Haberler
Microsoft Ocak 2024 Patch Tuesday: 12 RCE, 49 Zafiyet Kapatıldı
Microsoft bu ay yayınladığı Patch Tuesday güncellemeleri ile 12 RCE güvenlik açığı ve toplam 49 zafiyeti kapattı.
Yalnızca iki güvenlik açığı kritik olarak sınıflandırıldı; bunlardan biri Windows Kerberos zafiyeti, diğeri ise Hyper-V RCE.
Kapatılan zafiyetler aşağıdaki gibidir
- 10 Elevation of Privilege Vulnerabilities
- 7 Security Feature Bypass Vulnerabilities
- 12 Remote Code Execution Vulnerabilities
- 11 Information Disclosure Vulnerabilities
- 6 Denial of Service Vulnerabilities
- 3 Spoofing Vulnerabilities
Ocak 2024 Patch Tuesday Güvenlik Güncellemelerinin Tam Listesi
Tag | CVE ID | CVE Title | Severity |
---|---|---|---|
.NET and Visual Studio | CVE-2024-0057 | NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability | Important |
.NET Core & Visual Studio | CVE-2024-20672 | .NET Core and Visual Studio Denial of Service Vulnerability | Important |
.NET Framework | CVE-2024-21312 | .NET Framework Denial of Service Vulnerability | Important |
Azure Storage Mover | CVE-2024-20676 | Azure Storage Mover Remote Code Execution Vulnerability | Important |
Microsoft Bluetooth Driver | CVE-2024-21306 | Microsoft Bluetooth Driver Spoofing Vulnerability | Important |
Microsoft Devices | CVE-2024-21325 | Microsoft Printer Metadata Troubleshooter Tool Remote Code Execution Vulnerability | Important |
Microsoft Edge (Chromium-based) | CVE-2024-0222 | Chromium: CVE-2024-0222 Use after free in ANGLE | Unknown |
Microsoft Edge (Chromium-based) | CVE-2024-0223 | Chromium: CVE-2024-0223 Heap buffer overflow in ANGLE | Unknown |
Microsoft Edge (Chromium-based) | CVE-2024-0224 | Chromium: CVE-2024-0224 Use after free in WebAudio | Unknown |
Microsoft Edge (Chromium-based) | CVE-2024-0225 | Chromium: CVE-2024-0225 Use after free in WebGPU | Unknown |
Microsoft Identity Services | CVE-2024-21319 | Microsoft Identity Denial of service vulnerability | Important |
Microsoft Office | CVE-2024-20677 | Microsoft Office Remote Code Execution Vulnerability | Important |
Microsoft Office SharePoint | CVE-2024-21318 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
Microsoft Virtual Hard Drive | CVE-2024-20658 | Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability | Important |
Remote Desktop Client | CVE-2024-21307 | Remote Desktop Client Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-0056 | Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability | Important |
SQLite | CVE-2022-35737 | MITRE: CVE-2022-35737 SQLite allows an array-bounds overflow | Important |
Unified Extensible Firmware Interface | CVE-2024-21305 | Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability | Important |
Visual Studio | CVE-2024-20656 | Visual Studio Elevation of Privilege Vulnerability | Important |
Windows AllJoyn API | CVE-2024-20687 | Microsoft AllJoyn API Denial of Service Vulnerability | Important |
Windows Authentication Methods | CVE-2024-20674 | Windows Kerberos Security Feature Bypass Vulnerability | Critical |
Windows BitLocker | CVE-2024-20666 | BitLocker Security Feature Bypass Vulnerability | Important |
Windows Cloud Files Mini Filter Driver | CVE-2024-21310 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | Important |
Windows Collaborative Translation Framework | CVE-2024-20694 | Windows CoreMessaging Information Disclosure Vulnerability | Important |
Windows Common Log File System Driver | CVE-2024-20653 | Microsoft Common Log File System Elevation of Privilege Vulnerability | Important |
Windows Cryptographic Services | CVE-2024-20682 | Windows Cryptographic Services Remote Code Execution Vulnerability | Important |
Windows Cryptographic Services | CVE-2024-21311 | Windows Cryptographic Services Information Disclosure Vulnerability | Important |
Windows Group Policy | CVE-2024-20657 | Windows Group Policy Elevation of Privilege Vulnerability | Important |
Windows Hyper-V | CVE-2024-20699 | Windows Hyper-V Denial of Service Vulnerability | Important |
Windows Hyper-V | CVE-2024-20700 | Windows Hyper-V Remote Code Execution Vulnerability | Critical |
Windows Kernel | CVE-2024-20698 | Windows Kernel Elevation of Privilege Vulnerability | Important |
Windows Kernel-Mode Drivers | CVE-2024-21309 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | Important |
Windows Libarchive | CVE-2024-20697 | Windows Libarchive Remote Code Execution Vulnerability | Important |
Windows Libarchive | CVE-2024-20696 | Windows Libarchive Remote Code Execution Vulnerability | Important |
Windows Local Security Authority Subsystem Service (LSASS) | CVE-2024-20692 | Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability | Important |
Windows Message Queuing | CVE-2024-20660 | Microsoft Message Queuing Information Disclosure Vulnerability | Important |
Windows Message Queuing | CVE-2024-20664 | Microsoft Message Queuing Information Disclosure Vulnerability | Important |
Windows Message Queuing | CVE-2024-20680 | Windows Message Queuing Client (MSMQC) Information Disclosure | Important |
Windows Message Queuing | CVE-2024-20663 | Windows Message Queuing Client (MSMQC) Information Disclosure | Important |
Windows Message Queuing | CVE-2024-21314 | Microsoft Message Queuing Information Disclosure Vulnerability | Important |
Windows Message Queuing | CVE-2024-20661 | Microsoft Message Queuing Denial of Service Vulnerability | Important |
Windows Nearby Sharing | CVE-2024-20690 | Windows Nearby Sharing Spoofing Vulnerability | Important |
Windows ODBC Driver | CVE-2024-20654 | Microsoft ODBC Driver Remote Code Execution Vulnerability | Important |
Windows Online Certificate Status Protocol (OCSP) SnapIn | CVE-2024-20662 | Windows Online Certificate Status Protocol (OCSP) Information Disclosure Vulnerability | Important |
Windows Online Certificate Status Protocol (OCSP) SnapIn | CVE-2024-20655 | Microsoft Online Certificate Status Protocol (OCSP) Remote Code Execution Vulnerability | Important |
Windows Scripting | CVE-2024-20652 | Windows HTML Platforms Security Feature Bypass Vulnerability | Important |
Windows Server Key Distribution Service | CVE-2024-21316 | Windows Server Key Distribution Service Security Feature Bypass | Important |
Windows Subsystem for Linux | CVE-2024-20681 | Windows Subsystem for Linux Elevation of Privilege Vulnerability | Important |
Windows TCP/IP | CVE-2024-21313 | Windows TCP/IP Information Disclosure Vulnerability | Important |
Windows Themes | CVE-2024-20691 | Windows Themes Information Disclosure Vulnerability | Important |
Windows Themes | CVE-2024-21320 | Windows Themes Spoofing Vulnerability | Important |
Windows Win32 Kernel Subsystem | CVE-2024-20686 | Win32k Elevation of Privilege Vulnerability | Important |
Windows Win32K | CVE-2024-20683 | Win32k Elevation of Privilege Vulnerability | Important |