Haberler

Microsoft Aralık 2023 Patch Tuesday: 1 Zero-Day, 34 Zafiyet Kapatıldı

Microsoft bu ay yayınladığı Patch Tuesday güncellemeleri ile 1 adet zero-day güvenlik açığı ve toplam 34 zafiyeti kapattı.

Bu ay yayınlanan güncellemerle 34 güvenlik açığından 3 tanesi kritik olarak listelendi ve 8 RCE zafiyeti kapatıldı.

Kapatılan zafiyetler aşağıdaki gibidir

  • 10 Elevation of Privilege Vulnerabilities
  • 8 Remote Code Execution Vulnerabilities
  • 6 Information Disclosure Vulnerabilities
  • 5 Denial of Service Vulnerabilities
  • 5 Spoofing Vulnerabilities

Aktif olarak kullanılan zero-day

  • CVE-2023-20588 – AMD: CVE-2023-20588 AMD Speculative Leak

Aralık 2023 Patch Tuesday Güvenlik Güncellemelerinin Tam Listesi

TagCVE IDCVE TitleSeverity
Azure Connected Machine AgentCVE-2023-35624Azure Connected Machine Agent Elevation of Privilege VulnerabilityImportant
Azure Machine LearningCVE-2023-35625Azure Machine Learning Compute Instance for SDK Users Information Disclosure VulnerabilityImportant
ChipsetsCVE-2023-20588AMD: CVE-2023-20588 AMD Speculative Leaks Security NoticeImportant
Microsoft Bluetooth DriverCVE-2023-35634Windows Bluetooth Driver Remote Code Execution VulnerabilityImportant
Microsoft DynamicsCVE-2023-35621Microsoft Dynamics 365 Finance and Operations Denial of Service VulnerabilityImportant
Microsoft DynamicsCVE-2023-36020Microsoft Dynamics 365 (on-premises) Cross-site Scripting VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2023-35618Microsoft Edge (Chromium-based) Elevation of Privilege VulnerabilityModerate
Microsoft Edge (Chromium-based)CVE-2023-36880Microsoft Edge (Chromium-based) Information Disclosure VulnerabilityLow
Microsoft Edge (Chromium-based)CVE-2023-38174Microsoft Edge (Chromium-based) Information Disclosure VulnerabilityLow
Microsoft Edge (Chromium-based)CVE-2023-6509Chromium: CVE-2023-6509 Use after free in Side Panel SearchUnknown
Microsoft Edge (Chromium-based)CVE-2023-6512Chromium: CVE-2023-6512 Inappropriate implementation in Web Browser UIUnknown
Microsoft Edge (Chromium-based)CVE-2023-6508Chromium: CVE-2023-6508 Use after free in Media StreamUnknown
Microsoft Edge (Chromium-based)CVE-2023-6511Chromium: CVE-2023-6511 Inappropriate implementation in AutofillUnknown
Microsoft Edge (Chromium-based)CVE-2023-6510Chromium: CVE-2023-6510 Use after free in Media CaptureUnknown
Microsoft Office OutlookCVE-2023-35636Microsoft Outlook Information Disclosure VulnerabilityImportant
Microsoft Office OutlookCVE-2023-35619Microsoft Outlook for Mac Spoofing VulnerabilityImportant
Microsoft Office WordCVE-2023-36009Microsoft Word Information Disclosure VulnerabilityImportant
Microsoft Power Platform ConnectorCVE-2023-36019Microsoft Power Platform Connector Spoofing VulnerabilityCritical
Microsoft WDAC OLE DB provider for SQLCVE-2023-36006Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution VulnerabilityImportant
Microsoft Windows DNSCVE-2023-35622Windows DNS Spoofing VulnerabilityImportant
Windows Cloud Files Mini Filter DriverCVE-2023-36696Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityImportant
Windows DefenderCVE-2023-36010Microsoft Defender Denial of Service VulnerabilityImportant
Windows DHCP ServerCVE-2023-35643DHCP Server Service Information Disclosure VulnerabilityImportant
Windows DHCP ServerCVE-2023-35638DHCP Server Service Denial of Service VulnerabilityImportant
Windows DHCP ServerCVE-2023-36012DHCP Server Service Information Disclosure VulnerabilityImportant
Windows DPAPI (Data Protection Application Programming Interface)CVE-2023-36004Windows DPAPI (Data Protection Application Programming Interface) Spoofing VulnerabilityImportant
Windows Internet Connection Sharing (ICS)CVE-2023-35642Internet Connection Sharing (ICS) Denial of Service VulnerabilityImportant
Windows Internet Connection Sharing (ICS)CVE-2023-35630Internet Connection Sharing (ICS) Remote Code Execution VulnerabilityCritical
Windows Internet Connection Sharing (ICS)CVE-2023-35632Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityImportant
Windows Internet Connection Sharing (ICS)CVE-2023-35641Internet Connection Sharing (ICS) Remote Code Execution VulnerabilityCritical
Windows KernelCVE-2023-35633Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2023-35635Windows Kernel Denial of Service VulnerabilityImportant
Windows Kernel-Mode DriversCVE-2023-35644Windows Sysmain Service Elevation of PrivilegeImportant
Windows Local Security Authority Subsystem Service (LSASS)CVE-2023-36391Local Security Authority Subsystem Service Elevation of Privilege VulnerabilityImportant
Windows MediaCVE-2023-21740Windows Media Remote Code Execution VulnerabilityImportant
Windows MSHTML PlatformCVE-2023-35628Windows MSHTML Platform Remote Code Execution VulnerabilityCritical
Windows ODBC DriverCVE-2023-35639Microsoft ODBC Driver Remote Code Execution VulnerabilityImportant
Windows Telephony ServerCVE-2023-36005Windows Telephony Server Elevation of Privilege VulnerabilityImportant
Windows USB Mass Storage Class DriverCVE-2023-35629Microsoft USBHUB 3.0 Device Driver Remote Code Execution VulnerabilityImportant
Windows Win32KCVE-2023-36011Win32k Elevation of Privilege VulnerabilityImportant
Windows Win32KCVE-2023-35631Win32k Elevation of Privilege VulnerabilityImportant
XAML DiagnosticsCVE-2023-36003XAML Diagnostics Elevation of Privilege VulnerabilityImportant

İlgili Makaleler

Bir yanıt yazın

E-posta adresiniz yayınlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir

Başa dön tuşu