Microsoft bu ay yayınladığı Patch Tuesday güncellemeleri ile 18 adet RCE güvenlik açığı ve toplam 60 zafiyeti kapattı.
Bu ay iki adet kritik Hyper-v zafiyeti kapatıldı.
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-21407
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-21408
Kapatılan zafiyetler aşağıdaki gibi:
- 24 Elevation of Privilege Vulnerabilities
- 3 Security Feature Bypass Vulnerabilities
- 18 Remote Code Execution Vulnerabilities
- 6 Information Disclosure Vulnerabilities
- 6 Denial of Service Vulnerabilities
- 2 Spoofing Vulnerabilities
Bu ayki önce çıkan zafiyetler aşağıdaki gibi:
CVE-2024-21400 – Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability
CVE-2024-26199 – Microsoft Office Elevation of Privilege VulnerabilityCVE-2024-20671 – Microsoft Defender Security Feature Bypass Vulnerability
CVE-2024-20671 – Microsoft Defender Security Feature Bypass Vulnerability
CVE-2024-21411 – Skype for Consumer Remote Code Execution Vulnerability
Mart 2024 Patch Tuesday Güvenlik Güncellemelerinin Tam Listesi
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| .NET | CVE-2024-21392 | .NET and Visual Studio Denial of Service Vulnerability | Important |
| Azure Data Studio | CVE-2024-26203 | Azure Data Studio Elevation of Privilege Vulnerability | Important |
| Azure SDK | CVE-2024-21421 | Azure SDK Spoofing Vulnerability | Important |
| Intel | CVE-2023-28746 | Intel: CVE-2023-28746 Register File Data Sampling (RFDS) | Important |
| Microsoft Authenticator | CVE-2024-21390 | Microsoft Authenticator Elevation of Privilege Vulnerability | Important |
| Microsoft Azure Kubernetes Service | CVE-2024-21400 | Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability | Important |
| Microsoft Django Backend for SQL Server | CVE-2024-26164 | Microsoft Django Backend for SQL Server Remote Code Execution Vulnerability | Important |
| Microsoft Dynamics | CVE-2024-21419 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2024-2174 | Chromium: CVE-2024-2174 Inappropriate implementation in V8 | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2024-2173 | Chromium: CVE-2024-2173 Out of bounds memory access in V8 | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2024-2176 | Chromium: CVE-2024-2176 Use after free in FedCM | Unknown |
| Microsoft Edge for Android | CVE-2024-26167 | Microsoft Edge for Android Spoofing Vulnerability | Unknown |
| Microsoft Exchange Server | CVE-2024-26198 | Microsoft Exchange Server Remote Code Execution Vulnerability | Important |
| Microsoft Graphics Component | CVE-2024-21437 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
| Microsoft Intune | CVE-2024-26201 | Microsoft Intune Linux Agent Elevation of Privilege Vulnerability | Important |
| Microsoft Office | CVE-2024-26199 | Microsoft Office Elevation of Privilege Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2024-21426 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
| Microsoft QUIC | CVE-2024-26190 | Microsoft QUIC Denial of Service Vulnerability | Important |
| Microsoft Teams for Android | CVE-2024-21448 | Microsoft Teams for Android Information Disclosure Vulnerability | Important |
| Microsoft WDAC ODBC Driver | CVE-2024-21451 | Microsoft ODBC Driver Remote Code Execution Vulnerability | Important |
| Microsoft WDAC OLE DB provider for SQL | CVE-2024-21441 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
| Microsoft WDAC OLE DB provider for SQL | CVE-2024-26161 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
| Microsoft WDAC OLE DB provider for SQL | CVE-2024-26166 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
| Microsoft WDAC OLE DB provider for SQL | CVE-2024-21444 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
| Microsoft WDAC OLE DB provider for SQL | CVE-2024-21450 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
| Microsoft Windows SCSI Class System File | CVE-2024-21434 | Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability | Important |
| Open Management Infrastructure | CVE-2024-21330 | Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability | Important |
| Open Management Infrastructure | CVE-2024-21334 | Open Management Infrastructure (OMI) Remote Code Execution Vulnerability | Important |
| Outlook for Android | CVE-2024-26204 | Outlook for Android Information Disclosure Vulnerability | Important |
| Role: Windows Hyper-V | CVE-2024-21407 | Windows Hyper-V Remote Code Execution Vulnerability | Critical |
| Role: Windows Hyper-V | CVE-2024-21408 | Windows Hyper-V Denial of Service Vulnerability | Critical |
| Skype for Consumer | CVE-2024-21411 | Skype for Consumer Remote Code Execution Vulnerability | Important |
| Software for Open Networking in the Cloud (SONiC) | CVE-2024-21418 | Software for Open Networking in the Cloud (SONiC) Elevation of Privilege Vulnerability | Important |
| Visual Studio Code | CVE-2024-26165 | Visual Studio Code Elevation of Privilege Vulnerability | Important |
| Windows AllJoyn API | CVE-2024-21438 | Microsoft AllJoyn API Denial of Service Vulnerability | Important |
| Windows Cloud Files Mini Filter Driver | CVE-2024-26160 | Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability | Important |
| Windows Composite Image File System | CVE-2024-26170 | Windows Composite Image File System (CimFS) Elevation of Privilege Vulnerability | Important |
| Windows Compressed Folder | CVE-2024-26185 | Windows Compressed Folder Tampering Vulnerability | Important |
| Windows Defender | CVE-2024-20671 | Microsoft Defender Security Feature Bypass Vulnerability | Important |
| Windows Error Reporting | CVE-2024-26169 | Windows Error Reporting Service Elevation of Privilege Vulnerability | Important |
| Windows Hypervisor-Protected Code Integrity | CVE-2024-21431 | Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability | Important |
| Windows Installer | CVE-2024-21436 | Windows Installer Elevation of Privilege Vulnerability | Important |
| Windows Kerberos | CVE-2024-21427 | Windows Kerberos Security Feature Bypass Vulnerability | Important |
| Windows Kernel | CVE-2024-26177 | Windows Kernel Information Disclosure Vulnerability | Important |
| Windows Kernel | CVE-2024-26176 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2024-26174 | Windows Kernel Information Disclosure Vulnerability | Important |
| Windows Kernel | CVE-2024-26182 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2024-26181 | Windows Kernel Denial of Service Vulnerability | Important |
| Windows Kernel | CVE-2024-26178 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2024-26173 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2024-21443 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows NTFS | CVE-2024-21446 | NTFS Elevation of Privilege Vulnerability | Important |
| Windows ODBC Driver | CVE-2024-21440 | Microsoft ODBC Driver Remote Code Execution Vulnerability | Important |
| Windows ODBC Driver | CVE-2024-26162 | Microsoft ODBC Driver Remote Code Execution Vulnerability | Important |
| Windows ODBC Driver | CVE-2024-26159 | Microsoft ODBC Driver Remote Code Execution Vulnerability | Important |
| Windows OLE | CVE-2024-21435 | Windows OLE Remote Code Execution Vulnerability | Important |
| Windows Print Spooler Components | CVE-2024-21433 | Windows Print Spooler Elevation of Privilege Vulnerability | Important |
| Windows Standards-Based Storage Management Service | CVE-2024-26197 | Windows Standards-Based Storage Management Service Denial of Service Vulnerability | Important |
| Windows Telephony Server | CVE-2024-21439 | Windows Telephony Server Elevation of Privilege Vulnerability | Important |
| Windows Update Stack | CVE-2024-21432 | Windows Update Stack Elevation of Privilege Vulnerability | Important |
| Windows USB Hub Driver | CVE-2024-21429 | Windows USB Hub Driver Remote Code Execution Vulnerability | Important |
| Windows USB Print Driver | CVE-2024-21442 | Windows USB Print Driver Elevation of Privilege Vulnerability | Important |
| Windows USB Print Driver | CVE-2024-21445 | Windows USB Print Driver Elevation of Privilege Vulnerability | Important |
| Windows USB Serial Driver | CVE-2024-21430 | Windows USB Attached SCSI (UAS) Protocol Remote Code Execution Vulnerability | Important |
