Haberler

Microsoft Aralık 2022 Patch Tuesday: 2 Zero-Day, 49 Zafiyet Kapatıldı

Mehmet Sait YILMAZ fotoğrafı Mehmet Sait YILMAZ Bir e-posta göndermek 13/12/2022
0 3 dakika okuma süresi

Microsoft bu ay yayınladığı Patch Tuesday güncellemeleri ile 2 adet zero-day güvenlik açığı ve toplam 49 zafiyeti kapattı.

Bu ay yayınlanan güncellemerde düzeltilen 48 güvenlik açığından 6’sı kritik olarak olarak sınıflandırıdı.

Kapatılan zafiyetler aşağıdaki gibidir:

  • 19 Elevation of Privilege Vulnerabilities
  • 2 Security Feature Bypass Vulnerabilities
  • 23 Remote Code Execution Vulnerabilities
  • 3 Information Disclosure Vulnerabilities
  • 3 Denial of Service Vulnerabilities
  • 1 Spoofing Vulnerability

İki zero-day kapatıldı

CVE-2022-44698 – Windows SmartScreen Security Feature Bypass Vulnerability

CVE-2022-44710 – DirectX Graphics Kernel Elevation of Privilege Vulnerability

Aralık 2022 Patch Tuesday Güvenlik Güncellemelerinin Tam Listesi

TagCVE IDCVE TitleSeverity
.NET FrameworkCVE-2022-41089.NET Framework Remote Code Execution VulnerabilityImportant
AzureCVE-2022-44699Azure Network Watcher Agent Security Feature Bypass VulnerabilityImportant
Client Server Run-time Subsystem (CSRSS)CVE-2022-44673Windows Client Server Run-Time Subsystem (CSRSS) Elevation of Privilege VulnerabilityImportant
Microsoft Bluetooth DriverCVE-2022-44675Windows Bluetooth Driver Elevation of Privilege VulnerabilityImportant
Microsoft Bluetooth DriverCVE-2022-44674Windows Bluetooth Driver Information Disclosure VulnerabilityImportant
Microsoft DynamicsCVE-2022-41127Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution VulnerabilityCritical
Microsoft Edge (Chromium-based)CVE-2022-4192Chromium: CVE-2022-4192 Use after free in Live CaptionUnknown
Microsoft Edge (Chromium-based)CVE-2022-4193Chromium: CVE-2022-4193 Insufficient policy enforcement in File System APIUnknown
Microsoft Edge (Chromium-based)CVE-2022-4190Chromium: CVE-2022-4190 Insufficient data validation in DirectoryUnknown
Microsoft Edge (Chromium-based)CVE-2022-4191Chromium: CVE-2022-4191 Use after free in Sign-InUnknown
Microsoft Edge (Chromium-based)CVE-2022-4194Chromium: CVE-2022-4194 Use after free in AccessibilityUnknown
Microsoft Edge (Chromium-based)CVE-2022-41115Microsoft Edge (Chromium-based) Update Elevation of Privilege VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2022-44688Microsoft Edge (Chromium-based) Spoofing VulnerabilityModerate
Microsoft Edge (Chromium-based)CVE-2022-4195Chromium: CVE-2022-4195 Insufficient policy enforcement in Safe BrowsingUnknown
Microsoft Edge (Chromium-based)CVE-2022-44708Microsoft Edge (Chromium-based) Elevation of Privilege VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2022-4181Chromium: CVE-2022-4181 Use after free in FormsUnknown
Microsoft Edge (Chromium-based)CVE-2022-4180Chromium: CVE-2022-4180 Use after free in MojoUnknown
Microsoft Edge (Chromium-based)CVE-2022-4174Chromium: CVE-2022-4174 Type Confusion in V8Unknown
Microsoft Edge (Chromium-based)CVE-2022-4182Chromium: CVE-2022-4182 Inappropriate implementation in Fenced FramesUnknown
Microsoft Edge (Chromium-based)CVE-2022-4179Chromium: CVE-2022-4179 Use after free in AudioUnknown
Microsoft Edge (Chromium-based)CVE-2022-4178Chromium: CVE-2022-4178 Use after free in MojoUnknown
Microsoft Edge (Chromium-based)CVE-2022-4175Chromium: CVE-2022-4175 Use after free in Camera CaptureUnknown
Microsoft Edge (Chromium-based)CVE-2022-4177Chromium: CVE-2022-4177 Use after free in ExtensionsUnknown
Microsoft Edge (Chromium-based)CVE-2022-4187Chromium: CVE-2022-4187 Insufficient policy enforcement in DevToolsUnknown
Microsoft Edge (Chromium-based)CVE-2022-4185Chromium: CVE-2022-4185 Inappropriate implementation in NavigationUnknown
Microsoft Edge (Chromium-based)CVE-2022-4188Chromium: CVE-2022-4188 Insufficient validation of untrusted input in CORSUnknown
Microsoft Edge (Chromium-based)CVE-2022-4189Chromium: CVE-2022-4189 Insufficient policy enforcement in DevToolsUnknown
Microsoft Edge (Chromium-based)CVE-2022-4186Chromium: CVE-2022-4186 Insufficient validation of untrusted input in DownloadsUnknown
Microsoft Edge (Chromium-based)CVE-2022-4183Chromium: CVE-2022-4183 Insufficient policy enforcement in Popup BlockerUnknown
Microsoft Edge (Chromium-based)CVE-2022-4184Chromium: CVE-2022-4184 Insufficient policy enforcement in AutofillUnknown
Microsoft Graphics ComponentCVE-2022-26805Microsoft Office Graphics Remote Code Execution VulnerabilityImportant
Microsoft Graphics ComponentCVE-2022-26804Microsoft Office Graphics Remote Code Execution VulnerabilityImportant
Microsoft Graphics ComponentCVE-2022-47213Microsoft Office Graphics Remote Code Execution VulnerabilityImportant
Microsoft Graphics ComponentCVE-2022-44697Windows Graphics Component Elevation of Privilege VulnerabilityModerate
Microsoft Graphics ComponentCVE-2022-41121Windows Graphics Component Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2022-44671Windows Graphics Component Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2022-47212Microsoft Office Graphics Remote Code Execution VulnerabilityImportant
Microsoft Graphics ComponentCVE-2022-26806Microsoft Office Graphics Remote Code Execution VulnerabilityImportant
Microsoft Graphics ComponentCVE-2022-47211Microsoft Office Graphics Remote Code Execution VulnerabilityImportant
Microsoft Graphics ComponentCVE-2022-41074Windows Graphics Component Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2022-44679Windows Graphics Component Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2022-44680Windows Graphics Component Elevation of Privilege VulnerabilityImportant
Microsoft OfficeCVE-2022-44692Microsoft Office Graphics Remote Code Execution VulnerabilityImportant
Microsoft Office OneNoteCVE-2022-44691Microsoft Office OneNote Remote Code Execution VulnerabilityImportant
Microsoft Office OutlookCVE-2022-24480Outlook for Android Elevation of Privilege VulnerabilityImportant
Microsoft Office OutlookCVE-2022-44713Microsoft Outlook for Mac Spoofing VulnerabilityImportant
Microsoft Office SharePointCVE-2022-44690Microsoft SharePoint Server Remote Code Execution VulnerabilityCritical
Microsoft Office SharePointCVE-2022-44693Microsoft SharePoint Server Remote Code Execution VulnerabilityCritical
Microsoft Office VisioCVE-2022-44696Microsoft Office Visio Remote Code Execution VulnerabilityImportant
Microsoft Office VisioCVE-2022-44695Microsoft Office Visio Remote Code Execution VulnerabilityImportant
Microsoft Office VisioCVE-2022-44694Microsoft Office Visio Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2022-44668Windows Media Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2022-44667Windows Media Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2022-44687Raw Image Extension Remote Code Execution VulnerabilityImportant
Role: Windows Hyper-VCVE-2022-41094Windows Hyper-V Elevation of Privilege VulnerabilityImportant
Role: Windows Hyper-VCVE-2022-44682Windows Hyper-V Denial of Service VulnerabilityImportant
SysInternalsCVE-2022-44704Microsoft Windows Sysmon Elevation of Privilege VulnerabilityImportant
Windows CertificatesADV220005Guidance on Microsoft Signed Drivers Being Used MaliciouslyNone
Windows ContactsCVE-2022-44666Windows Contacts Remote Code Execution VulnerabilityImportant
Windows DirectXCVE-2022-44710DirectX Graphics Kernel Elevation of Privilege VulnerabilityImportant
Windows Error ReportingCVE-2022-44669Windows Error Reporting Elevation of Privilege VulnerabilityImportant
Windows Fax Compose FormCVE-2022-41077Windows Fax Compose Form Elevation of Privilege VulnerabilityImportant
Windows HTTP Print ProviderCVE-2022-44678Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2022-44707Windows Kernel Denial of Service VulnerabilityImportant
Windows KernelCVE-2022-44683Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows PowerShellCVE-2022-41076PowerShell Remote Code Execution VulnerabilityCritical
Windows Print Spooler ComponentsCVE-2022-44681Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Projected File SystemCVE-2022-44677Windows Projected File System Elevation of Privilege VulnerabilityImportant
Windows Secure Socket Tunneling Protocol (SSTP)CVE-2022-44670Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution VulnerabilityCritical
Windows Secure Socket Tunneling Protocol (SSTP)CVE-2022-44676Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution VulnerabilityCritical
Windows SmartScreenCVE-2022-44698Windows SmartScreen Security Feature Bypass VulnerabilityModerate
Windows Subsystem for LinuxCVE-2022-44689Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege VulnerabilityImportant
Windows TerminalCVE-2022-44702Windows Terminal Remote Code Execution VulnerabilityImportant

Kaynak: bleepingcomputer.com

Mehmet Sait YILMAZ fotoğrafı Mehmet Sait YILMAZ Bir e-posta göndermek 13/12/2022
0 3 dakika okuma süresi
Mehmet Sait YILMAZ fotoğrafı

Mehmet Sait YILMAZ

İlgili Makaleler

Signal’den Büyük Adım! Windows ARM Cihazlarına Resmi Destek Geldi!

Signal’den Büyük Adım! Windows ARM Cihazlarına Resmi Destek Geldi

21/11/2024

Microsoft, Windows 10’da Uygulama Güncelleme Ve Kaldırmayla İlgili Sorunları Doğruladı!

21/11/2024
Chromium Güncellemesi, Chrome ve Edge'de Metin Seçim Sorunlarına Yol Açtı!

Chromium Güncellemesi, Chrome ve Edge’de Metin Seçim Sorunlarına Yol Açtı!

20/11/2024
Graykey İle Hangi iPhone ve Android Cihazları Kilidi Açılabiliyor? İşte Tüm Detaylar!

İPhone ve Android Cihazları Ne Kadar Güvenli? Grakey Sızıntısı Ortaya Çıktı!

20/11/2024

Bir yanıt yazın

E-posta adresiniz yayınlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir

Başa dön tuşu