{"id":2491,"date":"2021-01-14T15:20:22","date_gmt":"2021-01-14T20:20:22","guid":{"rendered":"https:\/\/cert.pa\/?p=2491"},"modified":"2021-01-14T15:20:22","modified_gmt":"2021-01-14T20:20:22","slug":"csirt-panama-aviso-2021-ene-14-actualizaciones-de-microsoft-corriguen-83-fallas","status":"publish","type":"post","link":"https:\/\/cert.pa\/?p=2491","title":{"rendered":"CSIRT Panam\u00e1 Aviso 2021-ene-14 Actualizaciones de Microsoft corriguen 83 fallas."},"content":{"rendered":"\n

CSIRT Panam\u00e1 Aviso 2021-ene-14 Actualizaciones de Microsoft corriguen 83 fallas.
\nGravedad: Alta
\nFecha de publicaci\u00f3n: enero 14, 2021
\n\u00daltima revisi\u00f3n: enero 13, 2021
\nhttps:\/\/msrc.microsoft.com\/update-guide\/en-us\/releaseNote\/2021-Jan<\/p>\n\n\n\n

Sistemas Afectados:
\nMicrosoft Windows
\nMicrosoft Edge (EdgeHTML-based)
\nMicrosoft Office and Microsoft Office Services and Web Apps
\nMicrosoft Windows Codecs Library
\nVisual Studio
\nSQL Server
\nMicrosoft Malware Protection Engine
\n.NET Core
\n.NET Repository
\nASP .NET
\nAzure<\/p>\n\n\n\n

I. Descripci\u00f3n
\nCon el lanzamiento de las actualizaciones de seguridad de enero de 2021, Microsoft lanz\u00f3 correcciones para 83 vulnerabilidades en los productos de Microsoft.
\nDe estas vulnerabilidades, 10 se clasifican como cr\u00edticas, 73 como importantes.<\/p>\n\n\n\n

II. Problemas Conocidos<\/p>\n\n\n\n
Tag<\/th>CVE ID<\/th>CVE Title<\/th>Severity<\/th><\/tr>
.NET Repository<\/td>CVE-2021-1725<\/a><\/td>Bot Framework SDK Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
ASP.NET core & .NET core<\/td>CVE-2021-1723<\/a><\/td>ASP.NET Core and Visual Studio Denial of Service Vulnerability<\/td>Important<\/td><\/tr>
Azure Active Directory Pod Identity<\/td>CVE-2021-1677<\/a><\/td>Azure Active Directory Pod Identity Spoofing Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Bluetooth Driver<\/td>CVE-2021-1683<\/a><\/td>Windows Bluetooth Security Feature Bypass Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Bluetooth Driver<\/td>CVE-2021-1638<\/a><\/td>Windows Bluetooth Security Feature Bypass Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Bluetooth Driver<\/td>CVE-2021-1684<\/a><\/td>Windows Bluetooth Security Feature Bypass Vulnerability<\/td>Important<\/td><\/tr>
Microsoft DTV-DVD Video Decoder<\/td>CVE-2021-1668<\/a><\/td>Microsoft DTV-DVD Video Decoder Remote Code Execution Vulnerability<\/td>Critical<\/td><\/tr>
Microsoft Edge (HTML-based)<\/td>CVE-2021-1705<\/a><\/td>Microsoft Edge (HTML-based) Memory Corruption Vulnerability<\/td>Critical<\/td><\/tr>
Microsoft Graphics Component<\/td>CVE-2021-1709<\/a><\/td>Windows Win32k Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Graphics Component<\/td>CVE-2021-1696<\/a><\/td>Windows Graphics Component Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Graphics Component<\/td>CVE-2021-1665<\/a><\/td>GDI+ Remote Code Execution Vulnerability<\/td>Critical<\/td><\/tr>
Microsoft Graphics Component<\/td>CVE-2021-1708<\/a><\/td>Windows GDI+ Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Malware Protection Engine<\/td>CVE-2021-1647<\/a><\/td>Microsoft Defender Remote Code Execution Vulnerability<\/td>Critical<\/td><\/tr>
Microsoft Office<\/td>CVE-2021-1713<\/a><\/td>Microsoft Excel Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office<\/td>CVE-2021-1714<\/a><\/td>Microsoft Excel Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office<\/td>CVE-2021-1711<\/a><\/td>Microsoft Office Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office<\/td>CVE-2021-1715<\/a><\/td>Microsoft Word Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office<\/td>CVE-2021-1716<\/a><\/td>Microsoft Word Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office SharePoint<\/td>CVE-2021-1712<\/a><\/td>Microsoft SharePoint Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office SharePoint<\/td>CVE-2021-1707<\/a><\/td>Microsoft SharePoint Server Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office SharePoint<\/td>CVE-2021-1718<\/a><\/td>Microsoft SharePoint Server Tampering Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office SharePoint<\/td>CVE-2021-1717<\/a><\/td>Microsoft SharePoint Spoofing Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office SharePoint<\/td>CVE-2021-1719<\/a><\/td>Microsoft SharePoint Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office SharePoint<\/td>CVE-2021-1641<\/a><\/td>Microsoft SharePoint Spoofing Vulnerability<\/td>Important<\/td><\/tr>
Microsoft RPC<\/td>CVE-2021-1702<\/a><\/td>Windows Remote Procedure Call Runtime Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Windows<\/td>CVE-2021-1649<\/a><\/td>Active Template Library Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Windows<\/td>CVE-2021-1676<\/a><\/td>Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Windows<\/td>CVE-2021-1689<\/a><\/td>Windows Multipoint Management Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Windows<\/td>CVE-2021-1657<\/a><\/td>Windows Fax Compose Form Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Windows<\/td>CVE-2021-1646<\/a><\/td>Windows WLAN Service Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Windows<\/td>CVE-2021-1650<\/a><\/td>Windows Runtime C++ Template Library Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Windows<\/td>CVE-2021-1706<\/a><\/td>Windows LUAFV Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Windows<\/td>CVE-2021-1699<\/a><\/td>Windows (modem.sys) Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Windows Codecs Library<\/td>CVE-2021-1644<\/a><\/td>HEVC Video Extensions Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Windows Codecs Library<\/td>CVE-2021-1643<\/a><\/td>HEVC Video Extensions Remote Code Execution Vulnerability<\/td>Critical<\/td><\/tr>
Microsoft Windows DNS<\/td>CVE-2021-1637<\/a><\/td>Windows DNS Query Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
SQL Server<\/td>CVE-2021-1636<\/a><\/td>Microsoft SQL Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Visual Studio<\/td>CVE-2020-26870<\/a><\/td>Visual Studio Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Windows AppX Deployment Extensions<\/td>CVE-2021-1642<\/a><\/td>Windows AppX Deployment Extensions Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows AppX Deployment Extensions<\/td>CVE-2021-1685<\/a><\/td>Windows AppX Deployment Extensions Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows CryptoAPI<\/td>CVE-2021-1679<\/a><\/td>Windows CryptoAPI Denial of Service Vulnerability<\/td>Important<\/td><\/tr>
Windows CSC Service<\/td>CVE-2021-1652<\/a><\/td>Windows CSC Service Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows CSC Service<\/td>CVE-2021-1654<\/a><\/td>Windows CSC Service Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows CSC Service<\/td>CVE-2021-1659<\/a><\/td>Windows CSC Service Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows CSC Service<\/td>CVE-2021-1653<\/a><\/td>Windows CSC Service Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows CSC Service<\/td>CVE-2021-1655<\/a><\/td>Windows CSC Service Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows CSC Service<\/td>CVE-2021-1693<\/a><\/td>Windows CSC Service Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows CSC Service<\/td>CVE-2021-1688<\/a><\/td>Windows CSC Service Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows Diagnostic Hub<\/td>CVE-2021-1680<\/a><\/td>Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows Diagnostic Hub<\/td>CVE-2021-1651<\/a><\/td>Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows DP API<\/td>CVE-2021-1645<\/a><\/td>Windows Docker Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Windows Event Logging Service<\/td>CVE-2021-1703<\/a><\/td>Windows Event Logging Service Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows Event Tracing<\/td>CVE-2021-1662<\/a><\/td>Windows Event Tracing Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows Hyper-V<\/td>CVE-2021-1691<\/a><\/td>Hyper-V Denial of Service Vulnerability<\/td>Important<\/td><\/tr>
Windows Hyper-V<\/td>CVE-2021-1704<\/a><\/td>Windows Hyper-V Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows Hyper-V<\/td>CVE-2021-1692<\/a><\/td>Hyper-V Denial of Service Vulnerability<\/td>Important<\/td><\/tr>
Windows Installer<\/td>CVE-2021-1661<\/a><\/td>Windows Installer Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows Installer<\/td>CVE-2021-1697<\/a><\/td>Windows InstallService Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows Kernel<\/td>CVE-2021-1682<\/a><\/td>Windows Kernel Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows Media<\/td>CVE-2021-1710<\/a><\/td>Microsoft Windows Media Foundation Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Windows NTLM<\/td>CVE-2021-1678<\/a><\/td>NTLM Security Feature Bypass Vulnerability<\/td>Important<\/td><\/tr>
Windows Print Spooler Components<\/td>CVE-2021-1695<\/a><\/td>Windows Print Spooler Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows Projected File System Filter Driver<\/td>CVE-2021-1663<\/a><\/td>Windows Projected File System FS Filter Driver Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Windows Projected File System Filter Driver<\/td>CVE-2021-1672<\/a><\/td>Windows Projected File System FS Filter Driver Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Windows Projected File System Filter Driver<\/td>CVE-2021-1670<\/a><\/td>Windows Projected File System FS Filter Driver Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Windows Remote Desktop<\/td>CVE-2021-1674<\/a><\/td>Windows Remote Desktop Protocol Core Security Feature Bypass Vulnerability<\/td>Important<\/td><\/tr>
Windows Remote Desktop<\/td>CVE-2021-1669<\/a><\/td>Windows Remote Desktop Security Feature Bypass Vulnerability<\/td>Important<\/td><\/tr>
Windows Remote Procedure Call Runtime<\/td>CVE-2021-1701<\/a><\/td>Remote Procedure Call Runtime Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Windows Remote Procedure Call Runtime<\/td>CVE-2021-1700<\/a><\/td>Remote Procedure Call Runtime Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Windows Remote Procedure Call Runtime<\/td>CVE-2021-1666<\/a><\/td>Remote Procedure Call Runtime Remote Code Execution Vulnerability<\/td>Critical<\/td><\/tr>
Windows Remote Procedure Call Runtime<\/td>CVE-2021-1664<\/a><\/td>Remote Procedure Call Runtime Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Windows Remote Procedure Call Runtime<\/td>CVE-2021-1671<\/a><\/td>Remote Procedure Call Runtime Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Windows Remote Procedure Call Runtime<\/td>CVE-2021-1673<\/a><\/td>Remote Procedure Call Runtime Remote Code Execution Vulnerability<\/td>Critical<\/td><\/tr>
Windows Remote Procedure Call Runtime<\/td>CVE-2021-1658<\/a><\/td>Remote Procedure Call Runtime Remote Code Execution Vulnerability<\/td>Critical<\/td><\/tr>
Windows Remote Procedure Call Runtime<\/td>CVE-2021-1667<\/a><\/td>Remote Procedure Call Runtime Remote Code Execution Vulnerability<\/td>Critical<\/td><\/tr>
Windows Remote Procedure Call Runtime<\/td>CVE-2021-1660<\/a><\/td>Remote Procedure Call Runtime Remote Code Execution Vulnerability<\/td>Critical<\/td><\/tr>
Windows splwow64<\/td>CVE-2021-1648<\/a><\/td>Microsoft splwow64 Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows TPM Device Driver<\/td>CVE-2021-1656<\/a><\/td>TPM Device Driver Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Windows Update Stack<\/td>CVE-2021-1694<\/a><\/td>Windows Update Stack Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows WalletService<\/td>CVE-2021-1686<\/a><\/td>Windows WalletService Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows WalletService<\/td>CVE-2021-1681<\/a><\/td>Windows WalletService Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows WalletService<\/td>CVE-2021-1690<\/a><\/td>Windows WalletService Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows WalletService<\/td>CVE-2021-1687<\/a><\/td>Windows WalletService Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr><\/tbody><\/table>\n\n\n\n

III. Referencia a soluciones, herramientas e informaci\u00f3n
\nActualizar utilizando Microsoft Windows Update o herramientas de administracion de actualizaciones centralizadas.<\/p>\n\n\n\n

IV. Informaci\u00f3n de contacto
\nCSIRT PANAMA
\nComputer Security Incident Response Team Autoridad Nacional para la Innovacion Gubernamental
\nE-Mail: info@cert.pa
\nPhone: +507 520-CERT (2378)
\nWeb: https:\/\/cert.pa
\nTwitter: @CSIRTPanama
\nFacebook: http:\/\/www.facebook.com\/CSIRTPanama
\nKey ID: 16F2B124<\/p>\n","protected":false},"excerpt":{"rendered":"

CSIRT Panam\u00e1 Aviso 2021-ene-14 Actualizaciones de Microsoft corriguen 83 fallas. Gravedad: Alta Fecha de publicaci\u00f3n: enero 14, 2021 \u00daltima revisi\u00f3n: enero 13, 2021 https:\/\/msrc.microsoft.com\/update-guide\/en-us\/releaseNote\/2021-Jan Sistemas Afectados: Microsoft Windows Microsoft Edge (EdgeHTML-based) Microsoft Office and Microsoft…<\/p>\n","protected":false},"author":4,"featured_media":1847,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[4],"tags":[76,72,98,94],"class_list":["post-2491","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-avisos-de-seguridad","tag-actualizaciones","tag-avisos-de-seguridad","tag-patch-tuesday","tag-windows-update"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/2491","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2491"}],"version-history":[{"count":1,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/2491\/revisions"}],"predecessor-version":[{"id":2492,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/2491\/revisions\/2492"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/media\/1847"}],"wp:attachment":[{"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2491"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2491"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2491"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}