{"id":208592,"date":"2023-07-24T15:53:46","date_gmt":"2023-07-24T15:53:46","guid":{"rendered":"https:\/\/www.ninjaone.com\/script-hub\/mitigar-cve-2023-36884-con-powershell\/"},"modified":"2024-03-14T15:51:23","modified_gmt":"2024-03-14T15:51:23","slug":"mitigar-cve-2023-36884-con-powershell","status":"publish","type":"script_hub","link":"https:\/\/www.ninjaone.com\/es\/script-hub\/mitigar-cve-2023-36884-con-powershell\/","title":{"rendered":"Vulnerabilidades de d\u00eda cero de Microsoft sin parchear: c\u00f3mo mitigar CVE-2023-36884 con PowerShell"},"content":{"rendered":"<p>[av_textblock size=\u00bb av-medium-font-size=\u00bb av-small-font-size=\u00bb av-mini-font-size=\u00bb font_color=\u00bb color=\u00bb id=\u00bb custom_class=\u00bb template_class=\u00bb av_uid=&#8217;av-lkh21if4&#8242; sc_version=&#8217;1.0&#8242; admin_preview_bg=\u00bb]<br \/>\nLas actualizaciones del Martes de parches de Microsoft de julio de 2023 han revelado una vulnerabilidad (\u00bfo m\u00e1s?) en explotaci\u00f3n activa que sigue sin estar parcheada. Esto es lo que necesitas saber sobre <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2023-36884\" target=\"_blank\" rel=\"noopener\">CVE-2023-36884<\/a>, una vulnerabilidad de d\u00eda cero que los atacantes est\u00e1n explotando para obtener la ejecuci\u00f3n remota de c\u00f3digo a trav\u00e9s de documentos de Microsoft Office \u00abespecialmente dise\u00f1ados\u00bb.<\/p>\n<h2>\u00bfQu\u00e9 es CVE-2023-36884?<\/h2>\n<p>Respuesta r\u00e1pida: <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-36884\" target=\"_blank\" rel=\"noopener\">Microsoft caracteriza al CVE-2023-36884<\/a> como una vulnerabilidad que permite la ejecuci\u00f3n remota de c\u00f3digo HTML de Office y Windows con una puntuaci\u00f3n CVSS base de 8.3.<\/p>\n<p>Respuesta m\u00e1s sustancial: \u00bfQu\u00e9 va a ocurrir?<\/p>\n<p>Por ahora, el aviso de la compa\u00f1\u00eda sugiere que Microsoft sigue investigando activamente, sin proporcionar mucha informaci\u00f3n m\u00e1s all\u00e1 de una descripci\u00f3n superficial. Afirma que la explotaci\u00f3n exitosa de la vulnerabilidad puede permitir a un atacante realizar la ejecuci\u00f3n remota de c\u00f3digo en el propio entorno de la v\u00edctima, y que esto simplemente requiere enga\u00f1ar a la v\u00edctima para que abra un documento de Microsoft Office especialmente dise\u00f1ado.<\/p>\n<p>Curiosamente, el aviso comienza afirmando que \u00abMicrosoft est\u00e1 investigando informes de una <strong>serie <\/strong>de vulnerabilidades de ejecuci\u00f3n remota de c\u00f3digo\u00bb (el \u00e9nfasis es m\u00edo), lo que ha llevado <a href=\"https:\/\/twitter.com\/wdormann\/status\/1678922526905233408?s=20\" target=\"_blank\" rel=\"noopener\">al experto en vulnerabilidades Will Dormann a teorizar<\/a> que \u00abel CVE-2023-36884 no es m\u00e1s que un indicador de posici\u00f3n para una actualizaci\u00f3n que aborda m\u00faltiples vulnerabilidades mediante un \u00fanico CVE, que podr\u00eda publicarse en alg\u00fan momento desconocido en el futuro\u00bb.<\/p>\n<p>Aunque el aviso en s\u00ed mismo carece de detalles, se enlaza con una <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/07\/11\/storm-0978-attacks-reveal-financial-and-espionage-motives\/\" target=\"_blank\" rel=\"noopener\">entrada de blog<\/a> que arroja m\u00e1s luz sobre c\u00f3mo lo descubri\u00f3 Microsoft.<\/p>\n<h2>Espionaje y ransomware: explotaci\u00f3n activa del CVE-2023-36884<\/h2>\n<p>En junio, <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/07\/11\/storm-0978-attacks-reveal-financial-and-espionage-motives\/\" target=\"_blank\" rel=\"noopener\">Microsoft identific\u00f3<\/a> una campa\u00f1a de phishing lanzada por un agente malicioso al que se refiere como Storm-0978. La campa\u00f1a iba dirigida a entidades gubernamentales y de defensa de Norteam\u00e9rica y Europa, con se\u00f1uelos relacionados con el Congreso Mundial de Ucrania. Los correos electr\u00f3nicos enviados como parte de la campa\u00f1a conten\u00edan enlaces a documentos de Word que abusaban del CVE-2023-36884 para instalar puertas traseras.<\/p>\n<p>Aunque estos objetivos y las actividades posteriores al ataque sugieren motivos de espionaje, Microsoft se\u00f1ala que, mientras se desarrollaba esta campa\u00f1a, tambi\u00e9n identific\u00f3 que Storm-0978 estaba llevando a cabo otros ataques de ransomware contra objetivos no relacionados, utilizando las mismas herramientas iniciales.<\/p>\n<p>Seg\u00fan Microsoft, la actividad de ransomware del agente agresor ha sido \u00aben gran medida de naturaleza oportunista y totalmente separada de los objetivos centrados en el espionaje\u00bb.<\/p>\n<p>ACTUALIZACI\u00d3N: BlackBerry ofrece un <a href=\"https:\/\/blogs.blackberry.com\/en\/2023\/07\/romcom-targets-ukraine-nato-membership-talks-at-nato-summit\" target=\"_blank\" rel=\"noopener\">desglose t\u00e9cnico a\u00fan m\u00e1s detallado de esta campa\u00f1a<\/a>.<\/p>\n<h2>\u00bfHay alg\u00fan parche disponible para CVE-2023-36884?<\/h2>\n<p>Por el momento, no.<\/p>\n<p>Microsoft ha comunicado que todav\u00eda est\u00e1 investigando activamente esta vulnerabilidad y que, una vez haya terminado, la empresa tomar\u00e1 \u00ablas medidas adecuadas para ayudar a proteger a los clientes. Esto podr\u00eda incluir proporcionar una actualizaci\u00f3n de seguridad a trav\u00e9s de nuestro proceso de lanzamiento mensual o proporcionar una actualizaci\u00f3n de seguridad fuera de ciclo, dependiendo de las necesidades del cliente\u00bb.<\/p>\n<h2>Recomendaciones para CVE-2023-36884<\/h2>\n<p><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-36884\" target=\"_blank\" rel=\"noopener\">Seg\u00fan Microsoft<\/a>, las empresas tienen tres formas de protegerse:<\/p>\n<ol>\n<li>Los clientes que utilizan Microsoft Defender para Office est\u00e1n protegidos de los archivos adjuntos que intentan aprovecharse de esta vulnerabilidad.<\/li>\n<li>En las cadenas de ataque actuales, el uso de la regla de reducci\u00f3n de superficie de ataque <a href=\"https:\/\/learn.microsoft.com\/en-us\/microsoft-365\/security\/defender-endpoint\/attack-surface-reduction-rules-reference?view=o365-worldwide#block-all-office-applications-from-creating-child-processes\" target=\"_blank\" rel=\"noopener\">Block all Office applications from creating child processes<\/a>\u00a0impedir\u00e1 que se explote la vulnerabilidad.<\/li>\n<li>Las organizaciones que no sean capaces de aplicar estas medidas de protecci\u00f3n, pueden a\u00f1adir los siguientes nombres de aplicaciones a esta clave de registro como valores del tipo REG_DWORD con datos 1.: ComputerHKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftInternet ExplorerMainFeatureControlFEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATION<\/li>\n<\/ol>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li>Excel.exe<\/li>\n<li>Graph.exe<\/li>\n<li>MSAccess.exe<\/li>\n<li>MSPub.exe<\/li>\n<li>PowerPoint.exe<\/li>\n<li>Visio.exe<\/li>\n<li>WinProj.exe<\/li>\n<li>WinWord.exe<\/li>\n<li>Wordpad.exe<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p style=\"padding-left: 40px;\"><strong>Nota: <\/strong> Microsoft advierte que, si bien estos ajustes del registro pueden mitigar la explotaci\u00f3n,\u00a0 tambi\u00e9n podr\u00edan afectar a la funcionalidad normal de determinados casos de uso relacionados con estas aplicaciones. Por lo tanto, es importante realizar pruebas antes de implementar los cambios de forma generalizada.<\/p>\n<h2>C\u00f3mo mitigar CVE-2023-36884\u00a0utilizando PowerShell<\/h2>\n<p>Para aquellos que est\u00e9n considerando poner en pr\u00e1ctica la tercera opci\u00f3n y hacer los cambios en el registro, nuestro Ingeniero de producto de software Kyle Bohlander ha creado el siguiente script que automatizar\u00e1 ese proceso. Al utilizar este script con Ninja (o el RMM de tu elecci\u00f3n), podr\u00e1s desplegar la mitigaci\u00f3n de forma remota y a escala.<\/p>\n<p><strong>Nota:<\/strong> Este script no est\u00e1 limitado \u00fanicamente a los usuarios de NinjaOne. Cualquiera puede utilizarlo. Sin embargo, como aconseja Microsoft, esta correcci\u00f3n debe desplegarse en m\u00e1quinas de prueba antes de proceder a una implementaci\u00f3n m\u00e1s amplia. Como siempre, si decides ejecutarlo es bajo tu propia responsabilidad.<\/p>\n<p><strong>Requisitos del dispositivo: <\/strong> Funciona en sistemas Windows 7 y Windows Server 2008 en adelante.<\/p>\n<p><strong>Si necesitas revertir:<\/strong> La configuraci\u00f3n de la clave del registro puede deshacerse con el par\u00e1metro -Undo, o aplicarse a productos espec\u00edficos de Office mediante el par\u00e1metro -OfficeProducts.<\/p>\n<p><a href=\"https:\/\/go.ninjaone.com\/l\/652283\/2023-07-13\/4dhscy\/652283\/1689270503D3a9HKAS\/CVE_2023_36844.ps1\" target=\"_blank\" rel=\"noopener\">Descarga el script aqu\u00ed<\/a>.<br \/>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\">&lt;#\r\n.SYNOPSIS\r\n    This script will set the registry keys required to remediate CVE-2023-36884. Please note that these keys may effect regular functionality of Microsoft Office Products. \r\n    These changes can be undone with the -Undo parameter or applied only to specific office products using the -OfficeProducts parameter.\r\n.DESCRIPTION\r\n    This script will set the registry keys required to remediate CVE-2023-36884. Please note that these keys may effect regular functionality of Microsoft Office Products. \r\n    These changes can be undone with the -Undo parameter or applied only to specific office products using the -OfficeProducts parameter.\r\n.EXAMPLE\r\n    (No Parameters)\r\n    \r\n    Visio was selected for remediation.\r\n    Set Registry::HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftInternet ExplorerMainFeatureControlFEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATIONVisio.exe to 1\r\n    Success!\r\n    Word was selected for remediation.\r\n    Set Registry::HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftInternet ExplorerMainFeatureControlFEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATIONWinWord.exe to 1\r\n    Success!\r\n    Wordpad was selected for remediation.\r\n    Set Registry::HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftInternet ExplorerMainFeatureControlFEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATIONWordpad.exe to 1\r\n    Success!\r\n    Project was selected for remediation.\r\n    Set Registry::HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftInternet ExplorerMainFeatureControlFEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATIONWinProj.exe to 1\r\n    Success!\r\n    PowerPoint was selected for remediation.\r\n    Set Registry::HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftInternet ExplorerMainFeatureControlFEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATIONPowerPoint.exe to 1\r\n    Success!\r\n    Excel was selected for remediation.\r\n    Set Registry::HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftInternet ExplorerMainFeatureControlFEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATIONExcel.exe to 1\r\n    Success!\r\n    Publisher was selected for remediation.\r\n    Set Registry::HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftInternet ExplorerMainFeatureControlFEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATIONMsPub.exe to 1\r\n    Success!\r\n    Graph was selected for remediation.\r\n    Set Registry::HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftInternet ExplorerMainFeatureControlFEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATIONGraph.exe to 1\r\n    Success!\r\n    Access was selected for remediation.\r\n    Set Registry::HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftInternet ExplorerMainFeatureControlFEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATIONMSAccess.exe to 1\r\n    Success!\r\n\u200b\r\nPARAMETER: -Undo\r\n    Remove's the registry keys used for this fix (if they're set at all).\r\n.EXAMPLE\r\n    -Undo\r\n    \r\n    Visio was selected for remediation.\r\n    Succesfully removed registry key!\r\n    Word was selected for remediation.\r\n    Succesfully removed registry key!\r\n    Wordpad was selected for remediation.\r\n    Succesfully removed registry key!\r\n    Project was selected for remediation.\r\n    Succesfully removed registry key!\r\n    PowerPoint was selected for remediation.\r\n    Succesfully removed registry key!\r\n    Excel was selected for remediation.\r\n    Succesfully removed registry key!\r\n    Publisher was selected for remediation.\r\n    Succesfully removed registry key!\r\n    Graph was selected for remediation.\r\n    Succesfully removed registry key!\r\n    Access was selected for remediation.\r\n    Succesfully removed registry key!\r\n\u200b\r\nPARAMETER: -OfficeProducts \"Excel,Word\"\r\n    Set's the registry key for only those products. Can be given an individual product or a comma seperated list. Can also be used in combination with the -Undo parameter Ex. \"Publisher\" or \"Word,Excel,Access\"\r\n.EXAMPLE\r\n    -OfficeProducts \"Excel,Word\"\r\n    \r\n    Word was selected for remediation.\r\n    Set Registry::HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftInternet ExplorerMainFeatureControlFEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATIONWinWord.exe to 1\r\n    Success!\r\n    Excel was selected for remediation.\r\n    Set Registry::HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftInternet ExplorerMainFeatureControlFEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATIONExcel.exe to 1\r\n    Success!\r\n\u200b\r\n.OUTPUTS\r\n    None\r\n.NOTES\r\n    General notes\r\n#&gt;\r\n[CmdletBinding()]\r\nparam (\r\n    [Parameter()]\r\n    [String]$OfficeProducts = \"All\",\r\n    [Parameter()]\r\n    [Switch]$Undo\r\n)\r\n\u200b\r\nbegin {\r\n\u200b\r\n    # Test's if the script is running in an elevated fashion (required for HKLM edits)\r\n    function Test-IsElevated {\r\n        $id = [System.Security.Principal.WindowsIdentity]::GetCurrent()\r\n        $p = New-Object System.Security.Principal.WindowsPrincipal($id)\r\n        $p.IsInRole([System.Security.Principal.WindowsBuiltInRole]::Administrator)\r\n    }\r\n\u200b\r\n    # This is just to make setting regkey's easier\r\n    function Set-RegKey {\r\n        param (\r\n            $Path,\r\n            $Name,\r\n            $Value,\r\n            [ValidateSet(\"DWord\", \"QWord\", \"String\", \"ExpandedString\", \"Binary\", \"MultiString\", \"Unknown\")]\r\n            $PropertyType = \"DWord\"\r\n        )\r\n        if (-not $(Test-Path -Path $Path)) {\r\n            # Check if path does not exist and create the path\r\n            New-Item -Path $Path -Force | Out-Null\r\n        }\r\n        if ((Get-ItemProperty -Path $Path -Name $Name -ErrorAction SilentlyContinue)) {\r\n            # Update property and print out what it was changed from and changed to\r\n            $CurrentValue = (Get-ItemProperty -Path $Path -Name $Name -ErrorAction SilentlyContinue).$Name\r\n            try {\r\n                Set-ItemProperty -Path $Path -Name $Name -Value $Value -Force -Confirm:$false -ErrorAction Stop | Out-Null\r\n            }\r\n            catch {\r\n                Write-Error \"[Error] Unable to Set registry key for $Name please see below error!\"\r\n                Write-Error $_\r\n                exit 1\r\n            }\r\n            Write-Host \"$Path$Name changed from $CurrentValue to $($(Get-ItemProperty -Path $Path -Name $Name -ErrorAction SilentlyContinue).$Name)\"\r\n        }\r\n        else {\r\n            # Create property with value\r\n            try {\r\n                New-ItemProperty -Path $Path -Name $Name -Value $Value -PropertyType $PropertyType -Force -Confirm:$false -ErrorAction Stop | Out-Null\r\n            }\r\n            catch {\r\n                Write-Error \"[Error] Unable to Set registry key for $Name please see below error!\"\r\n                Write-Error $_\r\n                exit 1\r\n            }\r\n            Write-Host \"Set $Path$Name to $($(Get-ItemProperty -Path $Path -Name $Name -ErrorAction SilentlyContinue).$Name)\"\r\n        }\r\n    }\r\n\u200b\r\n    # All the microsoft office products with their corresponding dword value\r\n    $RemediationValues = @{ \"Excel\" = \"Excel.exe\"; \"Graph\" = \"Graph.exe\"; \"Access\" = \"MSAccess.exe\"; \"Publisher\" = \"MsPub.exe\"; \"PowerPoint\" = \"PowerPnt.exe\"; \"OldPowerPoint\" = \"PowerPoint.exe\" ; \"Visio\" = \"Visio.exe\"; \"Project\" = \"WinProj.exe\"; \"Word\" = \"WinWord.exe\"; \"Wordpad\" = \"Wordpad.exe\" }\r\n}\r\nprocess {\r\n\u200b\r\n    # Error out when not elevated\r\n    if (-not (Test-IsElevated)) {\r\n        Write-Error -Message \"Access Denied. Please run with Administrator privileges.\"\r\n        exit 1\r\n    }\r\n\u200b\r\n    # If they have a smaller selection we'll want to filter our remediation list\r\n    if ($OfficeProducts -notlike \"All\") {\r\n        $OfficeProducts = $OfficeProducts.split(',') | ForEach-Object { $_.Trim() }\r\n        $RemediationTargets = $RemediationValues.GetEnumerator() | ForEach-Object { $_ | Where-Object { $OfficeProducts -match $_.Key } }\r\n    }\r\n    else {\r\n        $RemediationTargets = $RemediationValues.GetEnumerator()\r\n    }\r\n\u200b\r\n    # Path to all the registry keys\r\n    $Path = \"Registry::HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftInternet ExplorerMainFeatureControlFEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATION\"\r\n\u200b\r\n    # We'll want to display an error if we don't have anything to do\r\n    if ($RemediationTargets) { \r\n\u200b\r\n        # For Each product we're targeting we'll set the regkey. The Set-RegKey function already checks if it was succesful and will display an error and exit if it fails\r\n        $RemediationTargets | ForEach-Object { \r\n            Write-Host \"$($_.Name) was selected for remediation.\"\r\n            if (-not $Undo) {\r\n                Set-RegKey -Path $Path -Name $_.Value -Value 1\r\n                Write-Host \"Success!\"\r\n            }\r\n            else {\r\n                # If you only applied it to certain products this will error so instead we'll hide the errors and check afterwards if the registry key is there.\r\n                Remove-ItemProperty -Path $Path -Name $_.Value -ErrorAction SilentlyContinue | Out-Null\r\n                if (Get-ItemProperty -Path $Path -Name $_.Value -ErrorAction SilentlyContinue) {\r\n                    Write-Error \"[Error] Unable to undo registry key $($_.Value)!\"\r\n                    exit 1\r\n                }\r\n                else {\r\n                    Write-Host \"Succesfully removed registry key!\"\r\n                }\r\n            }\r\n        }\r\n\u200b\r\n        Write-Warning \"A reboot may be required.\"\r\n        exit 0\r\n    }\r\n    else {\r\n        Write-Host $RemediationTargets\r\n        Write-Warning \"No products were selected! The valid value's for -OfficeProducts is listed below you can also use a comma seperated list or simply put 'All'.\"\r\n        $RemediationValues | Sort-Object Name | Format-Table | Out-String | Write-Host\r\n        Write-Error \"ERROR: Nothing to do!\"\r\n        exit 1\r\n    }\r\n}<\/pre>\n<p>&nbsp;<\/p>\n<br \/>\n[\/av_textblock]<\/p>\n<blockquote><p><img decoding=\"async\" class=\"alignleft size-thumbnail wp-image-162511\" src=\"https:\/\/www.ninjaone.com\/wp-content\/uploads\/2024\/02\/kyle-bohlander-80x80-1.png\" alt=\"\" width=\"80\" height=\"80\" \/>Autor del script: <strong>Kyle Bohlander, Ingeniero de productos de software de NinjaOne<\/strong><\/p><\/blockquote>\n<p>&nbsp;<\/p>\n","protected":false},"author":28,"featured_media":140563,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"","_relevanssi_noindex_reason":"","_lmt_disableupdate":"no","_lmt_disable":""},"operating_system":[4212],"use_cases":[4262],"class_list":["post-208592","script_hub","type-script_hub","status-publish","has-post-thumbnail","hentry","script_hub_category-windows","use_cases-mantenimiento"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.ninjaone.com\/es\/wp-json\/wp\/v2\/script_hub\/208592","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ninjaone.com\/es\/wp-json\/wp\/v2\/script_hub"}],"about":[{"href":"https:\/\/www.ninjaone.com\/es\/wp-json\/wp\/v2\/types\/script_hub"}],"author":[{"embeddable":true,"href":"https:\/\/www.ninjaone.com\/es\/wp-json\/wp\/v2\/users\/28"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ninjaone.com\/es\/wp-json\/wp\/v2\/comments?post=208592"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.ninjaone.com\/es\/wp-json\/wp\/v2\/media\/140563"}],"wp:attachment":[{"href":"https:\/\/www.ninjaone.com\/es\/wp-json\/wp\/v2\/media?parent=208592"}],"wp:term":[{"taxonomy":"script_hub_category","embeddable":true,"href":"https:\/\/www.ninjaone.com\/es\/wp-json\/wp\/v2\/operating_system?post=208592"},{"taxonomy":"use_cases","embeddable":true,"href":"https:\/\/www.ninjaone.com\/es\/wp-json\/wp\/v2\/use_cases?post=208592"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}