{"id":2822,"date":"2021-07-20T10:24:11","date_gmt":"2021-07-20T15:24:11","guid":{"rendered":"https:\/\/cert.pa\/?p=2822"},"modified":"2021-07-20T10:24:11","modified_gmt":"2021-07-20T15:24:11","slug":"csirt-panama-aviso-2021-07-20-microsoft-vulnerabilidad-0day-en-microsoft-windows-print-spooler","status":"publish","type":"post","link":"https:\/\/cert.pa\/?p=2822","title":{"rendered":"CSIRT Panam\u00e1 Aviso 2021-07-20 Microsoft: Vulnerabilidad 0day en Microsoft Windows Print Spooler"},"content":{"rendered":"\n<p><strong>CSIRT Panam\u00e1 Aviso 2021-07-20 Microsoft: Vulnerabilidad 0day en Microsoft Windows Print Spooler<\/strong><br><br>Gravedad: Alta\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<br>Fecha de publicaci\u00f3n: Julio 19, 2021<br>\u00daltima revisi\u00f3n: Julio 19, 2021<br>Sitio web: <a href=\"https:\/\/www.microsoft.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/www.microsoft.com\/<\/a><br>Sistemas afectados: Microsoft Windows<br><br><strong>I.\u00a0\u00a0\u00a0 Descripci\u00f3n<\/strong><br><br>El investigador Benjamin Delpy ha reportado una vulnerabilidad 0day cr\u00edtica que podr\u00eda permitir a un atacante ejecutar c\u00f3digo arbitrario con privilegios SYSTEM. Existe una prueba de concepto p\u00fablica para esta vulnerabilidad, por lo que podr\u00eda estar siendo explotada activamente.\u00a0<br><br><strong>II.\u00a0\u00a0\u00a0 Impacto<\/strong><br><br>Vulnerabilidad: CVE-2021-34481<br><br>La vulnerabilidad permite a atacantes locales ejecutar c\u00f3digo arbitrario con privilegios SYSTEM, pudiendo instalar programas, manipular datos o crear nuevas cuentas con plenos derechos de usuario.<br><br>La vulnerabilidad 0day de tipo escalada de privilegios en el servicio Microsoft Windows Print Spooler podr\u00eda permitir a un atacante, sin privilegios de administrador, instalar controladores (drivers) de una impresora remota a trav\u00e9s de la funcionalidad Point and Print instalando librer\u00edas arbitrarias, junto con el controlador de la cola de impresi\u00f3n, que se ejecutar\u00edan con privilegios SYSTEM.<\/p>\n\n\n\n<p><strong>III. Referencia a soluciones, herramientas e informaci\u00f3n<\/strong><br><br>Por el momento se recomienda las siguientes medidas de mitigaci\u00f3n:<br>\u2022 Bloquear el tr\u00e1fico saliente de recursos SMB (Server Message Block) fuera de los l\u00edmites de una red propia.<br>\u2022 Configurar la pol\u00edtica de Windows denominada \u201cPackage Point and Print &#8211; Approved servers\u201d para restringir el uso de servidores por parte de usuarios sin privilegios administrativos.<br>\u2022 Microsoft ha anunciado la vulnerabilidad CVE-2021-34481, que pudiera estar relacionada, y la medida de mitigaci\u00f3n recomendada es deshabilitar el servicio Print Spooler.<br><br><strong>Fuentes:<\/strong><br>1.\u00a0\u00a0\u00a0 Instituto Nacional de Ciberseguridad, INCIBE. Avisos Seguridad, Vulnerabilidad 0day en Microsoft Windows Print Spooler. 19 de julio del 2021.\u00a0 Recopilado en: <a href=\"https:\/\/www.incibe-cert.es\/alerta-temprana\/avisos-seguridad\/vulnerabilidad-0day-microsoft-windows-print-spooler\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/www.incibe-cert.es\/alerta-temprana\/avisos-seguridad\/vulnerabilidad-0day-microsoft-windows-print-spooler<\/a><br>2.\u00a0\u00a0\u00a0 CSIRT Chile. 9VSA21-00470-01 CSIRT alerta de nueva vulnerabilidad en Windows Print Spooler de Microsoft. 19 de julio del 2021. Recopilado en: <a href=\"https:\/\/www.csirt.gob.cl\/vulnerabilidades\/9vsa21-00470-01\/\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/www.csirt.gob.cl\/vulnerabilidades\/9vsa21-00470-01\/<\/a><br>3.\u00a0\u00a0\u00a0 CVE. Windows Print Spooler Elevation of Privilege Vulnerability.\u00a0\u00a0 Recopilado en: <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2021-34481\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2021-34481<\/a><br>4.\u00a0\u00a0\u00a0 Windows Print Spooler Elevation of Privilege Vulnerability. 15 de julio 2021. Recopilado en: <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2021-34481\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2021-34481<\/a><br><br><br><strong>Informaci\u00f3n de contacto<\/strong><br>CSIRT PANAMA<br>Computer Security Incident Response Team Autoridad Nacional para la Innovacion Gubernamental<br>E-Mail: info@cert.pa<br>Phone: +507 520-CERT (2378)<br>Web: https:\/\/cert.pa<br>Twitter: @CSIRTPanama<br>Key ID: 16F2B124<br><br><\/p>\n","protected":false},"excerpt":{"rendered":"<p>CSIRT Panam\u00e1 Aviso 2021-07-20 Microsoft: Vulnerabilidad 0day en Microsoft Windows Print SpoolerGravedad: Alta\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Fecha de publicaci\u00f3n: Julio 19, 2021\u00daltima revisi\u00f3n: Julio 19, 2021Sitio web: https:\/\/www.microsoft.com\/Sistemas afectados: Microsoft WindowsI.\u00a0\u00a0\u00a0 Descripci\u00f3nEl investigador Benjamin Delpy ha reportado una vulnerabilidad&#8230;<\/p>\n","protected":false},"author":4,"featured_media":2767,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[4],"tags":[],"class_list":["post-2822","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-avisos-de-seguridad"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/2822","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2822"}],"version-history":[{"count":1,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/2822\/revisions"}],"predecessor-version":[{"id":2823,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/2822\/revisions\/2823"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/media\/2767"}],"wp:attachment":[{"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2822"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2822"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2822"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}