{"id":216,"date":"2015-07-20T09:28:45","date_gmt":"2015-07-20T14:28:45","guid":{"rendered":"https:\/\/10.252.76.154\/?p=216"},"modified":"2015-09-29T17:01:05","modified_gmt":"2015-09-29T22:01:05","slug":"csirt-panama-aviso-2015-07-boletin-de-seguridad-de-microsoft-ms15-078-cve-2015-2426","status":"publish","type":"post","link":"https:\/\/cert.pa\/?p=216","title":{"rendered":"CSIRT Panam\u00e1 Aviso 2015-07- Bolet\u00edn de Seguridad de Microsoft MS15-078 (CVE-2015-2426)"},"content":{"rendered":"

CSIRT Panam\u00e1 Aviso 2015-07- Bolet\u00edn de Seguridad de Microsoft MS15-078 (CVE-2015-2426)
\nGravedad: ALTA
\nFecha de publicaci\u00f3n: Julio, 2015
\nFecha de modificaci\u00f3n: Julio, 2015
\n\u00daltima revisi\u00f3n: Revisi\u00f3n A.<\/p>\n

I. Sistemas Afectados
\n\u2022 Todas las versiones de Microsoft Windows<\/p>\n

II. Descripci\u00f3n
\nSe ha reportado una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en los sistemas Microsoft Windows debido a un mal manejo de la librer\u00eda Windows Adobe Type Manager al momento de procesar tipograf\u00edas tipo OpenType. Seg\u00fan el bolet\u00edn de seguridad [1] un atacante podr\u00eda tomar control de la m\u00e1quina objetivo enga\u00f1ando al usuario final para que abra un documento dise\u00f1ado especialmente para explotar esta vulnerabilidad o visitando un sitio web que contenga tipos de letra OpenType.<\/p>\n

III. Impacto
\nVector de acceso: A trav\u00e9s de red.
\nComplejidad de Acceso: Baja.
\nAutenticaci\u00f3n: No requerida para explotarla.
\nTipo de impacto:
\nCompromiso total de la integridad del sistema,
\nCompromiso total de la disponibilidad del sistema,
\nCompromiso total de la confidencialidad del sistema<\/p>\n

IV. Mitigaci\u00f3n
\n\u2022 Actualizar el software
\nSe recomienda actualizar su versi\u00f3n del software en caso tal sea necesario.
\nPara mayor informaci\u00f3n por favor lea el bolet\u00edn de seguridad publicado por Microsoft. (Ver: https:\/\/technet.microsoft.com\/library\/security\/ms15-078)<\/p>\n

V. Informaci\u00f3n Adicional
\n[1] https:\/\/technet.microsoft.com\/library\/security\/ms15-078<\/p>\n

VI. Informaci\u00f3n de contacto
\nCSIRT PANAMA
\nAutoridad Nacional para la Innovaci\u00f3n Gubernamental
\nE-Mail: info@cert.pa
\nTel\u00e9fono: 520-2378
\nWeb: https:\/\/www.cert.pa<\/p>\n

—–BEGIN PGP PUBLIC KEY BLOCK—–
\nVersion: GnuPG v2.0.17 (MingW32)<\/p>\n

mQENBE8C9KoBCAClkvrtdD08B1YgIntnK241GmWY7fRWtPn\/QIEG1+TLokEuOhw+
\nGq\/lK\/4NP9RzqpD57LcRUBiGgTmO\/5C9xkhVmxz2jid0h03fLorC84rAk2pOjr0i
\npbltETq9RCGhOWp13OV22x2yiIedBi05bzw3F+uLHhn9xKjmpBuZB6WO\/TuD52DH
\nKRZtwSvoaa61vL0bGnIf3lNGWkALWEC3lGBppby4D05N2FNfgfOFr1yOpxTaRaDh
\n4kOnoAEWVzppkTPyqSOkwXmgdma8D9yqD41Ffu8ypGTv+OOVO7jDq8tx9wVZEU+w
\npqBTzQcf0P0K7qO3igdHQxqHmqXsaJpbmvCBABEBAAG0KkNTSVJUIFBhbmFtYSAo
\nQ1NJUlQgUGFuYW1hKSA8aW5mb0BjZXJ0LnBhPokBOAQTAQIAIgUCTwL0qgIbDwYL
\nCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQ2YlXchbysSSPSQgAooUy3qSR\/YX2
\nH3USJ5VzrmnraHg5LIWRPIBD1PGrswjLE8hxdobPU\/uzi9LWnEcDscfFVKM\/K0Jt
\nbjeoESqCVFlpE0YXJWdDhy0m2WM410sDE2HVXbPhWGqrNeDb0VUV\/LWag1yYTj5w
\nkkxma4Tk5TqlhgL5su2PpjtTdFSHYD4N+4mu7g1GhRrrpz+u7ZRm3b\/WkAJg5FIg
\nU0MpPqUGAF5\/pc02ZB10FdxDwWyXAkwYUN+zfLiKzKOrBGkEw9+jvFGU+z76P9Zk
\n1XJIexpmkBYTxc+TOclhAp\/3HP4taoBHRMoR1q1YhdC++UgRSLmPLGn\/AB707JzN
\nQ80++q2kWQ==
\n=JUYg
\n—–END PGP PUBLIC KEY BLOCK—–<\/p>\n","protected":false},"excerpt":{"rendered":"

CSIRT Panam\u00e1 Aviso 2015-07- Bolet\u00edn de Seguridad de Microsoft MS15-078 (CVE-2015-2426) Gravedad: ALTA Fecha de publicaci\u00f3n: Julio, 2015 Fecha de modificaci\u00f3n: Julio, 2015 \u00daltima revisi\u00f3n: Revisi\u00f3n A. I. Sistemas Afectados \u2022 Todas las versiones de…<\/p>\n","protected":false},"author":4,"featured_media":295,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[4],"tags":[8,9],"class_list":["post-216","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-avisos-de-seguridad","tag-avisos","tag-microsoft"],"_links":{"self":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/216","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=216"}],"version-history":[{"count":1,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/216\/revisions"}],"predecessor-version":[{"id":221,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/216\/revisions\/221"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/media\/295"}],"wp:attachment":[{"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=216"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=216"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=216"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}