Microsoft bu ay yayınladığı Patch Tuesday güncellemeleri ile 1 adet zero-day güvenlik açığı ve toplam 97 zafiyeti kapattı.
Bu ay yayınlanan güncellemerde düzeltilen 97 güvenlik açığından 7 tanesi kritik olarak olarak sınıflandırıdı.
Kapatılan zafiyetler aşağıdaki gibidir:
- 20 Elevation of Privilege Vulnerabilities
- 8 Security Feature Bypass Vulnerabilities
- 45 Remote Code Execution Vulnerabilities
- 10 Information Disclosure Vulnerabilities
- 9 Denial of Service Vulnerabilities
- 6 Spoofing Vulnerabilities
Bir adet zero-day kapatıldı
CVE-2023-28252 – Windows Common Log File System Driver Elevation of Privilege Vulnerability
Nisan 2023 Patch Tuesday Güvenlik Güncellemelerinin Tam Listesi
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| .NET Core | CVE-2023-28260 | .NET DLL Hijacking Remote Code Execution Vulnerability | Important |
| Azure Machine Learning | CVE-2023-28312 | Azure Machine Learning Information Disclosure Vulnerability | Important |
| Azure Service Connector | CVE-2023-28300 | Azure Service Connector Security Feature Bypass Vulnerability | Important |
| Microsoft Bluetooth Driver | CVE-2023-28227 | Windows Bluetooth Driver Remote Code Execution Vulnerability | Important |
| Microsoft Defender for Endpoint | CVE-2023-24860 | Microsoft Defender Denial of Service Vulnerability | Important |
| Microsoft Dynamics | CVE-2023-28314 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important |
| Microsoft Dynamics | CVE-2023-28309 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important |
| Microsoft Dynamics 365 Customer Voice | CVE-2023-28313 | Microsoft Dynamics 365 Customer Voice Cross-Site Scripting Vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2023-28284 | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | Moderate |
| Microsoft Edge (Chromium-based) | CVE-2023-1823 | Chromium: CVE-2023-1823 Inappropriate implementation in FedCM | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-28301 | Microsoft Edge (Chromium-based) Tampering Vulnerability | Low |
| Microsoft Edge (Chromium-based) | CVE-2023-1810 | Chromium: CVE-2023-1810 Heap buffer overflow in Visuals | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-24935 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | Low |
| Microsoft Edge (Chromium-based) | CVE-2023-1819 | Chromium: CVE-2023-1819 Out of bounds read in Accessibility | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-1818 | Chromium: CVE-2023-1818 Use after free in Vulkan | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-1814 | Chromium: CVE-2023-1814 Insufficient validation of untrusted input in Safe Browsing | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-1821 | Chromium: CVE-2023-1821 Inappropriate implementation in WebShare | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-1811 | Chromium: CVE-2023-1811 Use after free in Frames | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-1820 | Chromium: CVE-2023-1820 Heap buffer overflow in Browser History | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-1816 | Chromium: CVE-2023-1816 Incorrect security UI in Picture In Picture | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-1815 | Chromium: CVE-2023-1815 Use after free in Networking APIs | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-1822 | Chromium: CVE-2023-1822 Incorrect security UI in Navigation | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-1813 | Chromium: CVE-2023-1813 Inappropriate implementation in Extensions | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-1812 | Chromium: CVE-2023-1812 Out of bounds memory access in DOM Bindings | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-1817 | Chromium: CVE-2023-1817 Insufficient policy enforcement in Intents | Unknown |
| Microsoft Graphics Component | CVE-2023-24912 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
| Microsoft Message Queuing | CVE-2023-21769 | Microsoft Message Queuing Denial of Service Vulnerability | Important |
| Microsoft Message Queuing | CVE-2023-21554 | Microsoft Message Queuing Remote Code Execution Vulnerability | Critical |
| Microsoft Office | CVE-2023-28285 | Microsoft Office Graphics Remote Code Execution Vulnerability | Important |
| Microsoft Office Publisher | CVE-2023-28295 | Microsoft Publisher Remote Code Execution Vulnerability | Important |
| Microsoft Office Publisher | CVE-2023-28287 | Microsoft Publisher Remote Code Execution Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2023-28288 | Microsoft SharePoint Server Spoofing Vulnerability | Important |
| Microsoft Office Word | CVE-2023-28311 | Microsoft Word Remote Code Execution Vulnerability | Important |
| Microsoft PostScript Printer Driver | CVE-2023-28243 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
| Microsoft Printer Drivers | CVE-2023-24883 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Important |
| Microsoft Printer Drivers | CVE-2023-24927 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
| Microsoft Printer Drivers | CVE-2023-24925 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
| Microsoft Printer Drivers | CVE-2023-24924 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
| Microsoft Printer Drivers | CVE-2023-24885 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
| Microsoft Printer Drivers | CVE-2023-24928 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
| Microsoft Printer Drivers | CVE-2023-24884 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
| Microsoft Printer Drivers | CVE-2023-24926 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
| Microsoft Printer Drivers | CVE-2023-24929 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
| Microsoft Printer Drivers | CVE-2023-24887 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
| Microsoft Printer Drivers | CVE-2023-24886 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
| Microsoft WDAC OLE DB provider for SQL | CVE-2023-28275 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
| Microsoft Windows DNS | CVE-2023-28256 | Windows DNS Server Remote Code Execution Vulnerability | Important |
| Microsoft Windows DNS | CVE-2023-28278 | Windows DNS Server Remote Code Execution Vulnerability | Important |
| Microsoft Windows DNS | CVE-2023-28307 | Windows DNS Server Remote Code Execution Vulnerability | Important |
| Microsoft Windows DNS | CVE-2023-28306 | Windows DNS Server Remote Code Execution Vulnerability | Important |
| Microsoft Windows DNS | CVE-2023-28223 | Windows Domain Name Service Remote Code Execution Vulnerability | Important |
| Microsoft Windows DNS | CVE-2023-28254 | Windows DNS Server Remote Code Execution Vulnerability | Important |
| Microsoft Windows DNS | CVE-2023-28305 | Windows DNS Server Remote Code Execution Vulnerability | Important |
| Microsoft Windows DNS | CVE-2023-28308 | Windows DNS Server Remote Code Execution Vulnerability | Important |
| Microsoft Windows DNS | CVE-2023-28255 | Windows DNS Server Remote Code Execution Vulnerability | Important |
| Microsoft Windows DNS | CVE-2023-28277 | Windows DNS Server Information Disclosure Vulnerability | Important |
| SQL Server | CVE-2023-23384 | Microsoft SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2023-23375 | Microsoft ODBC and OLE DB Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2023-28304 | Microsoft ODBC and OLE DB Remote Code Execution Vulnerability | Important |
| Visual Studio | CVE-2023-28299 | Visual Studio Spoofing Vulnerability | Important |
| Visual Studio | CVE-2023-28262 | Visual Studio Elevation of Privilege Vulnerability | Important |
| Visual Studio | CVE-2023-28263 | Visual Studio Information Disclosure Vulnerability | Important |
| Visual Studio | CVE-2023-28296 | Visual Studio Remote Code Execution Vulnerability | Important |
| Visual Studio Code | CVE-2023-24893 | Visual Studio Code Remote Code Execution Vulnerability | Important |
| Windows Active Directory | CVE-2023-28302 | Microsoft Message Queuing Denial of Service Vulnerability | Important |
| Windows ALPC | CVE-2023-28236 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows ALPC | CVE-2023-28216 | Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability | Important |
| Windows Ancillary Function Driver for WinSock | CVE-2023-28218 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important |
| Windows Boot Manager | CVE-2023-28269 | Windows Boot Manager Security Feature Bypass Vulnerability | Important |
| Windows Boot Manager | CVE-2023-28249 | Windows Boot Manager Security Feature Bypass Vulnerability | Important |
| Windows Clip Service | CVE-2023-28273 | Windows Clip Service Elevation of Privilege Vulnerability | Important |
| Windows CNG Key Isolation Service | CVE-2023-28229 | Windows CNG Key Isolation Service Elevation of Privilege Vulnerability | Important |
| Windows Common Log File System Driver | CVE-2023-28266 | Windows Common Log File System Driver Information Disclosure Vulnerability | Important |
| Windows Common Log File System Driver | CVE-2023-28252 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important |
| Windows DHCP Server | CVE-2023-28231 | DHCP Server Service Remote Code Execution Vulnerability | Critical |
| Windows Enroll Engine | CVE-2023-28226 | Windows Enroll Engine Security Feature Bypass Vulnerability | Important |
| Windows Error Reporting | CVE-2023-28221 | Windows Error Reporting Service Elevation of Privilege Vulnerability | Important |
| Windows Group Policy | CVE-2023-28276 | Windows Group Policy Security Feature Bypass Vulnerability | Important |
| Windows Internet Key Exchange (IKE) Protocol | CVE-2023-28238 | Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability | Important |
| Windows Kerberos | CVE-2023-28244 | Windows Kerberos Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2023-28271 | Windows Kernel Memory Information Disclosure Vulnerability | Important |
| Windows Kernel | CVE-2023-28248 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2023-28222 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2023-28272 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2023-28293 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2023-28253 | Windows Kernel Information Disclosure Vulnerability | Important |
| Windows Kernel | CVE-2023-28237 | Windows Kernel Remote Code Execution Vulnerability | Important |
| Windows Kernel | CVE-2023-28298 | Windows Kernel Denial of Service Vulnerability | Important |
| Windows Layer 2 Tunneling Protocol | CVE-2023-28219 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | Critical |
| Windows Layer 2 Tunneling Protocol | CVE-2023-28220 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | Critical |
| Windows Lock Screen | CVE-2023-28270 | Windows Lock Screen Security Feature Bypass Vulnerability | Important |
| Windows Lock Screen | CVE-2023-28235 | Windows Lock Screen Security Feature Bypass Vulnerability | Important |
| Windows Netlogon | CVE-2023-28268 | Netlogon RPC Elevation of Privilege Vulnerability | Important |
| Windows Network Address Translation (NAT) | CVE-2023-28217 | Windows Network Address Translation (NAT) Denial of Service Vulnerability | Important |
| Windows Network File System | CVE-2023-28247 | Windows Network File System Information Disclosure Vulnerability | Important |
| Windows Network Load Balancing | CVE-2023-28240 | Windows Network Load Balancing Remote Code Execution Vulnerability | Important |
| Windows NTLM | CVE-2023-28225 | Windows NTLM Elevation of Privilege Vulnerability | Important |
| Windows PGM | CVE-2023-28250 | Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | Critical |
| Windows Point-to-Point Protocol over Ethernet (PPPoE) | CVE-2023-28224 | Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability | Important |
| Windows Point-to-Point Tunneling Protocol | CVE-2023-28232 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | Critical |
| Windows Raw Image Extension | CVE-2023-28291 | Raw Image Extension Remote Code Execution Vulnerability | Critical |
| Windows Raw Image Extension | CVE-2023-28292 | Raw Image Extension Remote Code Execution Vulnerability | Important |
| Windows RDP Client | CVE-2023-28228 | Windows Spoofing Vulnerability | Important |
| Windows RDP Client | CVE-2023-28267 | Remote Desktop Protocol Client Information Disclosure Vulnerability | Important |
| Windows Registry | CVE-2023-28246 | Windows Registry Elevation of Privilege Vulnerability | Important |
| Windows RPC API | CVE-2023-21729 | Remote Procedure Call Runtime Information Disclosure Vulnerability | Important |
| Windows RPC API | CVE-2023-21727 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important |
| Windows RPC API | CVE-2023-28297 | Windows Remote Procedure Call Service (RPCSS) Elevation of Privilege Vulnerability | Important |
| Windows Secure Channel | CVE-2023-24931 | Windows Secure Channel Denial of Service Vulnerability | Important |
| Windows Secure Channel | CVE-2023-28233 | Windows Secure Channel Denial of Service Vulnerability | Important |
| Windows Secure Socket Tunneling Protocol (SSTP) | CVE-2023-28241 | Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability | Important |
| Windows Transport Security Layer (TLS) | CVE-2023-28234 | Windows Secure Channel Denial of Service Vulnerability | Important |
| Windows Win32K | CVE-2023-28274 | Windows Win32k Elevation of Privilege Vulnerability | Important |
| Windows Win32K | CVE-2023-24914 | Win32k Elevation of Privilege Vulnerability | Important |
Kaynak: bleepingcomputer.com
