Haberler

Microsoft Ağustos 2024 Patch Tuesday: 9 Zero-Day 89 Zafiyet Kapatıldı

Microsoft bu ay yayınladığı Patch Tuesday güncellemeleri ile 9 adet Zero-Day ve toplam 89 zafiyeti kapattı.

Kapatılan zafiyetler aşağıdaki gibi:

  • 36 Elevation of Privilege Vulnerabilities
  • 4 Security Feature Bypass Vulnerabilities
  • 28 Remote Code Execution Vulnerabilities
  • 8 Information Disclosure Vulnerabilities
  • 6 Denial of Service Vulnerabilities
  • 7 Spoofing Vulnerabilities

9 Adet Zero-Day Kapatıldı

CVE-2024-38178 – Scripting Engine Memory Corruption Vulnerability

CVE-2024-38193 – Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

CVE-2024-38213 – Windows Mark of the Web Security Feature Bypass Vulnerability

CVE-2024-38106 – Windows Kernel Elevation of Privilege Vulnerability

CVE-2024-38107 – Windows Power Dependency Coordinator Elevation of Privilege Vulnerability

CVE-2024-38189 – Microsoft Project Remote Code Execution Vulnerability

CVE-2024-38199 – Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability

CVE-2024-38200 – Microsoft Office Spoofing Vulnerability

CVE-2024-38202 – Windows Update Stack Elevation of Privilege Vulnerability

Ağustos 2024 Patch Tuesday Güvenlik Güncellemelerinin Tam Listesi

TagCVE IDCVE TitleSeverity
.NET and Visual StudioCVE-2024-38168.NET and Visual Studio Denial of Service VulnerabilityImportant
.NET and Visual StudioCVE-2024-38167.NET and Visual Studio Information Disclosure VulnerabilityImportant
Azure Connected Machine AgentCVE-2024-38162Azure Connected Machine Agent Elevation of Privilege VulnerabilityImportant
Azure Connected Machine AgentCVE-2024-38098Azure Connected Machine Agent Elevation of Privilege VulnerabilityImportant
Azure CycleCloudCVE-2024-38195Azure CycleCloud Remote Code Execution VulnerabilityImportant
Azure Health BotCVE-2024-38109Azure Health Bot Elevation of Privilege VulnerabilityCritical
Azure IoT SDKCVE-2024-38158Azure IoT SDK Remote Code Execution VulnerabilityImportant
Azure IoT SDKCVE-2024-38157Azure IoT SDK Remote Code Execution VulnerabilityImportant
Azure StackCVE-2024-38108Azure Stack Hub Spoofing VulnerabilityImportant
Azure StackCVE-2024-38201Azure Stack Hub Elevation of Privilege VulnerabilityImportant
Line Printer Daemon Service (LPD)CVE-2024-38199Windows Line Printer Daemon (LPD) Service Remote Code Execution VulnerabilityImportant
Microsoft Bluetooth DriverCVE-2024-38123Windows Bluetooth Driver Information Disclosure VulnerabilityImportant
Microsoft Copilot StudioCVE-2024-38206Microsoft Copilot Studio Information Disclosure VulnerabilityCritical
Microsoft DynamicsCVE-2024-38166Microsoft Dynamics 365 Cross-site Scripting VulnerabilityCritical
Microsoft DynamicsCVE-2024-38211Microsoft Dynamics 365 (on-premises) Cross-site Scripting VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2024-7256Chromium: CVE-2024-7256 Insufficient data validation in DawnUnknown
Microsoft Edge (Chromium-based)CVE-2024-7536Chromium: CVE-2024-7550 Type Confusion in V8Unknown
Microsoft Edge (Chromium-based)CVE-2024-6990Chromium: CVE-2024-6990 Uninitialized Use in DawnUnknown
Microsoft Edge (Chromium-based)CVE-2024-7255Chromium: CVE-2024-7255 Out of bounds read in WebTransportUnknown
Microsoft Edge (Chromium-based)CVE-2024-7534Chromium: CVE-2024-7535 Inappropriate implementation in V8Unknown
Microsoft Edge (Chromium-based)CVE-2024-7532Chromium: CVE-2024-7533 Use after free in SharingUnknown
Microsoft Edge (Chromium-based)CVE-2024-7550Chromium: CVE-2024-7532 Out of bounds memory access in ANGLEUnknown
Microsoft Edge (Chromium-based)CVE-2024-7535Chromium: CVE-2024-7536 Use after free in WebAudioUnknown
Microsoft Edge (Chromium-based)CVE-2024-7533Chromium: CVE-2024-7534 Heap buffer overflow in LayoutUnknown
Microsoft Edge (Chromium-based)CVE-2024-38218Microsoft Edge (HTML-based) Memory Corruption VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2024-38219Microsoft Edge (Chromium-based) Remote Code Execution VulnerabilityModerate
Microsoft Edge (Chromium-based)CVE-2024-38222Microsoft Edge (Chromium-based) Information Disclosure VulnerabilityUnknown
Microsoft Local Security Authority Server (lsasrv)CVE-2024-38118Microsoft Local Security Authority (LSA) Server Information Disclosure VulnerabilityImportant
Microsoft Local Security Authority Server (lsasrv)CVE-2024-38122Microsoft Local Security Authority (LSA) Server Information Disclosure VulnerabilityImportant
Microsoft OfficeCVE-2024-38200Microsoft Office Spoofing VulnerabilityImportant
Microsoft OfficeCVE-2024-38084Microsoft OfficePlus Elevation of Privilege VulnerabilityImportant
Microsoft Office ExcelCVE-2024-38172Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2024-38170Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office OutlookCVE-2024-38173Microsoft Outlook Remote Code Execution VulnerabilityImportant
Microsoft Office PowerPointCVE-2024-38171Microsoft PowerPoint Remote Code Execution VulnerabilityImportant
Microsoft Office ProjectCVE-2024-38189Microsoft Project Remote Code Execution VulnerabilityImportant
Microsoft Office VisioCVE-2024-38169Microsoft Office Visio Remote Code Execution VulnerabilityImportant
Microsoft Streaming ServiceCVE-2024-38134Kernel Streaming WOW Thunk Service Driver Elevation of Privilege VulnerabilityImportant
Microsoft Streaming ServiceCVE-2024-38144Kernel Streaming WOW Thunk Service Driver Elevation of Privilege VulnerabilityImportant
Microsoft Streaming ServiceCVE-2024-38125Kernel Streaming WOW Thunk Service Driver Elevation of Privilege VulnerabilityImportant
Microsoft TeamsCVE-2024-38197Microsoft Teams for iOS Spoofing VulnerabilityImportant
Microsoft WDAC OLE DB provider for SQLCVE-2024-38152Windows OLE Remote Code Execution VulnerabilityImportant
Microsoft Windows DNSCVE-2024-37968Windows DNS Spoofing VulnerabilityImportant
Reliable Multicast Transport Driver (RMCAST)CVE-2024-38140Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution VulnerabilityCritical
Windows Ancillary Function Driver for WinSockCVE-2024-38141Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityImportant
Windows Ancillary Function Driver for WinSockCVE-2024-38193Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityImportant
Windows App InstallerCVE-2024-38177Windows App Installer Spoofing VulnerabilityImportant
Windows Clipboard Virtual Channel ExtensionCVE-2024-38131Clipboard Virtual Channel Extension Remote Code Execution VulnerabilityImportant
Windows Cloud Files Mini Filter DriverCVE-2024-38215Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityImportant
Windows Common Log File System DriverCVE-2024-38196Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
Windows Compressed FolderCVE-2024-38165Windows Compressed Folder Tampering VulnerabilityImportant
Windows Deployment ServicesCVE-2024-38138Windows Deployment Services Remote Code Execution VulnerabilityImportant
Windows DWM Core LibraryCVE-2024-38150Windows DWM Core Library Elevation of Privilege VulnerabilityImportant
Windows DWM Core LibraryCVE-2024-38147Microsoft DWM Core Library Elevation of Privilege VulnerabilityImportant
Windows Initial Machine ConfigurationCVE-2024-38223Windows Initial Machine Configuration Elevation of Privilege VulnerabilityImportant
Windows IP Routing Management SnapinCVE-2024-38114Windows IP Routing Management Snapin Remote Code Execution VulnerabilityImportant
Windows IP Routing Management SnapinCVE-2024-38116Windows IP Routing Management Snapin Remote Code Execution VulnerabilityImportant
Windows IP Routing Management SnapinCVE-2024-38115Windows IP Routing Management Snapin Remote Code Execution VulnerabilityImportant
Windows KerberosCVE-2024-29995Windows Kerberos Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2024-38151Windows Kernel Information Disclosure VulnerabilityImportant
Windows KernelCVE-2024-38133Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2024-38127Windows Hyper-V Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2024-38153Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2024-38106Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows Kernel-Mode DriversCVE-2024-38187Windows Kernel-Mode Driver Elevation of Privilege VulnerabilityImportant
Windows Kernel-Mode DriversCVE-2024-38191Kernel Streaming Service Driver Elevation of Privilege VulnerabilityImportant
Windows Kernel-Mode DriversCVE-2024-38184Windows Kernel-Mode Driver Elevation of Privilege VulnerabilityImportant
Windows Kernel-Mode DriversCVE-2024-38186Windows Kernel-Mode Driver Elevation of Privilege VulnerabilityImportant
Windows Kernel-Mode DriversCVE-2024-38185Windows Kernel-Mode Driver Elevation of Privilege VulnerabilityImportant
Windows Layer-2 Bridge Network DriverCVE-2024-38146Windows Layer-2 Bridge Network Driver Denial of Service VulnerabilityImportant
Windows Layer-2 Bridge Network DriverCVE-2024-38145Windows Layer-2 Bridge Network Driver Denial of Service VulnerabilityImportant
Windows Mark of the Web (MOTW)CVE-2024-38213Windows Mark of the Web Security Feature Bypass VulnerabilityModerate
Windows Mobile BroadbandCVE-2024-38161Windows Mobile Broadband Driver Remote Code Execution VulnerabilityImportant
Windows Network Address Translation (NAT)CVE-2024-38132Windows Network Address Translation (NAT) Denial of Service VulnerabilityImportant
Windows Network Address Translation (NAT)CVE-2024-38126Windows Network Address Translation (NAT) Denial of Service VulnerabilityImportant
Windows Network VirtualizationCVE-2024-38160Windows Network Virtualization Remote Code Execution VulnerabilityCritical
Windows Network VirtualizationCVE-2024-38159Windows Network Virtualization Remote Code Execution VulnerabilityCritical
Windows NT OS KernelCVE-2024-38135Windows Resilient File System (ReFS) Elevation of Privilege VulnerabilityImportant
Windows NTFSCVE-2024-38117NTFS Elevation of Privilege VulnerabilityImportant
Windows Power Dependency CoordinatorCVE-2024-38107Windows Power Dependency Coordinator Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2024-38198Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Resource ManagerCVE-2024-38137Windows Resource Manager PSM Service Extension Elevation of Privilege VulnerabilityImportant
Windows Resource ManagerCVE-2024-38136Windows Resource Manager PSM Service Extension Elevation of Privilege VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2024-38130Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2024-38128Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2024-38154Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2024-38121Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2024-38214Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2024-38120Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows ScriptingCVE-2024-38178Scripting Engine Memory Corruption VulnerabilityImportant
Windows Secure BootCVE-2022-3775Redhat: CVE-2022-3775 grub2 – Heap based out-of-bounds write when rendering certain Unicode sequencesCritical
Windows Secure BootCVE-2023-40547Redhat: CVE-2023-40547 Shim – RCE in HTTP boot support may lead to secure boot bypassCritical
Windows Secure BootCVE-2022-2601Redhat: CVE-2022-2601 grub2 – Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypassImportant
Windows Secure Kernel ModeCVE-2024-21302Windows Secure Kernel Mode Elevation of Privilege VulnerabilityImportant
Windows Secure Kernel ModeCVE-2024-38142Windows Secure Kernel Mode Elevation of Privilege VulnerabilityImportant
Windows Security CenterCVE-2024-38155Security Center Broker Information Disclosure VulnerabilityImportant
Windows SmartScreenCVE-2024-38180Windows SmartScreen Security Feature Bypass VulnerabilityImportant
Windows TCP/IPCVE-2024-38063Windows TCP/IP Remote Code Execution VulnerabilityCritical
Windows Transport Security Layer (TLS)CVE-2024-38148Windows Secure Channel Denial of Service VulnerabilityImportant
Windows Update StackCVE-2024-38202Windows Update Stack Elevation of Privilege VulnerabilityImportant
Windows Update StackCVE-2024-38163Windows Update Stack Elevation of Privilege VulnerabilityImportant
Windows WLAN Auto Config ServiceCVE-2024-38143Windows WLAN AutoConfig Service Elevation of Privilege VulnerabilityImportant

İlgili Makaleler

Bir yanıt yazın

E-posta adresiniz yayınlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir

Başa dön tuşu