{"id":222,"date":"2015-07-14T09:31:11","date_gmt":"2015-07-14T14:31:11","guid":{"rendered":"https:\/\/10.252.76.154\/?p=222"},"modified":"2015-09-29T17:04:51","modified_gmt":"2015-09-29T22:04:51","slug":"222","status":"publish","type":"post","link":"https:\/\/cert.pa\/?p=222","title":{"rendered":"CSIRT Panam\u00e1 Aviso 2015-07 &#8211; Bolet\u00edn de Seguridad de Microsoft"},"content":{"rendered":"<p style=\"text-align: justify;\">CSIRT Panam\u00e1 Aviso 2015-07 &#8211; Bolet\u00edn de Seguridad de Microsoft<br \/>\nGravedad: ALTA<br \/>\nFecha de publicaci\u00f3n: Julio, 2015<br \/>\nFecha de modificaci\u00f3n: Julio, 2015<br \/>\n\u00daltima revisi\u00f3n: Revisi\u00f3n A.<br \/>\nFuente: Bolet\u00edn de Seguridad de Microsoft<br \/>\nI. Sistemas Afectados<br \/>\nEjecuci\u00f3n remota de c\u00f3digo:<br \/>\n\u2022 Internet Explorer (IE 6, IE 7, IE 8, IE 9, IE 10, IE 11)<br \/>\n\u2022 VBScript Scripting Engine (Windows Server 2003, Windows Vista, Windows Server 2008, Server Core Installation)<br \/>\n\u2022 RDP (Windows 7, Windows 8, Windows Server 2012, Server Core Installation option)<br \/>\n\u2022 Windows Hyper-V (Windows Server 2008, Windows Server 2008 R2, Windows 8\/8.1, Windows Server 2012\/2012 R2, Server Core Installation option)<br \/>\n\u2022 Microsoft SQL Server (2008 SP3, 2008 SP4, 2008 R2 SP2, 2008 R2 SP3, 2012 SP1, 2012 SP2, 2014)<br \/>\n\u2022 Microsoft Windows (Server 2003, Vista, Server 2008, 7, Server 2008 R2, 8.1, Server 2012 R2, RT 8.1)<br \/>\n\u2022 Microsoft Office (2007, 2010, 2013, 2013 RT, para Mac, Excel Viewer 2007 SP3, Office Compatibility Pack SP3, Word Viewer)<\/p>\n<p style=\"text-align: justify;\">Elevaci\u00f3n de privilegios:<br \/>\n\u2022 Netlogon (Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012\/2012 R2, Server Core Installation option)<br \/>\n\u2022 Windows Graphics Component (Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8\/8.1, Windows Server 2012\/2012 R2, Windows RT\/RT 8.1, Server Core Installation option)<br \/>\n\u2022 Windows Kernel-Mode Driver (Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8\/8.1, Windows Server 2012\/2012 R2,Windows RT\/RT 8.1, Server Core Installation option)<br \/>\n\u2022 Windows Installer Service (Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8\/8.1, Windows Server 2012\/2012 R2, Windows RT\/RT 8.1, Server Core Installation option)<br \/>\n\u2022 OLE (Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8\/8.1, Windows Server 2012\/2012 R2, Windows RT\/RT 8.1, Server Core Installation option)<br \/>\n\u2022 Windows Remote Procedure Call (Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8\/8.1, Windows Server 2012\/2012 R2, Windows RT\/RT 8.1, Server Core Installation option)<br \/>\n\u2022 ATM Font Driver (Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8\/8.1, Windows Server 2012\/2012 R2, Windows RT\/RT 8.1, Server Core Installation option)<\/p>\n<p style=\"text-align: justify;\">II. Descripci\u00f3n<br \/>\nLa ejecuci\u00f3n remota de c\u00f3digo arbitrario es un ataque inform\u00e1tico que consiste en poder llevar a cabo instrucciones hacia un servidor o m\u00e1quina v\u00edctima de forma remota sin necesidad de tener credenciales de acceso al entorno v\u00edctima.<br \/>\nLa elevaci\u00f3n de privilegios consiste en las acciones con las cuales un atacante cibern\u00e9tico obtiene mayores privilegios de acceso comenzando con credenciales que no poseen privilegios importantes en el sistema v\u00edctima.<br \/>\nEl bolet\u00edn de seguridad de Microsoft presente actualizaciones que resuelven estas vulnerabilidades altas que podr\u00edan permitir a un atacante tomar control de los sistemas afectados.<br \/>\nIII. Detecci\u00f3n<br \/>\n\u2022 Verifique la versi\u00f3n de Internet Explorer, VBScript Scripting Engine, RDP, Windows Hyper-V, Microsoft SQL Server, Microsoft Windows, Microsoft Office, Netlogon, Windows Graphics Component, Windows Kernel-Mode Driver, Windows Installer Service, OLE, Windows Remote Procedure Call, ATM Font Driver que utilizan sus usuarios.<br \/>\nIV. Mitigaci\u00f3n<br \/>\n\u2022 Actualizar el software<br \/>\nSe recomienda actualizar su versi\u00f3n del software en caso tal sea necesario.<br \/>\nPara mayor informaci\u00f3n por favor lea el bolet\u00edn de seguridad publicado por Microsoft presentado en Informaci\u00f3n Adicional.<br \/>\nV. Informaci\u00f3n Adicional<br \/>\nActualizaciones para contrarrestar la ejecuci\u00f3n remota de c\u00f3digo mencionadas:<br \/>\n[1] https:\/\/technet.microsoft.com\/library\/security\/MS15-058<br \/>\n[2] https:\/\/technet.microsoft.com\/en-us\/library\/security\/MS15-065<br \/>\n[3] https:\/\/technet.microsoft.com\/en-us\/library\/security\/MS15-066<br \/>\n[4] https:\/\/technet.microsoft.com\/en-us\/library\/security\/MS15-067<br \/>\n[5] https:\/\/technet.microsoft.com\/en-us\/library\/security\/MS15-068<br \/>\n[6] https:\/\/technet.microsoft.com\/en-us\/library\/security\/MS15-069<br \/>\n[7] https:\/\/technet.microsoft.com\/en-us\/library\/security\/MS15-070<br \/>\nActualizaciones para contrarrestar la escalaci\u00f3n de privilegios mencionadas:<br \/>\n[1] https:\/\/technet.microsoft.com\/en-us\/library\/security\/MS15-071<br \/>\n[2] https:\/\/technet.microsoft.com\/en-us\/library\/security\/MS15-072<br \/>\n[3] https:\/\/technet.microsoft.com\/en-us\/library\/security\/MS15-073<br \/>\n[4] https:\/\/technet.microsoft.com\/en-us\/library\/security\/MS15-074<br \/>\n[5] https:\/\/technet.microsoft.com\/en-us\/library\/security\/MS15-075<br \/>\n[6] https:\/\/technet.microsoft.com\/en-us\/library\/security\/MS15-076<br \/>\n[7] https:\/\/technet.microsoft.com\/en-us\/library\/security\/MS15-077<\/p>\n<p style=\"text-align: justify;\">VI. Informaci\u00f3n de contacto<br \/>\nCSIRT PANAMA<br \/>\nAutoridad Nacional para la Innovaci\u00f3n Gubernamental<br \/>\nE-Mail: info@cert.pa<br \/>\nTel\u00e9fono: 520-2378<br \/>\nWeb: https:\/\/www.cert.pa<\/p>\n<p style=\"text-align: justify;\">&#8212;&#8211;BEGIN PGP PUBLIC KEY BLOCK&#8212;&#8211;<br \/>\nVersion: GnuPG v2.0.17 (MingW32)<\/p>\n<p style=\"text-align: justify;\">mQENBE8C9KoBCAClkvrtdD08B1YgIntnK241GmWY7fRWtPn\/QIEG1+TLokEuOhw+<br \/>\nGq\/lK\/4NP9RzqpD57LcRUBiGgTmO\/5C9xkhVmxz2jid0h03fLorC84rAk2pOjr0i<br \/>\npbltETq9RCGhOWp13OV22x2yiIedBi05bzw3F+uLHhn9xKjmpBuZB6WO\/TuD52DH<br \/>\nKRZtwSvoaa61vL0bGnIf3lNGWkALWEC3lGBppby4D05N2FNfgfOFr1yOpxTaRaDh<br \/>\n4kOnoAEWVzppkTPyqSOkwXmgdma8D9yqD41Ffu8ypGTv+OOVO7jDq8tx9wVZEU+w<br \/>\npqBTzQcf0P0K7qO3igdHQxqHmqXsaJpbmvCBABEBAAG0KkNTSVJUIFBhbmFtYSAo<br \/>\nQ1NJUlQgUGFuYW1hKSA8aW5mb0BjZXJ0LnBhPokBOAQTAQIAIgUCTwL0qgIbDwYL<br \/>\nCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQ2YlXchbysSSPSQgAooUy3qSR\/YX2<br \/>\nH3USJ5VzrmnraHg5LIWRPIBD1PGrswjLE8hxdobPU\/uzi9LWnEcDscfFVKM\/K0Jt<br \/>\nbjeoESqCVFlpE0YXJWdDhy0m2WM410sDE2HVXbPhWGqrNeDb0VUV\/LWag1yYTj5w<br \/>\nkkxma4Tk5TqlhgL5su2PpjtTdFSHYD4N+4mu7g1GhRrrpz+u7ZRm3b\/WkAJg5FIg<br \/>\nU0MpPqUGAF5\/pc02ZB10FdxDwWyXAkwYUN+zfLiKzKOrBGkEw9+jvFGU+z76P9Zk<br \/>\n1XJIexpmkBYTxc+TOclhAp\/3HP4taoBHRMoR1q1YhdC++UgRSLmPLGn\/AB707JzN<br \/>\nQ80++q2kWQ==<br \/>\n=JUYg<br \/>\n&#8212;&#8211;END PGP PUBLIC KEY BLOCK&#8212;&#8211;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CSIRT Panam\u00e1 Aviso 2015-07 &#8211; Bolet\u00edn de Seguridad de Microsoft Gravedad: ALTA Fecha de publicaci\u00f3n: Julio, 2015 Fecha de modificaci\u00f3n: Julio, 2015 \u00daltima revisi\u00f3n: Revisi\u00f3n A. Fuente: Bolet\u00edn de Seguridad de Microsoft I. Sistemas Afectados&#8230;<\/p>\n","protected":false},"author":4,"featured_media":295,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[4],"tags":[8],"class_list":["post-222","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-avisos-de-seguridad","tag-avisos"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/222","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=222"}],"version-history":[{"count":2,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/222\/revisions"}],"predecessor-version":[{"id":224,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/222\/revisions\/224"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/media\/295"}],"wp:attachment":[{"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=222"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=222"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=222"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}