Blog

Microsoft lanza parches de seguridad del mes de Septiembre – ¡Parchea ahora!

El día martes 14 de Septiembre del presente año, Microsoft ha puesto a disposición los parches de seguridad correspondientes al mes. 86 vulnerabilidades fueron solucionadas. La lista de fallas ya corregidas por la empresa, incluye vulnerabilidades relacionadas al navegador Chromium (Microsoft Edge), servicios Azure, Microsoft Office y finalmente, la famosa vulnerabilidad CVE-2021-40444 (Microsoft MSHTML Remote Code Execution Vulnerability).

Se recomienda a todos los administradores de sistemas, implementar los parches de seguridad lo más pronto posible.

A continuación se adjunta un listado de los parches de seguridad, realizado por Catalin Cimpanu (Reportero de Ciberseguridad en TheRecord_Media).

TagCVE IDTitulo de los CVE
Azure Open Management InfrastructureCVE-2021-38648Open Management Infrastructure Elevation of Privilege Vulnerability
Azure Open Management InfrastructureCVE-2021-38645Open Management Infrastructure Elevation of Privilege Vulnerability
Azure Open Management InfrastructureCVE-2021-38647Open Management Infrastructure Remote Code Execution Vulnerability
Azure Open Management InfrastructureCVE-2021-38649Open Management Infrastructure Elevation of Privilege Vulnerability
Azure SphereCVE-2021-36956Azure Sphere Information Disclosure Vulnerability
Dynamics Business Central ControlCVE-2021-40440Microsoft Dynamics Business Central Cross-site Scripting Vulnerability
Microsoft Accessibility Insights for AndroidCVE-2021-40448Microsoft Accessibility Insights for Android Information Disclosure Vulnerability
Microsoft Edge (Chromium-based)CVE-2021-30606Chromium: CVE-2021-30606 Use after free in Blink
Microsoft Edge (Chromium-based)CVE-2021-30609Chromium: CVE-2021-30609 Use after free in Sign-In
Microsoft Edge (Chromium-based)CVE-2021-30608Chromium: CVE-2021-30608 Use after free in Web Share
Microsoft Edge (Chromium-based)CVE-2021-30607Chromium: CVE-2021-30607 Use after free in Permissions
Microsoft Edge (Chromium-based)CVE-2021-38641Microsoft Edge for Android Spoofing Vulnerability
Microsoft Edge (Chromium-based)CVE-2021-38642Microsoft Edge for iOS Spoofing Vulnerability
Microsoft Edge (Chromium-based)CVE-2021-38669Microsoft Edge (Chromium-based) Tampering Vulnerability
Microsoft Edge (Chromium-based)CVE-2021-36930Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Microsoft Edge (Chromium-based)CVE-2021-30632Chromium: CVE-2021-30632 Out of bounds write in V8
Microsoft Edge (Chromium-based)CVE-2021-30610Chromium: CVE-2021-30610 Use after free in Extensions API
Microsoft Edge (Chromium-based)CVE-2021-30620Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink
Microsoft Edge (Chromium-based)CVE-2021-30619Chromium: CVE-2021-30619 UI Spoofing in Autofill
Microsoft Edge (Chromium-based)CVE-2021-30618Chromium: CVE-2021-30618 Inappropriate implementation in DevTools
Microsoft Edge (Chromium-based)CVE-2021-30621Chromium: CVE-2021-30621 UI Spoofing in Autofill
Microsoft Edge (Chromium-based)CVE-2021-30624Chromium: CVE-2021-30624 Use after free in Autofill
Microsoft Edge (Chromium-based)CVE-2021-30623Chromium: CVE-2021-30623 Use after free in Bookmarks
Microsoft Edge (Chromium-based)CVE-2021-30622Chromium: CVE-2021-30622 Use after free in WebApp Installs
Microsoft Edge (Chromium-based)CVE-2021-30613Chromium: CVE-2021-30613 Use after free in Base internals
Microsoft Edge (Chromium-based)CVE-2021-30612Chromium: CVE-2021-30612 Use after free in WebRTC
Microsoft Edge (Chromium-based)CVE-2021-30611Chromium: CVE-2021-30611 Use after free in WebRTC
Microsoft Edge (Chromium-based)CVE-2021-30614Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip
Microsoft Edge (Chromium-based)CVE-2021-30617Chromium: CVE-2021-30617 Policy bypass in Blink
Microsoft Edge (Chromium-based)CVE-2021-30616Chromium: CVE-2021-30616 Use after free in Media
Microsoft Edge (Chromium-based)CVE-2021-30615Chromium: CVE-2021-30615 Cross-origin data leak in Navigation
Microsoft Edge (Chromium-based)CVE-2021-26436Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Microsoft Edge for AndroidCVE-2021-26439Microsoft Edge for Android Information Disclosure Vulnerability
Microsoft MPEG-2 Video ExtensionCVE-2021-38644Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability
Microsoft OfficeCVE-2021-38657Microsoft Office Graphics Component Information Disclosure Vulnerability
Microsoft OfficeCVE-2021-38658Microsoft Office Graphics Remote Code Execution Vulnerability
Microsoft OfficeCVE-2021-38650Microsoft Office Spoofing Vulnerability
Microsoft OfficeCVE-2021-38659Microsoft Office Remote Code Execution Vulnerability
Microsoft Office AccessCVE-2021-38646Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
Microsoft Office ExcelCVE-2021-38655Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office ExcelCVE-2021-38660Microsoft Office Graphics Remote Code Execution Vulnerability
Microsoft Office SharePointCVE-2021-38651Microsoft SharePoint Server Spoofing Vulnerability
Microsoft Office SharePointCVE-2021-38652Microsoft SharePoint Server Spoofing Vulnerability
Microsoft Office VisioCVE-2021-38654Microsoft Office Visio Remote Code Execution Vulnerability
Microsoft Office VisioCVE-2021-38653Microsoft Office Visio Remote Code Execution Vulnerability
Microsoft Office WordCVE-2021-38656Microsoft Word Remote Code Execution Vulnerability
Microsoft Windows Codecs LibraryCVE-2021-38661HEVC Video Extensions Remote Code Execution Vulnerability
Microsoft Windows DNSCVE-2021-36968Windows DNS Elevation of Privilege Vulnerability
Visual StudioCVE-2021-36952Visual Studio Remote Code Execution Vulnerability
Visual StudioCVE-2021-26434Visual Studio Elevation of Privilege Vulnerability
Visual StudioCVE-2021-26437Visual Studio Code Spoofing Vulnerability
Windows Ancillary Function Driver for WinSockCVE-2021-38628Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Windows Ancillary Function Driver for WinSockCVE-2021-38638Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Windows AuthenticodeCVE-2021-36959Windows Authenticode Spoofing Vulnerability
Windows Bind Filter DriverCVE-2021-36954Windows Bind Filter Driver Elevation of Privilege Vulnerability
Windows BitLockerCVE-2021-38632BitLocker Security Feature Bypass Vulnerability
Windows Common Log File System DriverCVE-2021-38633Windows Common Log File System Driver Elevation of Privilege Vulnerability
Windows Common Log File System DriverCVE-2021-36963Windows Common Log File System Driver Elevation of Privilege Vulnerability
Windows Common Log File System DriverCVE-2021-36955Windows Common Log File System Driver Elevation of Privilege Vulnerability
Windows Event TracingCVE-2021-36964Windows Event Tracing Elevation of Privilege Vulnerability
Windows Event TracingCVE-2021-38630Windows Event Tracing Elevation of Privilege Vulnerability
Windows InstallerCVE-2021-36962Windows Installer Information Disclosure Vulnerability
Windows InstallerCVE-2021-36961Windows Installer Denial of Service Vulnerability
Windows KernelCVE-2021-38626Windows Kernel Elevation of Privilege Vulnerability
Windows KernelCVE-2021-38625Windows Kernel Elevation of Privilege Vulnerability
Windows Key Storage ProviderCVE-2021-38624Windows Key Storage Provider Security Feature Bypass Vulnerability
Windows MSHTML PlatformCVE-2021-40444Microsoft MSHTML Remote Code Execution Vulnerability
Windows Print Spooler ComponentsCVE-2021-38667Windows Print Spooler Elevation of Privilege Vulnerability
Windows Print Spooler ComponentsCVE-2021-38671Windows Print Spooler Elevation of Privilege Vulnerability
Windows Print Spooler ComponentsCVE-2021-40447Windows Print Spooler Elevation of Privilege Vulnerability
Windows Redirected Drive BufferingCVE-2021-36969Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability
Windows Redirected Drive BufferingCVE-2021-38635Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability
Windows Redirected Drive BufferingCVE-2021-36973Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability
Windows Redirected Drive BufferingCVE-2021-38636Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability
Windows ScriptingCVE-2021-26435Windows Scripting Engine Memory Corruption Vulnerability
Windows SMBCVE-2021-36960Windows SMB Information Disclosure Vulnerability
Windows SMBCVE-2021-36972Windows SMB Information Disclosure Vulnerability
Windows SMBCVE-2021-36974Windows SMB Elevation of Privilege Vulnerability
Windows StorageCVE-2021-38637Windows Storage Information Disclosure Vulnerability
Windows Subsystem for LinuxCVE-2021-36966Windows Subsystem for Linux Elevation of Privilege Vulnerability
Windows TDX.sysCVE-2021-38629Windows Ancillary Function Driver for WinSock Information Disclosure Vulnerability
Windows UpdateCVE-2021-38634Microsoft Windows Update Client Elevation of Privilege Vulnerability
Windows Win32KCVE-2021-38639Win32k Elevation of Privilege Vulnerability
Windows Win32KCVE-2021-36975Win32k Elevation of Privilege Vulnerability
Windows WLAN Auto Config ServiceCVE-2021-36965Windows WLAN AutoConfig Service Remote Code Execution Vulnerability
Windows WLAN ServiceCVE-2021-36967Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability

Más información:

https://rawcdn.githack.com/campuscodi/Microsoft-Patch-Tuesday-Security-Reports/b433082c2156fbeb6f7c7d2d2720f3ecbc207b83/Reports/MSRC_CVEs2021-Sep.html

Artículos Relacionados

Protege tus aplicaciones Web y API

Accede a una evaluación completamente funciona

La primera solución completa que cubre los errores de seguridad y fallas de la lógica empresarial en todo el SDLC
Ir al Demo
Alerta Temprana de Riesgos Cibernéticos
Reduce tu ventana de exposición al riesgo a las amenazas externas, mejorando la eficiencia en la detección y respuesta ante ciberamenazas.
Más Info
Endpoint - Panda Security
Endpoint Protection Platform, EDR y Servicios de 100% Atestación y Threat Hunting integrado
Más Info

Últimos Artículos

No dejes tu seguridad para después.

Si tienes alguna duda o pregunta con nuestros servicios, puedes comunicarte directamente con nosotros o completar el formulario, y nos pondremos en contacto contigo en breve.

Ubicación

Providencia, Santiago de Chile

Twitter

@Cronup_CyberSec

Linkedin

Cronup Ciberseguridad

CronUp Newsletter

Suscríbete a nuestro resumen semanal de noticias y alertas de seguridad para mantenerte actualizado sobre el panorama de amenazas en la región y el mundo.

* indicates required