{"id":2766,"date":"2021-07-02T09:42:51","date_gmt":"2021-07-02T14:42:51","guid":{"rendered":"https:\/\/cert.pa\/?p=2766"},"modified":"2021-07-02T09:42:51","modified_gmt":"2021-07-02T14:42:51","slug":"csirt-panama-aviso-2021-jul-2-vulnerabilidad-0day-de-rce-en-el-servicio-print-spooler-de-microsoft-windows","status":"publish","type":"post","link":"https:\/\/cert.pa\/?p=2766","title":{"rendered":"CSIRT Panam\u00e1 Aviso 2021-jul-2 Vulnerabilidad 0day de RCE en el servicio Print Spooler de Microsoft Windows"},"content":{"rendered":"\n<p>CSIRT Panam\u00e1 Aviso 2021-jul-2 Vulnerabilidad 0day de RCE en el servicio Print Spooler de Microsoft Windows<br>Gravedad: Alta<br>Fecha de publicaci\u00f3n: julio 2, 2021<br>\u00daltima revisi\u00f3n: julio 2, 2021<br>https:\/\/www.incibe-cert.es\/alerta-temprana\/avisos-seguridad\/vulnerabilidad-0day-rce-el-servicio-print-spooler-microsoft-windows<\/p>\n\n\n\n<p>Recursos Afectados:<br>Windows Server 2016;<br>Windows Server 2019;<br>Windows Server 2012 (incluyendo R2);<br>Windows Server 2008 (incluyendo R2, R2 SP1 y R2 SP2);<br>Windows 7, 8.1 y 10 (incluyendo versi\u00f3n 1909);<br>Windows Server, versi\u00f3n 2004;<br>Windows Server, versi\u00f3n 20H2.<\/p>\n\n\n\n<p>I. Descripci\u00f3n<br>Un equipo de investigadores de Sangfor ha notificado una vulnerabilidad 0day cr\u00edtica denominada PrintNightmare, de tipo ejecuci\u00f3n remota de c\u00f3digo (RCE), que afecta al servicio Print Spooler de Microsoft Windows.<\/p>\n\n\n\n<p>Previamente, los investigadores, Zhipeng Huo (Tencent), Piotr Madej (AFINE) y Zhang Yunhai (NSFOCUS TIANJI LAB) hab\u00edan notificado una vulnerabilidad de escalada local de privilegios (LPE), que tambi\u00e9n afectaba al servicio Print Spooler de Microsoft Windows, y a la que se asign\u00f3 el identificador CVE-2021-1675.<\/p>\n\n\n\n<p>II. Detalle<br>Deshabilitar el servicio Print Spooler de Microsoft Windows, espec\u00edficamente en sistemas de controladores de dominio (DC) y directorio activo (AD), para lo que se recomienda utilizar un Group Policy Object.<\/p>\n\n\n\n<p>III. Referencia a soluciones, herramientas e informaci\u00f3n<br>Actualizar utilizando Microsoft Windows Update o herramientas de administracion de actualizaciones centralizadas.<\/p>\n\n\n\n<p>IV. Informaci\u00f3n de contacto<br>CSIRT PANAMA<br>Computer Security Incident Response Team Autoridad Nacional para la Innovacion Gubernamental<br>E-Mail: info@cert.pa<br>Phone: +507 520-CERT (2378)<br>Web: https:\/\/cert.pa<br>Twitter: @CSIRTPanama<br>Facebook: http:\/\/www.facebook.com\/CSIRTPanama<br>Key ID: 16F2B124<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CSIRT Panam\u00e1 Aviso 2021-jul-2 Vulnerabilidad 0day de RCE en el servicio Print Spooler de Microsoft WindowsGravedad: AltaFecha de publicaci\u00f3n: julio 2, 2021\u00daltima revisi\u00f3n: julio 2, 2021https:\/\/www.incibe-cert.es\/alerta-temprana\/avisos-seguridad\/vulnerabilidad-0day-rce-el-servicio-print-spooler-microsoft-windows Recursos Afectados:Windows Server 2016;Windows Server 2019;Windows Server 2012 (incluyendo&#8230;<\/p>\n","protected":false},"author":5,"featured_media":2767,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[4],"tags":[149,9,148,45,108],"class_list":["post-2766","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-avisos-de-seguridad","tag-0-day","tag-microsoft","tag-print-spooler","tag-windows","tag-zero-day"],"_links":{"self":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/2766","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2766"}],"version-history":[{"count":1,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/2766\/revisions"}],"predecessor-version":[{"id":2768,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/2766\/revisions\/2768"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/media\/2767"}],"wp:attachment":[{"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2766"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2766"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2766"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}