Haberler

Microsoft Kasım Patch Tuesday: 6 Zero-day 55 Zafiyet Kapatıldı

Microsoft bu ay yayınladığı Patch Tuesday yamaları ile altı sıfırıncı gün güvenlik açığı ve toplam 55 zafiyeti kapattı. Aktif olarak yararlanılan güvenlik açıkları, Tianfu korsanlık yarışmasının bir parçası olarak kullanılan Microsoft Exchange ve Excel zafiyetlerinide içeriyor.

Microsoft, bu güncellemeler ile altısı kritik ve 49’u önemli olarak sınıflandırılan 55 güvenlik açığını düzeltti. Zafiyetlerin türleri aşağıdaki gibidir:

  • 20 Elevation of Privilege vulnerabilities
  • 2 Security Feature Bypass vulnerabilities
  • 15 Remote Code Execution vulnerabilities
  • 10 Information Disclosure vulnerabilities
  • 3 Denial of Service vulnerabilities
  • 4 Spoofing vulnerabilities

Altı sıfır gün düzeltildi, ikisi aktif olarak kullanıldı

Kasım Salı Yaması, ikisi Microsoft Exchange ve Microsoft Excel’e için altı sıfır gün güvenlik açığı için düzeltmeler içeriyor. Bu ay düzeltilen aktif ve olarak yararlanılan güvenlik açıkları şunlardır:

  • CVE-2021-42292 – Microsoft Excel Security Feature Bypass Vulnerability
  • CVE-2021-42321 – Microsoft Exchange Server Remote Code Execution Vulnerability

Microsoft ayrıca, saldırılarda yararlanıldığı bilinmeyen, genel olarak açıklanan diğer dört güvenlik açığını da düzeltti.

  • CVE-2021-38631 – Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
  • CVE-2021-41371 – Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
  • CVE-2021-43208 – 3D Viewer Remote Code Execution Vulnerability
  • CVE-2021-43209 – 3D Viewer Remote Code Execution Vulnerability

Yayınlanan tüm liste aşağıdaki gibi:

TagCVE IDCVE TitleSeverity
3D ViewerCVE-2021-432093D Viewer Remote Code Execution VulnerabilityImportant
3D ViewerCVE-2021-432083D Viewer Remote Code Execution VulnerabilityImportant
AzureCVE-2021-41373FSLogix Information Disclosure VulnerabilityImportant
Azure RTOSCVE-2021-42303Azure RTOS Elevation of Privilege VulnerabilityImportant
Azure RTOSCVE-2021-42302Azure RTOS Elevation of Privilege VulnerabilityImportant
Azure RTOSCVE-2021-42301Azure RTOS Information Disclosure VulnerabilityImportant
Azure RTOSCVE-2021-42323Azure RTOS Information Disclosure VulnerabilityImportant
Azure RTOSCVE-2021-26444Azure RTOS Information Disclosure VulnerabilityImportant
Azure RTOSCVE-2021-42304Azure RTOS Elevation of Privilege VulnerabilityImportant
Azure SphereCVE-2021-41374Azure Sphere Information Disclosure VulnerabilityImportant
Azure SphereCVE-2021-41376Azure Sphere Information Disclosure VulnerabilityImportant
Azure SphereCVE-2021-42300Azure Sphere Tampering VulnerabilityImportant
Azure SphereCVE-2021-41375Azure Sphere Information Disclosure VulnerabilityImportant
Microsoft DynamicsCVE-2021-42316Microsoft Dynamics 365 (on-premises) Remote Code Execution VulnerabilityCritical
Microsoft Edge (Chromium-based) in IE ModeCVE-2021-41351Microsoft Edge (Chrome based) Spoofing on IE ModeImportant
Microsoft Exchange ServerCVE-2021-42305Microsoft Exchange Server Spoofing VulnerabilityImportant
Microsoft Exchange ServerCVE-2021-41349Microsoft Exchange Server Spoofing VulnerabilityImportant
Microsoft Exchange ServerCVE-2021-42321Microsoft Exchange Server Remote Code Execution VulnerabilityImportant
Microsoft Office AccessCVE-2021-41368Microsoft Access Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2021-40442Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2021-42292Microsoft Excel Security Feature Bypass VulnerabilityImportant
Microsoft Office WordCVE-2021-42296Microsoft Word Remote Code Execution VulnerabilityImportant
Microsoft WindowsCVE-2021-41356Windows Denial of Service VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2021-42276Microsoft Windows Media Foundation Remote Code Execution VulnerabilityImportant
Power BICVE-2021-41372Power BI Report Server Spoofing VulnerabilityImportant
Role: Windows Hyper-VCVE-2021-42284Windows Hyper-V Denial of Service VulnerabilityImportant
Role: Windows Hyper-VCVE-2021-42274Windows Hyper-V Discrete Device Assignment (DDA) Denial of Service VulnerabilityImportant
Visual StudioCVE-2021-3711OpenSSL: CVE-2021-3711 SM2 Decryption Buffer OverflowCritical
Visual StudioCVE-2021-42319Visual Studio Elevation of Privilege VulnerabilityImportant
Visual Studio CodeCVE-2021-42322Visual Studio Code Elevation of Privilege VulnerabilityImportant
Windows Active DirectoryCVE-2021-42278Active Directory Domain Services Elevation of Privilege VulnerabilityImportant
Windows Active DirectoryCVE-2021-42291Active Directory Domain Services Elevation of Privilege VulnerabilityImportant
Windows Active DirectoryCVE-2021-42287Active Directory Domain Services Elevation of Privilege VulnerabilityImportant
Windows Active DirectoryCVE-2021-42282Active Directory Domain Services Elevation of Privilege VulnerabilityImportant
Windows COMCVE-2021-42275Microsoft COM for Windows Remote Code Execution VulnerabilityImportant
Windows Core ShellCVE-2021-42286Windows Core Shell SI Host Extension Framework for Composable Shell Elevation of Privilege VulnerabilityImportant
Windows Cred SSProvider ProtocolCVE-2021-41366Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege VulnerabilityImportant
Windows DefenderCVE-2021-42298Microsoft Defender Remote Code Execution VulnerabilityCritical
Windows Desktop BridgeCVE-2021-36957Windows Desktop Bridge Elevation of Privilege VulnerabilityImportant
Windows Diagnostic HubCVE-2021-42277Diagnostics Hub Standard Collector Elevation of Privilege VulnerabilityImportant
Windows Fastfat DriverCVE-2021-41377Windows Fast FAT File System Driver Elevation of Privilege VulnerabilityImportant
Windows Feedback HubCVE-2021-42280Windows Feedback Hub Elevation of Privilege VulnerabilityImportant
Windows HelloCVE-2021-42288Windows Hello Security Feature Bypass VulnerabilityImportant
Windows InstallerCVE-2021-41379Windows Installer Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2021-42285Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows NTFSCVE-2021-42283NTFS Elevation of Privilege VulnerabilityImportant
Windows NTFSCVE-2021-41370NTFS Elevation of Privilege VulnerabilityImportant
Windows NTFSCVE-2021-41378Windows NTFS Remote Code Execution VulnerabilityImportant
Windows NTFSCVE-2021-41367NTFS Elevation of Privilege VulnerabilityImportant
Windows RDPCVE-2021-38665Remote Desktop Protocol Client Information Disclosure VulnerabilityImportant
Windows RDPCVE-2021-38631Windows Remote Desktop Protocol (RDP) Information Disclosure VulnerabilityImportant
Windows RDPCVE-2021-38666Remote Desktop Client Remote Code Execution VulnerabilityCritical
Windows RDPCVE-2021-41371Windows Remote Desktop Protocol (RDP) Information Disclosure VulnerabilityImportant
Windows ScriptingCVE-2021-42279Chakra Scripting Engine Memory Corruption VulnerabilityCritical
Windows Virtual Machine BusCVE-2021-26443Microsoft Virtual Machine Bus (VMBus) Remote Code Execution VulnerabilityCritical

Kaynak: bleepingcomputer.com

İlgili Makaleler

Bir yanıt yazın

E-posta adresiniz yayınlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir

Başa dön tuşu