulnerabilityImportant
Windows Core ShellCVE-2021-42286Windows Core Shell SI Host Extension Framework for Composable Shell Elevation of Privilege VulnerabilityImportant
Windows Cred SSProvider ProtocolCVE-2021-41366Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege VulnerabilityImportant
Windows DefenderCVE-2021-42298Microsoft Defender Remote Code Execution VulnerabilityCritical
Windows Desktop BridgeCVE-2021-36957Windows Desktop Bridge Elevation of Privilege VulnerabilityImportant
Windows Diagnostic HubCVE-2021-42277Diagnostics Hub Standard Collector Elevation of Privilege VulnerabilityImportant
Windows Fastfat DriverCVE-2021-41377Windows Fast FAT File System Driver Elevation of Privilege VulnerabilityImportant
Windows Feedback HubCVE-2021-42280Windows Feedback Hub Elevation of Privilege VulnerabilityImportant
Windows HelloCVE-2021-42288Windows Hello Security Feature Bypass VulnerabilityImportant
Windows InstallerCVE-2021-41379Windows Installer Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2021-42285Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows NTFSCVE-2021-42283NTFS Elevation of Privilege VulnerabilityImportant
Windows NTFSCVE-2021-41370NTFS Elevation of Privilege VulnerabilityImportant
Windows NTFSCVE-2021-41378Windows NTFS Remote Code Execution VulnerabilityImportant
Windows NTFSCVE-2021-41367NTFS Elevation of Privilege VulnerabilityImportant
Windows RDPCVE-2021-38665Remote Desktop Protocol Client Information Disclosure VulnerabilityImportant
Windows RDPCVE-2021-38631Windows Remote Desktop Protocol (RDP) Information Disclosure VulnerabilityImportant
Windows RDPCVE-2021-38666Remote Desktop Client Remote Code Execution VulnerabilityCritical
Windows RDPCVE-2021-41371Windows Remote Desktop Protocol (RDP) Information Disclosure VulnerabilityImportant
Windows ScriptingCVE-2021-42279Chakra Scripting Engine Memory Corruption VulnerabilityCritical
Windows Virtual Machine BusCVE-2021-26443Microsoft Virtual Machine Bus (VMBus) Remote Code Execution VulnerabilityCritical

III. Referencia a soluciones, herramientas e información
Actualizar utilizando Microsoft Windows Update o herramientas de administracion de actualizaciones centralizadas.

IV. Información de contacto
CSIRT PANAMA
Computer Security Incident Response Team Autoridad Nacional para la Innovacion Gubernamental
E-Mail: info@cert.pa
Phone: +507 520-CERT (2378)
Web: https://cert.pa
Twitter: @CSIRTPanama
Facebook: http://www.facebook.com/CSIRTPanama
Key ID: 16F2B124