El día martes 14 de Septiembre del presente año, Microsoft ha puesto a disposición los parches de seguridad correspondientes al mes. 86 vulnerabilidades fueron solucionadas. La lista de fallas ya corregidas por la empresa, incluye vulnerabilidades relacionadas al navegador Chromium (Microsoft Edge), servicios Azure, Microsoft Office y finalmente, la famosa vulnerabilidad CVE-2021-40444 (Microsoft MSHTML Remote Code Execution Vulnerability).
Se recomienda a todos los administradores de sistemas, implementar los parches de seguridad lo más pronto posible.
A continuación se adjunta un listado de los parches de seguridad, realizado por Catalin Cimpanu (Reportero de Ciberseguridad en TheRecord_Media).
Tag | CVE ID | Titulo de los CVE |
---|---|---|
Azure Open Management Infrastructure | CVE-2021-38648 | Open Management Infrastructure Elevation of Privilege Vulnerability |
Azure Open Management Infrastructure | CVE-2021-38645 | Open Management Infrastructure Elevation of Privilege Vulnerability |
Azure Open Management Infrastructure | CVE-2021-38647 | Open Management Infrastructure Remote Code Execution Vulnerability |
Azure Open Management Infrastructure | CVE-2021-38649 | Open Management Infrastructure Elevation of Privilege Vulnerability |
Azure Sphere | CVE-2021-36956 | Azure Sphere Information Disclosure Vulnerability |
Dynamics Business Central Control | CVE-2021-40440 | Microsoft Dynamics Business Central Cross-site Scripting Vulnerability |
Microsoft Accessibility Insights for Android | CVE-2021-40448 | Microsoft Accessibility Insights for Android Information Disclosure Vulnerability |
Microsoft Edge (Chromium-based) | CVE-2021-30606 | Chromium: CVE-2021-30606 Use after free in Blink |
Microsoft Edge (Chromium-based) | CVE-2021-30609 | Chromium: CVE-2021-30609 Use after free in Sign-In |
Microsoft Edge (Chromium-based) | CVE-2021-30608 | Chromium: CVE-2021-30608 Use after free in Web Share |
Microsoft Edge (Chromium-based) | CVE-2021-30607 | Chromium: CVE-2021-30607 Use after free in Permissions |
Microsoft Edge (Chromium-based) | CVE-2021-38641 | Microsoft Edge for Android Spoofing Vulnerability |
Microsoft Edge (Chromium-based) | CVE-2021-38642 | Microsoft Edge for iOS Spoofing Vulnerability |
Microsoft Edge (Chromium-based) | CVE-2021-38669 | Microsoft Edge (Chromium-based) Tampering Vulnerability |
Microsoft Edge (Chromium-based) | CVE-2021-36930 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability |
Microsoft Edge (Chromium-based) | CVE-2021-30632 | Chromium: CVE-2021-30632 Out of bounds write in V8 |
Microsoft Edge (Chromium-based) | CVE-2021-30610 | Chromium: CVE-2021-30610 Use after free in Extensions API |
Microsoft Edge (Chromium-based) | CVE-2021-30620 | Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink |
Microsoft Edge (Chromium-based) | CVE-2021-30619 | Chromium: CVE-2021-30619 UI Spoofing in Autofill |
Microsoft Edge (Chromium-based) | CVE-2021-30618 | Chromium: CVE-2021-30618 Inappropriate implementation in DevTools |
Microsoft Edge (Chromium-based) | CVE-2021-30621 | Chromium: CVE-2021-30621 UI Spoofing in Autofill |
Microsoft Edge (Chromium-based) | CVE-2021-30624 | Chromium: CVE-2021-30624 Use after free in Autofill |
Microsoft Edge (Chromium-based) | CVE-2021-30623 | Chromium: CVE-2021-30623 Use after free in Bookmarks |
Microsoft Edge (Chromium-based) | CVE-2021-30622 | Chromium: CVE-2021-30622 Use after free in WebApp Installs |
Microsoft Edge (Chromium-based) | CVE-2021-30613 | Chromium: CVE-2021-30613 Use after free in Base internals |
Microsoft Edge (Chromium-based) | CVE-2021-30612 | Chromium: CVE-2021-30612 Use after free in WebRTC |
Microsoft Edge (Chromium-based) | CVE-2021-30611 | Chromium: CVE-2021-30611 Use after free in WebRTC |
Microsoft Edge (Chromium-based) | CVE-2021-30614 | Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip |
Microsoft Edge (Chromium-based) | CVE-2021-30617 | Chromium: CVE-2021-30617 Policy bypass in Blink |
Microsoft Edge (Chromium-based) | CVE-2021-30616 | Chromium: CVE-2021-30616 Use after free in Media |
Microsoft Edge (Chromium-based) | CVE-2021-30615 | Chromium: CVE-2021-30615 Cross-origin data leak in Navigation |
Microsoft Edge (Chromium-based) | CVE-2021-26436 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability |
Microsoft Edge for Android | CVE-2021-26439 | Microsoft Edge for Android Information Disclosure Vulnerability |
Microsoft MPEG-2 Video Extension | CVE-2021-38644 | Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability |
Microsoft Office | CVE-2021-38657 | Microsoft Office Graphics Component Information Disclosure Vulnerability |
Microsoft Office | CVE-2021-38658 | Microsoft Office Graphics Remote Code Execution Vulnerability |
Microsoft Office | CVE-2021-38650 | Microsoft Office Spoofing Vulnerability |
Microsoft Office | CVE-2021-38659 | Microsoft Office Remote Code Execution Vulnerability |
Microsoft Office Access | CVE-2021-38646 | Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability |
Microsoft Office Excel | CVE-2021-38655 | Microsoft Excel Remote Code Execution Vulnerability |
Microsoft Office Excel | CVE-2021-38660 | Microsoft Office Graphics Remote Code Execution Vulnerability |
Microsoft Office SharePoint | CVE-2021-38651 | Microsoft SharePoint Server Spoofing Vulnerability |
Microsoft Office SharePoint | CVE-2021-38652 | Microsoft SharePoint Server Spoofing Vulnerability |
Microsoft Office Visio | CVE-2021-38654 | Microsoft Office Visio Remote Code Execution Vulnerability |
Microsoft Office Visio | CVE-2021-38653 | Microsoft Office Visio Remote Code Execution Vulnerability |
Microsoft Office Word | CVE-2021-38656 | Microsoft Word Remote Code Execution Vulnerability |
Microsoft Windows Codecs Library | CVE-2021-38661 | HEVC Video Extensions Remote Code Execution Vulnerability |
Microsoft Windows DNS | CVE-2021-36968 | Windows DNS Elevation of Privilege Vulnerability |
Visual Studio | CVE-2021-36952 | Visual Studio Remote Code Execution Vulnerability |
Visual Studio | CVE-2021-26434 | Visual Studio Elevation of Privilege Vulnerability |
Visual Studio | CVE-2021-26437 | Visual Studio Code Spoofing Vulnerability |
Windows Ancillary Function Driver for WinSock | CVE-2021-38628 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
Windows Ancillary Function Driver for WinSock | CVE-2021-38638 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
Windows Authenticode | CVE-2021-36959 | Windows Authenticode Spoofing Vulnerability |
Windows Bind Filter Driver | CVE-2021-36954 | Windows Bind Filter Driver Elevation of Privilege Vulnerability |
Windows BitLocker | CVE-2021-38632 | BitLocker Security Feature Bypass Vulnerability |
Windows Common Log File System Driver | CVE-2021-38633 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
Windows Common Log File System Driver | CVE-2021-36963 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
Windows Common Log File System Driver | CVE-2021-36955 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
Windows Event Tracing | CVE-2021-36964 | Windows Event Tracing Elevation of Privilege Vulnerability |
Windows Event Tracing | CVE-2021-38630 | Windows Event Tracing Elevation of Privilege Vulnerability |
Windows Installer | CVE-2021-36962 | Windows Installer Information Disclosure Vulnerability |
Windows Installer | CVE-2021-36961 | Windows Installer Denial of Service Vulnerability |
Windows Kernel | CVE-2021-38626 | Windows Kernel Elevation of Privilege Vulnerability |
Windows Kernel | CVE-2021-38625 | Windows Kernel Elevation of Privilege Vulnerability |
Windows Key Storage Provider | CVE-2021-38624 | Windows Key Storage Provider Security Feature Bypass Vulnerability |
Windows MSHTML Platform | CVE-2021-40444 | Microsoft MSHTML Remote Code Execution Vulnerability |
Windows Print Spooler Components | CVE-2021-38667 | Windows Print Spooler Elevation of Privilege Vulnerability |
Windows Print Spooler Components | CVE-2021-38671 | Windows Print Spooler Elevation of Privilege Vulnerability |
Windows Print Spooler Components | CVE-2021-40447 | Windows Print Spooler Elevation of Privilege Vulnerability |
Windows Redirected Drive Buffering | CVE-2021-36969 | Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability |
Windows Redirected Drive Buffering | CVE-2021-38635 | Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability |
Windows Redirected Drive Buffering | CVE-2021-36973 | Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability |
Windows Redirected Drive Buffering | CVE-2021-38636 | Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability |
Windows Scripting | CVE-2021-26435 | Windows Scripting Engine Memory Corruption Vulnerability |
Windows SMB | CVE-2021-36960 | Windows SMB Information Disclosure Vulnerability |
Windows SMB | CVE-2021-36972 | Windows SMB Information Disclosure Vulnerability |
Windows SMB | CVE-2021-36974 | Windows SMB Elevation of Privilege Vulnerability |
Windows Storage | CVE-2021-38637 | Windows Storage Information Disclosure Vulnerability |
Windows Subsystem for Linux | CVE-2021-36966 | Windows Subsystem for Linux Elevation of Privilege Vulnerability |
Windows TDX.sys | CVE-2021-38629 | Windows Ancillary Function Driver for WinSock Information Disclosure Vulnerability |
Windows Update | CVE-2021-38634 | Microsoft Windows Update Client Elevation of Privilege Vulnerability |
Windows Win32K | CVE-2021-38639 | Win32k Elevation of Privilege Vulnerability |
Windows Win32K | CVE-2021-36975 | Win32k Elevation of Privilege Vulnerability |
Windows WLAN Auto Config Service | CVE-2021-36965 | Windows WLAN AutoConfig Service Remote Code Execution Vulnerability |
Windows WLAN Service | CVE-2021-36967 | Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability |
Más información:

Alerta Temprana de Riesgos Cibernéticos (ATRc®)
Attack Surface Management
Cyber Threat Intelligence