{"id":1784,"date":"2020-01-15T09:11:10","date_gmt":"2020-01-15T14:11:10","guid":{"rendered":"https:\/\/cert.pa\/?p=1784"},"modified":"2020-01-15T14:15:32","modified_gmt":"2020-01-15T19:15:32","slug":"csirt-panama-aviso-2019-01-15-falla-criptografica-en-windows-10-y-server-2016","status":"publish","type":"post","link":"https:\/\/cert.pa\/?p=1784","title":{"rendered":"CSIRT Panam\u00e1 Aviso 2019-01-15 Falla criptogr\u00e1fica en Windows 10 y Server          2016"},"content":{"rendered":"\n<p>CSIRT Panam\u00e1   Aviso 2019-01-15 Falla criptogr\u00e1fica en Windows 10 y Server 2016<\/p>\n\n\n\n<p>Gravedad: Cr\u00edtica<br>\n              Fecha de publicaci\u00f3n: 15 enero 2020<br>\n              \u00daltima revisi\u00f3n: Revisi\u00f3n A.<br>\n              Fuente: <a href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2020-0601\">https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2020-0601<\/a><\/p>\n\n\n\n<p>Sistemas\n              Afectados<br>\n              \u2022 Windows 10<br>\n              \u2022 Windows Server 2016<\/p>\n\n\n\n<p>I.\n              Descripci\u00f3n<br>\n              Existe una vulnerabilidad de suplantaci\u00f3n de identidad en\n              la forma en que\n              Windows CryptoAPI (Crypt32.dll) valida los certificados de\n              criptograf\u00eda de\n              curva el\u00edptica (ECC).<\/p>\n\n\n\n<p>II.\n              Impacto<\/p>\n\n\n\n<p>Un atacante podr\u00eda\n              aprovechar la vulnerabilidad mediante el uso de un\n              certificado de firma de\n              c\u00f3digo falsificado para firmar un ejecutable malicioso,\n              haciendo que parezca\n              que el archivo proviene de una fuente confiable y\n              leg\u00edtima. El usuario no\n              tendr\u00eda forma de saber que el archivo era malicioso,\n              porque la firma digital\n              parecer\u00eda ser de un proveedor confiable.<\/p>\n\n\n\n<p>Una explotaci\u00f3n exitosa\n              tambi\u00e9n podr\u00eda permitir al atacante realizar ataques de\n              hombre en el medio y\n              descifrar informaci\u00f3n confidencial sobre las conexiones de\n              los usuarios con el\n              software afectado.<\/p>\n\n\n\n<p>La actualizaci\u00f3n de\n              seguridad corrige la vulnerabilidad al garantizar que\n              Windows CryptoAPI valida\n              por completo los certificados ECC.<\/p>\n\n\n\n<p>III.               Referencia a soluciones, herramientas               e informaci\u00f3n<br>               Para descargar el parche de forma inmediata puede hacerlo               en el enlace <a href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2020-0601\">https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2020-0601<\/a> y                 seleccionando su versi\u00f3n                 de Windows.<\/p>\n\n\n\n<p>Por medio de\n              Windows update tambi\u00e9n ser\u00e1 incluido\n              eventualmente.<\/p>\n\n\n\n<p>IV.               Informaci\u00f3n de contacto<br>               CSIRT PANAMA<br>               Autoridad Nacional para la Innovaci\u00f3n Gubernamental<br>               E-mail: <a href=\"mailto:info@cert.pa\">info@cert.pa<\/a><br>               Web: <a href=\"http:\/\/www.cert.pa\">http:\/\/www.cert.pa<\/a><br><\/p>\n","protected":false},"excerpt":{"rendered":"<p>CSIRT Panam\u00e1 Aviso 2019-01-15 Falla criptogr\u00e1fica en Windows 10 y Server 2016 Gravedad: Cr\u00edtica Fecha de publicaci\u00f3n: 15 enero 2020 \u00daltima revisi\u00f3n: Revisi\u00f3n A. Fuente: https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2020-0601 Sistemas Afectados \u2022 Windows 10 \u2022 Windows Server 2016&#8230;<\/p>\n","protected":false},"author":5,"featured_media":414,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[4],"tags":[72,110,73,45,94],"class_list":["post-1784","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-avisos-de-seguridad","tag-avisos-de-seguridad","tag-boletines-de-seguridad","tag-parches","tag-windows","tag-windows-update"],"_links":{"self":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/1784","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1784"}],"version-history":[{"count":4,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/1784\/revisions"}],"predecessor-version":[{"id":1796,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/1784\/revisions\/1796"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/media\/414"}],"wp:attachment":[{"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1784"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1784"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1784"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}