Blog

Microsoft lanza una nueva actualización que mitiga más de 96 fallas de seguridad importantes ¡Parchea Ahora!

Microsoft lanzo este martes su primera serie de actualizaciones para 2022, Mitigando consigo 96 vulnerabilidades, 9 han sido calificadas como «Críticas» y 89 como «Importantes» en cuanto a gravedad, con 6 vulnerabilidades de día cero conocidas públicamente en el momento de esta publicación. Esto se suma a las otras 29 fallas ya parcheadas en Microsoft Edge el 6 de enero de 2022. Ninguno de los fallos revelados aparece como objeto de ataque (al menos por ahora).

La principal falla de gravedad es la CVE-2022-21907 (cuya puntuación CVSS 9.8/10), una vulnerabilidad de ejecución remota de código que tiene su origen en la pila de protocolos HTTP. «En la mayoría de las situaciones, un atacante no autenticado podría enviar un paquete especialmente diseñado a un servidor objetivo utilizando la pila de protocolos HTTP (http.sys) para procesar paquetes», señaló Microsoft en su aviso.

Microsoft también mitigo 6 vulnerabilidades de día zero, las cuales 2 son una integración de correcciones de terceros relativas a las bibliotecas de código abierto curl y libarchive.

  • CVE-2021-22947 (CVSS score: N/A) – Open-Source curl Remote Code Execution Vulnerability
  • CVE-2021-36976 (CVSS score: N/A) – Open-source libarchive Remote Code Execution Vulnerability
  • CVE-2022-21836 (CVSS score: 7.8) – Windows Certificate Spoofing Vulnerability
  • CVE-2022-21839 (CVSS score: 6.1) – Windows Event Tracing Discretionary Access Control List Denial of Service Vulnerability
  • CVE-2022-21874 (CVSS score: 7.8) – Windows Security Center API Remote Code Execution Vulnerability
  • CVE-2022-21919 (CVSS score: 7.0) – Windows User Profile Service Elevation of Privilege Vulnerability

Tabla de servicios y aplicativos ya disponibles para su actualización:

AplicativoCVE IDTitulo del CVE
.NET FrameworkCVE-2022-21911.NET Framework Denial of Service Vulnerability
Microsoft DynamicsCVE-2022-21932Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability
Microsoft DynamicsCVE-2022-21891Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability
Microsoft Edge (Chromium-based)CVE-2022-0105Chromium: CVE-2022-0105 Use after free in PDF
Microsoft Edge (Chromium-based)CVE-2022-0102Chromium: CVE-2022-0102 Type Confusion in V8
Microsoft Edge (Chromium-based)CVE-2022-0104Chromium: CVE-2022-0104 Heap buffer overflow in ANGLE
Microsoft Edge (Chromium-based)CVE-2022-0101Chromium: CVE-2022-0101 Heap buffer overflow in Bookmarks
Microsoft Edge (Chromium-based)CVE-2022-0103Chromium: CVE-2022-0103 Use after free in SwiftShader
Microsoft Edge (Chromium-based)CVE-2022-0109Chromium: CVE-2022-0109 Inappropriate implementation in Autofill
Microsoft Edge (Chromium-based)CVE-2022-0110Chromium: CVE-2022-0110 Incorrect security UI in Autofill
Microsoft Edge (Chromium-based)CVE-2022-0108Chromium: CVE-2022-0108 Inappropriate implementation in Navigation
Microsoft Edge (Chromium-based)CVE-2022-0106Chromium: CVE-2022-0106 Use after free in Autofill
Microsoft Edge (Chromium-based)CVE-2022-0107Chromium: CVE-2022-0107 Use after free in File Manager API
Microsoft Edge (Chromium-based)CVE-2022-21954Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Microsoft Edge (Chromium-based)CVE-2022-21970Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Microsoft Edge (Chromium-based)CVE-2022-21931Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Microsoft Edge (Chromium-based)CVE-2022-21929Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Microsoft Edge (Chromium-based)CVE-2022-21930Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Microsoft Edge (Chromium-based)CVE-2022-0099Chromium: CVE-2022-0099 Use after free in Sign-in
Microsoft Edge (Chromium-based)CVE-2022-0100Chromium: CVE-2022-0100 Heap buffer overflow in Media streams API
Microsoft Edge (Chromium-based)CVE-2022-0098Chromium: CVE-2022-0098 Use after free in Screen Capture
Microsoft Edge (Chromium-based)CVE-2022-0096Chromium: CVE-2022-0096 Use after free in Storage
Microsoft Edge (Chromium-based)CVE-2022-0097Chromium: CVE-2022-0097 Inappropriate implementation in DevTools
Microsoft Edge (Chromium-based)CVE-2022-0116Chromium: CVE-2022-0116 Inappropriate implementation in Compositing
Microsoft Edge (Chromium-based)CVE-2022-0117Chromium: CVE-2022-0117 Policy bypass in Service Workers
Microsoft Edge (Chromium-based)CVE-2022-0115Chromium: CVE-2022-0115 Uninitialized Use in File API
Microsoft Edge (Chromium-based)CVE-2022-0113Chromium: CVE-2022-0113 Inappropriate implementation in Blink
Microsoft Edge (Chromium-based)CVE-2022-0114Chromium: CVE-2022-0114 Out of bounds memory access in Web Serial
Microsoft Edge (Chromium-based)CVE-2022-0118Chromium: CVE-2022-0118 Inappropriate implementation in WebShare
Microsoft Edge (Chromium-based)CVE-2022-0111Chromium: CVE-2022-0111 Inappropriate implementation in Navigation
Microsoft Edge (Chromium-based)CVE-2022-0112Chromium: CVE-2022-0112 Incorrect security UI in Browser UI
Microsoft Edge (Chromium-based)CVE-2022-0120Chromium: CVE-2022-0120 Inappropriate implementation in Passwords
Microsoft Exchange ServerCVE-2022-21969Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange ServerCVE-2022-21846Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange ServerCVE-2022-21855Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Graphics ComponentCVE-2022-21904Windows GDI Information Disclosure Vulnerability
Microsoft Graphics ComponentCVE-2022-21903Windows GDI Elevation of Privilege Vulnerability
Microsoft Graphics ComponentCVE-2022-21915Windows GDI+ Information Disclosure Vulnerability
Microsoft Graphics ComponentCVE-2022-21880Windows GDI+ Information Disclosure Vulnerability
Microsoft OfficeCVE-2022-21840Microsoft Office Remote Code Execution Vulnerability
Microsoft Office ExcelCVE-2022-21841Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office SharePointCVE-2022-21837Microsoft SharePoint Server Remote Code Execution Vulnerability
Microsoft Office WordCVE-2022-21842Microsoft Word Remote Code Execution Vulnerability
Microsoft Windows Codecs LibraryCVE-2022-21917HEVC Video Extensions Remote Code Execution Vulnerability
Open Source SoftwareCVE-2021-22947Open Source Curl Remote Code Execution Vulnerability
Role: Windows Hyper-VCVE-2022-21901Windows Hyper-V Elevation of Privilege Vulnerability
Role: Windows Hyper-VCVE-2022-21900Windows Hyper-V Security Feature Bypass Vulnerability
Role: Windows Hyper-VCVE-2022-21905Windows Hyper-V Security Feature Bypass Vulnerability
Role: Windows Hyper-VCVE-2022-21847Windows Hyper-V Denial of Service Vulnerability
Tablet Windows User InterfaceCVE-2022-21870Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability
Windows Account ControlCVE-2022-21859Windows Accounts Control Elevation of Privilege Vulnerability
Windows Active DirectoryCVE-2022-21857Active Directory Domain Services Elevation of Privilege Vulnerability
Windows AppContracts API ServerCVE-2022-21860Windows AppContracts API Server Elevation of Privilege Vulnerability
Windows Application ModelCVE-2022-21862Windows Application Model Core API Elevation of Privilege Vulnerability
Windows BackupKey Remote ProtocolCVE-2022-21925Windows BackupKey Remote Protocol Security Feature Bypass Vulnerability
Windows Bind Filter DriverCVE-2022-21858Windows Bind Filter Driver Elevation of Privilege Vulnerability
Windows CertificatesCVE-2022-21836Windows Certificate Spoofing Vulnerability
Windows Cleanup ManagerCVE-2022-21838Windows Cleanup Manager Elevation of Privilege Vulnerability
Windows Clipboard User ServiceCVE-2022-21869Clipboard User Service Elevation of Privilege Vulnerability
Windows Cluster Port DriverCVE-2022-21910Microsoft Cluster Port Driver Elevation of Privilege Vulnerability
Windows Common Log File System DriverCVE-2022-21897Windows Common Log File System Driver Elevation of Privilege Vulnerability
Windows Common Log File System DriverCVE-2022-21916Windows Common Log File System Driver Elevation of Privilege Vulnerability
Windows Connected Devices Platform ServiceCVE-2022-21865Connected Devices Platform Service Elevation of Privilege Vulnerability
Windows Cryptographic ServicesCVE-2022-21835Microsoft Cryptographic Services Elevation of Privilege Vulnerability
Windows DefenderCVE-2022-21921Windows Defender Credential Guard Security Feature Bypass Vulnerability
Windows DefenderCVE-2022-21906Windows Defender Application Control Security Feature Bypass Vulnerability
Windows Devices Human InterfaceCVE-2022-21868Windows Devices Human Interface Elevation of Privilege Vulnerability
Windows Diagnostic HubCVE-2022-21871Microsoft Diagnostics Hub Standard Collector Runtime Elevation of Privilege Vulnerability
Windows DirectXCVE-2022-21898DirectX Graphics Kernel Remote Code Execution Vulnerability
Windows DirectXCVE-2022-21918DirectX Graphics Kernel File Denial of Service Vulnerability
Windows DirectXCVE-2022-21912DirectX Graphics Kernel Remote Code Execution Vulnerability
Windows DWM Core LibraryCVE-2022-21852Windows DWM Core Library Elevation of Privilege Vulnerability
Windows DWM Core LibraryCVE-2022-21902Windows DWM Core Library Elevation of Privilege Vulnerability
Windows DWM Core LibraryCVE-2022-21896Windows DWM Core Library Elevation of Privilege Vulnerability
Windows Event TracingCVE-2022-21872Windows Event Tracing Elevation of Privilege Vulnerability
Windows Event TracingCVE-2022-21839Windows Event Tracing Discretionary Access Control List Denial of Service Vulnerability
Windows Geolocation ServiceCVE-2022-21878Windows Geolocation Service Remote Code Execution Vulnerability
Windows HTTP Protocol StackCVE-2022-21907HTTP Protocol Stack Remote Code Execution Vulnerability
Windows IKE ExtensionCVE-2022-21843Windows IKE Extension Denial of Service Vulnerability
Windows IKE ExtensionCVE-2022-21890Windows IKE Extension Denial of Service Vulnerability
Windows IKE ExtensionCVE-2022-21883Windows IKE Extension Denial of Service Vulnerability
Windows IKE ExtensionCVE-2022-21889Windows IKE Extension Denial of Service Vulnerability
Windows IKE ExtensionCVE-2022-21848Windows IKE Extension Denial of Service Vulnerability
Windows IKE ExtensionCVE-2022-21849Windows IKE Extension Remote Code Execution Vulnerability
Windows InstallerCVE-2022-21908Windows Installer Elevation of Privilege Vulnerability
Windows KerberosCVE-2022-21920Windows Kerberos Elevation of Privilege Vulnerability
Windows KernelCVE-2022-21881Windows Kernel Elevation of Privilege Vulnerability
Windows KernelCVE-2022-21879Windows Kernel Elevation of Privilege Vulnerability
Windows LibarchiveCVE-2021-36976Libarchive Remote Code Execution Vulnerability
Windows Local Security AuthorityCVE-2022-21913Local Security Authority (Domain Policy) Remote Protocol Security Feature Bypass
Windows Local Security Authority Subsystem ServiceCVE-2022-21884Local Security Authority Subsystem Service Elevation of Privilege Vulnerability
Windows Modern Execution ServerCVE-2022-21888Windows Modern Execution Server Remote Code Execution Vulnerability
Windows Push NotificationsCVE-2022-21867Windows Push Notifications Apps Elevation Of Privilege Vulnerability
Windows RDPCVE-2022-21851Remote Desktop Client Remote Code Execution Vulnerability
Windows RDPCVE-2022-21850Remote Desktop Client Remote Code Execution Vulnerability
Windows RDPCVE-2022-21893Remote Desktop Protocol Remote Code Execution Vulnerability
Windows Remote Access Connection ManagerCVE-2022-21914Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
Windows Remote Access Connection ManagerCVE-2022-21885Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
Windows Remote DesktopCVE-2022-21964Remote Desktop Licensing Diagnoser Information Disclosure Vulnerability
Windows Remote Procedure Call RuntimeCVE-2022-21922Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows Resilient File System (ReFS)CVE-2022-21961Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
Windows Resilient File System (ReFS)CVE-2022-21959Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
Windows Resilient File System (ReFS)CVE-2022-21958Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
Windows Resilient File System (ReFS)CVE-2022-21960Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
Windows Resilient File System (ReFS)CVE-2022-21963Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
Windows Resilient File System (ReFS)CVE-2022-21892Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
Windows Resilient File System (ReFS)CVE-2022-21962Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
Windows Resilient File System (ReFS)CVE-2022-21928Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
Windows Secure BootCVE-2022-21894Secure Boot Security Feature Bypass Vulnerability
Windows Security CenterCVE-2022-21874Windows Security Center API Remote Code Execution Vulnerability
Windows StateRepository APICVE-2022-21863Windows StateRepository API Server file Elevation of Privilege Vulnerability
Windows StorageCVE-2022-21875Windows Storage Elevation of Privilege Vulnerability
Windows Storage Spaces ControllerCVE-2022-21877Storage Spaces Controller Information Disclosure Vulnerability
Windows System LauncherCVE-2022-21866Windows System Launcher Elevation of Privilege Vulnerability
Windows Task Flow Data EngineCVE-2022-21861Task Flow Data Engine Elevation of Privilege Vulnerability
Windows Tile Data RepositoryCVE-2022-21873Tile Data Repository Elevation of Privilege Vulnerability
Windows UEFICVE-2022-21899Windows Extensible Firmware Interface Security Feature Bypass Vulnerability
Windows UI Immersive ServerCVE-2022-21864Windows UI Immersive Server API Elevation of Privilege Vulnerability
Windows User Profile ServiceCVE-2022-21895Windows User Profile Service Elevation of Privilege Vulnerability
Windows User Profile ServiceCVE-2022-21919Windows User Profile Service Elevation of Privilege Vulnerability
Windows User-mode Driver FrameworkCVE-2022-21834Windows User-mode Driver Framework Reflector Driver Elevation of Privilege Vulnerability
Windows Virtual Machine IDE DriveCVE-2022-21833Virtual Machine IDE Drive Elevation of Privilege Vulnerability
Windows Win32KCVE-2022-21882Win32k Elevation of Privilege Vulnerability
Windows Win32KCVE-2022-21876Win32k Information Disclosure Vulnerability
Windows Win32KCVE-2022-21887Win32k Elevation of Privilege Vulnerability
Windows Workstation Service Remote ProtocolCVE-2022-21924Workstation Service Remote Protocol Security Feature Bypass Vulnerability

Artículos Relacionados

Protege tus aplicaciones Web y API

Accede a una evaluación completamente funciona

La primera solución completa que cubre los errores de seguridad y fallas de la lógica empresarial en todo el SDLC
Ir al Demo
Alterta Temprana de Riesgos
Reduce tu ventana de exposición al riesgo a las amenazas externas, mejorando la eficiencia en la detección y respuesta ante ciberamenazas.
Más Info
Protección de Dominios - Sendmarc
Evita y protege activamente los dominios de tu organización contra los ataques de suplantación de identidad y phishing
Más Info
Endpoint - Panda Security
Endpoint Protection Platform, EDR y Servicios de 100% Atestación y Threat Hunting integrado
Más Info

Últimos Artículos

Hablemos

Si tienes alguna duda o pregunta con nuestros servicios, puedes comunicarte directamente con nosotros o completar el formulario, y nos pondremos en contacto contigo en breve.

Email

contacto@cronup.com

Ubicación

Providencia, Santiago de Chile

Twitter

@Cronup_CyberSec

Linkedin

Cronup Ciberseguridad

CronUp Newsletter

Suscríbete a nuestro resumen semanal de noticias y alertas de seguridad para mantenerte actualizado sobre el panorama de amenazas en la región y el mundo.

* indicates required