{"id":2952,"date":"2021-11-12T10:47:51","date_gmt":"2021-11-12T15:47:51","guid":{"rendered":"https:\/\/cert.pa\/?p=2952"},"modified":"2021-11-12T10:47:51","modified_gmt":"2021-11-12T15:47:51","slug":"csirt-panama-aviso-2021-nov-12-microsoft-libera-actualizaciones-que-corrigen-6-dia-cero-y-55-fallas","status":"publish","type":"post","link":"https:\/\/cert.pa\/?p=2952","title":{"rendered":"CSIRT Panam\u00e1 Aviso 2021-nov-12 Microsoft Libera actualizaciones que corrigen 6 dia cero y 55 fallas."},"content":{"rendered":"\n

CSIRT Panam\u00e1 Aviso 2021-nov-12 Microsoft Libera actualizaciones que corrigen 6 dia cero y 55 fallas.
Gravedad: Alta
Fecha de publicaci\u00f3n: noviembre 12, 2021
\u00daltima revisi\u00f3n: noviembre 12, 2021
https:\/\/msrc.microsoft.com\/update-guide\/releaseNote\/2021-Nov<\/p>\n\n\n\n

Sistemas Afectados:
3D Viewer
Azure
Azure RTOS
Azure Sphere
Microsoft Dynamics
Microsoft Edge (Chromium-based)
Microsoft Edge (Chromium-based) in IE Mode
Microsoft Exchange Server
Microsoft Office
Microsoft Office Access
Microsoft Office Excel
Microsoft Office SharePoint
Microsoft Office Word
Microsoft Windows
Microsoft Windows Codecs Library
Power BI
Role: Windows Hyper-V
Visual Studio
Visual Studio Code
Windows Active Directory
Windows COM
Windows Core Shell
Windows Cred SSProvider Protocol
Windows Defender
Windows Desktop Bridge
Windows Diagnostic Hub
Windows Fastfat Driver
Windows Feedback Hub
Windows Hello
Windows Installer
Windows Kernel
Windows NTFS
Windows RDP
Windows Scripting
Windows Virtual Machine Bus<\/p>\n\n\n\n

I. Descripci\u00f3n
Con el lanzamiento de las actualizaciones de seguridad de noviembre de 2021, Microsoft lanz\u00f3 correcciones para 55 vulnerabilidades en los productos de Microsoft y 6 vulnerabilidades de dia cero.
De estas vulnerabilidades, 10 se clasifican como cr\u00edticas, 73 como importantes.<\/p>\n\n\n\n

II. Problemas Conocidos<\/p>\n\n\n\n

Tag<\/th>CVE ID<\/th>CVE Title<\/th>Severity<\/th><\/tr>
3D Viewer<\/td>CVE-2021-43209<\/a><\/td>3D Viewer Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
3D Viewer<\/td>CVE-2021-43208<\/a><\/td>3D Viewer Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Azure<\/td>CVE-2021-41373<\/a><\/td>FSLogix Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Azure RTOS<\/td>CVE-2021-42303<\/a><\/td>Azure RTOS Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Azure RTOS<\/td>CVE-2021-42302<\/a><\/td>Azure RTOS Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Azure RTOS<\/td>CVE-2021-42301<\/a><\/td>Azure RTOS Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Azure RTOS<\/td>CVE-2021-42323<\/a><\/td>Azure RTOS Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Azure RTOS<\/td>CVE-2021-26444<\/a><\/td>Azure RTOS Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Azure RTOS<\/td>CVE-2021-42304<\/a><\/td>Azure RTOS Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Azure Sphere<\/td>CVE-2021-41374<\/a><\/td>Azure Sphere Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Azure Sphere<\/td>CVE-2021-41376<\/a><\/td>Azure Sphere Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Azure Sphere<\/td>CVE-2021-42300<\/a><\/td>Azure Sphere Tampering Vulnerability<\/td>Important<\/td><\/tr>
Azure Sphere<\/td>CVE-2021-41375<\/a><\/td>Azure Sphere Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Dynamics<\/td>CVE-2021-42316<\/a><\/td>Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability<\/td>Critical<\/td><\/tr>
Microsoft Edge (Chromium-based) in IE Mode<\/td>CVE-2021-41351<\/a><\/td>Microsoft Edge (Chrome based) Spoofing on IE Mode<\/td>Important<\/td><\/tr>
Microsoft Exchange Server<\/td>CVE-2021-42305<\/a><\/td>Microsoft Exchange Server Spoofing Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Exchange Server<\/td>CVE-2021-41349<\/a><\/td>Microsoft Exchange Server Spoofing Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Exchange Server<\/td>CVE-2021-42321<\/a><\/td>Microsoft Exchange Server Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office Access<\/td>CVE-2021-41368<\/a><\/td>Microsoft Access Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office Excel<\/td>CVE-2021-40442<\/a><\/td>Microsoft Excel Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office Excel<\/td>CVE-2021-42292<\/a><\/td>Microsoft Excel Security Feature Bypass Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office Word<\/td>CVE-2021-42296<\/a><\/td>Microsoft Word Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Windows<\/td>CVE-2021-41356<\/a><\/td>Windows Denial of Service Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Windows Codecs Library<\/td>CVE-2021-42276<\/a><\/td>Microsoft Windows Media Foundation Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Power BI<\/td>CVE-2021-41372<\/a><\/td>Power BI Report Server Spoofing Vulnerability<\/td>Important<\/td><\/tr>
Role: Windows Hyper-V<\/td>CVE-2021-42284<\/a><\/td>Windows Hyper-V Denial of Service Vulnerability<\/td>Important<\/td><\/tr>
Role: Windows Hyper-V<\/td>CVE-2021-42274<\/a><\/td>Windows Hyper-V Discrete Device Assignment (DDA) Denial of Service Vulnerability<\/td>Important<\/td><\/tr>
Visual Studio<\/td>CVE-2021-3711<\/a><\/td>OpenSSL: CVE-2021-3711 SM2 Decryption Buffer Overflow<\/td>Critical<\/td><\/tr>
Visual Studio<\/td>CVE-2021-42319<\/a><\/td>Visual Studio Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Visual Studio Code<\/td>CVE-2021-42322<\/a><\/td>Visual Studio Code Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows Active Directory<\/td>CVE-2021-42278<\/a><\/td>Active Directory Domain Services Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows Active Directory<\/td>CVE-2021-42291<\/a><\/td>Active Directory Domain Services Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows Active Directory<\/td>CVE-2021-42287<\/a><\/td>Active Directory Domain Services Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows Active Directory<\/td>CVE-2021-42282<\/a><\/td>Active Directory Domain Services Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows COM<\/td>CVE-2021-42275<\/a><\/td>Microsoft COM for Windows Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Windows Core Shell<\/td>CVE-2021-42286<\/a><\/td>Windows Core Shell SI Host Extension Framework for Composable Shell Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows Cred SSProvider Protocol<\/td>CVE-2021-41366<\/a><\/td>Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows Defender<\/td>CVE-2021-42298<\/a><\/td>Microsoft Defender Remote Code Execution Vulnerability<\/td>Critical<\/td><\/tr>
Windows Desktop Bridge<\/td>CVE-2021-36957<\/a><\/td>Windows Desktop Bridge Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows Diagnostic Hub<\/td>CVE-2021-42277<\/a><\/td>Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows Fastfat Driver<\/td>CVE-2021-41377<\/a><\/td>Windows Fast FAT File System Driver Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows Feedback Hub<\/td>CVE-2021-42280<\/a><\/td>Windows Feedback Hub Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows Hello<\/td>CVE-2021-42288<\/a><\/td>Windows Hello Security Feature Bypass Vulnerability<\/td>Important<\/td><\/tr>
Windows Installer<\/td>CVE-2021-41379<\/a><\/td>Windows Installer Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows Kernel<\/td>CVE-2021-42285<\/a><\/td>Windows Kernel Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows NTFS<\/td>CVE-2021-42283<\/a><\/td>NTFS Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows NTFS<\/td>CVE-2021-41370<\/a><\/td>NTFS Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows NTFS<\/td>CVE-2021-41378<\/a><\/td>Windows NTFS Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Windows NTFS<\/td>CVE-2021-41367<\/a><\/td>NTFS Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows RDP<\/td>CVE-2021-38665<\/a><\/td>Remote Desktop Protocol Client Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Windows RDP<\/td>CVE-2021-38631<\/a><\/td>Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Windows RDP<\/td>CVE-2021-38666<\/a><\/td>Remote Desktop Client Remote Code Execution Vulnerability<\/td>Critical<\/td><\/tr>
Windows RDP<\/td>CVE-2021-41371<\/a><\/td>Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Windows Scripting<\/td>CVE-2021-42279<\/a><\/td>Chakra Scripting Engine Memory Corruption Vulnerability<\/td>Critical<\/td><\/tr>
Windows Virtual Machine Bus<\/td>CVE-2021-26443<\/a><\/td>Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability<\/td>Critical<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n

III. Referencia a soluciones, herramientas e informaci\u00f3n
Actualizar utilizando Microsoft Windows Update o herramientas de administracion de actualizaciones centralizadas.<\/p>\n\n\n\n

IV. Informaci\u00f3n de contacto
CSIRT PANAMA
Computer Security Incident Response Team Autoridad Nacional para la Innovacion Gubernamental
E-Mail: info@cert.pa
Phone: +507 520-CERT (2378)
Web: https:\/\/cert.pa
Twitter: @CSIRTPanama
Facebook: http:\/\/www.facebook.com\/CSIRTPanama
Key ID: 16F2B124<\/p>\n","protected":false},"excerpt":{"rendered":"

CSIRT Panam\u00e1 Aviso 2021-nov-12 Microsoft Libera actualizaciones que corrigen 6 dia cero y 55 fallas.Gravedad: AltaFecha de publicaci\u00f3n: noviembre 12, 2021\u00daltima revisi\u00f3n: noviembre 12, 2021https:\/\/msrc.microsoft.com\/update-guide\/releaseNote\/2021-Nov Sistemas Afectados:3D ViewerAzureAzure RTOSAzure SphereMicrosoft DynamicsMicrosoft Edge (Chromium-based)Microsoft Edge (Chromium-based)…<\/p>\n","protected":false},"author":4,"featured_media":1847,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[4],"tags":[72,9,98,45,94],"class_list":["post-2952","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-avisos-de-seguridad","tag-avisos-de-seguridad","tag-microsoft","tag-patch-tuesday","tag-windows","tag-windows-update"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/2952","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2952"}],"version-history":[{"count":1,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/2952\/revisions"}],"predecessor-version":[{"id":2953,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/2952\/revisions\/2953"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/media\/1847"}],"wp:attachment":[{"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2952"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2952"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2952"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}