El día martes 9 de noviembre, Microsoft ha lanzado sus nuevos parches de seguridad del mes de noviembre, donde vienen a corregir 6 vulnerabilidades de categoría Zero-day y un total de 55 fallas de seguridad. Las vulnerabilidades más explotadas de manera activa en el último tiempo son para Microsoft Exchange y Microsoft Excel.
A continuación se indica el número total de cada tipo de vulnerabilidades lanzadas por Microsoft:
- 20 vulnerabilidades de elevación de privilegios.
- 2 vulnerabilidades de elusión de funciones de seguridad.
- 15 vulnerabilidades de ejecución remota de código.
- 10 vulnerabilidades de divulgación de información.
- 3 Vulnerabilidades de denegación de servicio.
- 4 Vulnerabilidades de suplantación de identidad.
Recomendados a todos los Sysadmins y Administradores de Sistemas, el tomar en cuenta las actualizaciones siguientes e implementarlas en sus dependencias lo más pronto posible.
Tabla de vulnerabilidades corrigidas en la actualización de Octubre 2021:
Servicios | CVE ID | Nombre del CVE | Importancia |
---|---|---|---|
3D Viewer | CVE-2021-43209 | 3D Viewer Remote Code Execution Vulnerability | Important |
3D Viewer | CVE-2021-43208 | 3D Viewer Remote Code Execution Vulnerability | Important |
Azure | CVE-2021-41373 | FSLogix Information Disclosure Vulnerability | Important |
Azure RTOS | CVE-2021-42303 | Azure RTOS Elevation of Privilege Vulnerability | Important |
Azure RTOS | CVE-2021-42302 | Azure RTOS Elevation of Privilege Vulnerability | Important |
Azure RTOS | CVE-2021-42301 | Azure RTOS Information Disclosure Vulnerability | Important |
Azure RTOS | CVE-2021-42323 | Azure RTOS Information Disclosure Vulnerability | Important |
Azure RTOS | CVE-2021-26444 | Azure RTOS Information Disclosure Vulnerability | Important |
Azure RTOS | CVE-2021-42304 | Azure RTOS Elevation of Privilege Vulnerability | Important |
Azure Sphere | CVE-2021-41374 | Azure Sphere Information Disclosure Vulnerability | Important |
Azure Sphere | CVE-2021-41376 | Azure Sphere Information Disclosure Vulnerability | Important |
Azure Sphere | CVE-2021-42300 | Azure Sphere Tampering Vulnerability | Important |
Azure Sphere | CVE-2021-41375 | Azure Sphere Information Disclosure Vulnerability | Important |
Microsoft Dynamics | CVE-2021-42316 | Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability | Critical |
Microsoft Edge (Chromium-based) in IE Mode | CVE-2021-41351 | Microsoft Edge (Chrome based) Spoofing on IE Mode | Important |
Microsoft Exchange Server | CVE-2021-42305 | Microsoft Exchange Server Spoofing Vulnerability | Important |
Microsoft Exchange Server | CVE-2021-41349 | Microsoft Exchange Server Spoofing Vulnerability | Important |
Microsoft Exchange Server | CVE-2021-42321 | Microsoft Exchange Server Remote Code Execution Vulnerability | Important |
Microsoft Office Access | CVE-2021-41368 | Microsoft Access Remote Code Execution Vulnerability | Important |
Microsoft Office Excel | CVE-2021-40442 | Microsoft Excel Remote Code Execution Vulnerability | Important |
Microsoft Office Excel | CVE-2021-42292 | Microsoft Excel Security Feature Bypass Vulnerability | Important |
Microsoft Office Word | CVE-2021-42296 | Microsoft Word Remote Code Execution Vulnerability | Important |
Microsoft Windows | CVE-2021-41356 | Windows Denial of Service Vulnerability | Important |
Microsoft Windows Codecs Library | CVE-2021-42276 | Microsoft Windows Media Foundation Remote Code Execution Vulnerability | Important |
Power BI | CVE-2021-41372 | Power BI Report Server Spoofing Vulnerability | Important |
Role: Windows Hyper-V | CVE-2021-42284 | Windows Hyper-V Denial of Service Vulnerability | Important |
Role: Windows Hyper-V | CVE-2021-42274 | Windows Hyper-V Discrete Device Assignment (DDA) Denial of Service Vulnerability | Important |
Visual Studio | CVE-2021-3711 | OpenSSL: CVE-2021-3711 SM2 Decryption Buffer Overflow | Critical |
Visual Studio | CVE-2021-42319 | Visual Studio Elevation of Privilege Vulnerability | Important |
Visual Studio Code | CVE-2021-42322 | Visual Studio Code Elevation of Privilege Vulnerability | Important |
Windows Active Directory | CVE-2021-42278 | Active Directory Domain Services Elevation of Privilege Vulnerability | Important |
Windows Active Directory | CVE-2021-42291 | Active Directory Domain Services Elevation of Privilege Vulnerability | Important |
Windows Active Directory | CVE-2021-42287 | Active Directory Domain Services Elevation of Privilege Vulnerability | Important |
Windows Active Directory | CVE-2021-42282 | Active Directory Domain Services Elevation of Privilege Vulnerability | Important |
Windows COM | CVE-2021-42275 | Microsoft COM for Windows Remote Code Execution Vulnerability | Important |
Windows Core Shell | CVE-2021-42286 | Windows Core Shell SI Host Extension Framework for Composable Shell Elevation of Privilege Vulnerability | Important |
Windows Cred SSProvider Protocol | CVE-2021-41366 | Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability | Important |
Windows Defender | CVE-2021-42298 | Microsoft Defender Remote Code Execution Vulnerability | Critical |
Windows Desktop Bridge | CVE-2021-36957 | Windows Desktop Bridge Elevation of Privilege Vulnerability | Important |
Windows Diagnostic Hub | CVE-2021-42277 | Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability | Important |
Windows Fastfat Driver | CVE-2021-41377 | Windows Fast FAT File System Driver Elevation of Privilege Vulnerability | Important |
Windows Feedback Hub | CVE-2021-42280 | Windows Feedback Hub Elevation of Privilege Vulnerability | Important |
Windows Hello | CVE-2021-42288 | Windows Hello Security Feature Bypass Vulnerability | Important |
Windows Installer | CVE-2021-41379 | Windows Installer Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2021-42285 | Windows Kernel Elevation of Privilege Vulnerability | Important |
Windows NTFS | CVE-2021-42283 | NTFS Elevation of Privilege Vulnerability | Important |
Windows NTFS | CVE-2021-41370 | NTFS Elevation of Privilege Vulnerability | Important |
Windows NTFS | CVE-2021-41378 | Windows NTFS Remote Code Execution Vulnerability | Important |
Windows NTFS | CVE-2021-41367 | NTFS Elevation of Privilege Vulnerability | Important |
Windows RDP | CVE-2021-38665 | Remote Desktop Protocol Client Information Disclosure Vulnerability | Important |
Windows RDP | CVE-2021-38631 | Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability | Important |
Windows RDP | CVE-2021-38666 | Remote Desktop Client Remote Code Execution Vulnerability | Critical |
Windows RDP | CVE-2021-41371 | Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability | Important |
Windows Scripting | CVE-2021-42279 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical |
Windows Virtual Machine Bus | CVE-2021-26443 | Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability | Critical |
Más Información

Alerta Temprana de Riesgos Cibernéticos (ATRc®)
Attack Surface Management
Cyber Threat Intelligence