Haberler
Microsoft Ocak 2025 Patch Tuesday: 8 Zero Day, Toplamda 159 Zafiyet Kapatıldı
Microsoft bu ay yayınladığı Patch Tuesday güncellemeleri ile 8 zero day güvenlik açığı ve toplam 159 zafiyeti kapattı.
Kapatılan zafiyetler aşağıdaki gibi:
- 40 Elevation of Privilege Vulnerabilities
- 14 Security Feature Bypass Vulnerabilities
- 58 Remote Code Execution Vulnerabilities
- 24 Information Disclosure Vulnerabilities
- 20 Denial of Service Vulnerabilities
- 5 Spoofing Vulnerabilities
8 adet zero day zafiyeti kapatıldı
CVE-2025-21333, CVE-2025-21334, CVE-2025-21335 – Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
CVE-2025-21275 – Windows App Package Installer Elevation of Privilege Vulnerability
CVE-2025-21308 – Windows Themes Spoofing Vulnerability
CVE-2025-21186, CVE-2025-21366, CVE-2025-21395 – Microsoft Access Remote Code Execution Vulnerability
Ocak 2025 Patch Tuesday Güvenlik Güncellemelerinin Tam Listesi
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| .NET | CVE-2025-21171 | .NET Remote Code Execution Vulnerability | Important |
| .NET | CVE-2025-21173 | .NET Elevation of Privilege Vulnerability | Important |
| .NET and Visual Studio | CVE-2025-21172 | .NET and Visual Studio Remote Code Execution Vulnerability | Important |
| .NET, .NET Framework, Visual Studio | CVE-2025-21176 | .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability | Important |
| Active Directory Domain Services | CVE-2025-21293 | Active Directory Domain Services Elevation of Privilege Vulnerability | Important |
| Active Directory Federation Services | CVE-2025-21193 | Active Directory Federation Server Spoofing Vulnerability | Important |
| Azure Marketplace SaaS Resources | CVE-2025-21380 | Azure Marketplace SaaS Resources Information Disclosure Vulnerability | Critical |
| BranchCache | CVE-2025-21296 | BranchCache Remote Code Execution Vulnerability | Critical |
| Internet Explorer | CVE-2025-21326 | Internet Explorer Remote Code Execution Vulnerability | Important |
| IP Helper | CVE-2025-21231 | IP Helper Denial of Service Vulnerability | Important |
| Line Printer Daemon Service (LPD) | CVE-2025-21224 | Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability | Important |
| Microsoft AutoUpdate (MAU) | CVE-2025-21360 | Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability | Important |
| Microsoft Azure Gateway Manager | CVE-2025-21403 | On-Premises Data Gateway Information Disclosure Vulnerability | Important |
| Microsoft Brokering File System | CVE-2025-21315 | Microsoft Brokering File System Elevation of Privilege Vulnerability | Important |
| Microsoft Brokering File System | CVE-2025-21372 | Microsoft Brokering File System Elevation of Privilege Vulnerability | Important |
| Microsoft Digest Authentication | CVE-2025-21294 | Microsoft Digest Authentication Remote Code Execution Vulnerability | Critical |
| Microsoft Graphics Component | CVE-2025-21382 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
| Microsoft Office | CVE-2025-21346 | Microsoft Office Security Feature Bypass Vulnerability | Important |
| Microsoft Office | CVE-2025-21365 | Microsoft Office Remote Code Execution Vulnerability | Important |
| Microsoft Office Access | CVE-2025-21186 | Microsoft Access Remote Code Execution Vulnerability | Important |
| Microsoft Office Access | CVE-2025-21366 | Microsoft Access Remote Code Execution Vulnerability | Important |
| Microsoft Office Access | CVE-2025-21395 | Microsoft Access Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-21364 | Microsoft Excel Security Feature Bypass Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-21362 | Microsoft Excel Remote Code Execution Vulnerability | Critical |
| Microsoft Office Excel | CVE-2025-21354 | Microsoft Excel Remote Code Execution Vulnerability | Critical |
| Microsoft Office OneNote | CVE-2025-21402 | Microsoft Office OneNote Remote Code Execution Vulnerability | Important |
| Microsoft Office Outlook | CVE-2025-21357 | Microsoft Outlook Remote Code Execution Vulnerability | Important |
| Microsoft Office Outlook for Mac | CVE-2025-21361 | Microsoft Outlook Remote Code Execution Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2025-21344 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2025-21348 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2025-21393 | Microsoft SharePoint Server Spoofing Vulnerability | Important |
| Microsoft Office Visio | CVE-2025-21345 | Microsoft Office Visio Remote Code Execution Vulnerability | Important |
| Microsoft Office Visio | CVE-2025-21356 | Microsoft Office Visio Remote Code Execution Vulnerability | Important |
| Microsoft Office Word | CVE-2025-21363 | Microsoft Word Remote Code Execution Vulnerability | Important |
| Microsoft Purview | CVE-2025-21385 | Microsoft Purview Information Disclosure Vulnerability | Critical |
| Microsoft Windows Search Component | CVE-2025-21292 | Windows Search Service Elevation of Privilege Vulnerability | Important |
| Power Automate | CVE-2025-21187 | Microsoft Power Automate Remote Code Execution Vulnerability | Important |
| Reliable Multicast Transport Driver (RMCAST) | CVE-2025-21307 | Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability | Critical |
| Visual Studio | CVE-2025-21405 | Visual Studio Elevation of Privilege Vulnerability | Important |
| Visual Studio | CVE-2024-50338 | GitHub: CVE-2024-50338 Malformed URL allows information disclosure through git-credential-manager | Important |
| Visual Studio | CVE-2025-21178 | Visual Studio Remote Code Execution Vulnerability | Important |
| Windows BitLocker | CVE-2025-21213 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows BitLocker | CVE-2025-21214 | Windows BitLocker Information Disclosure Vulnerability | Important |
| Windows Boot Loader | CVE-2025-21211 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Boot Manager | CVE-2025-21215 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Client-Side Caching (CSC) Service | CVE-2025-21374 | Windows CSC Service Information Disclosure Vulnerability | Important |
| Windows Client-Side Caching (CSC) Service | CVE-2025-21378 | Windows CSC Service Elevation of Privilege Vulnerability | Important |
| Windows Cloud Files Mini Filter Driver | CVE-2025-21271 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | Important |
| Windows COM | CVE-2025-21281 | Microsoft COM for Windows Elevation of Privilege Vulnerability | Important |
| Windows COM | CVE-2025-21272 | Windows COM Server Information Disclosure Vulnerability | Important |
| Windows COM | CVE-2025-21288 | Windows COM Server Information Disclosure Vulnerability | Important |
| Windows Connected Devices Platform Service | CVE-2025-21207 | Windows Connected Devices Platform Service (Cdpsvc) Denial of Service Vulnerability | Important |
| Windows Cryptographic Services | CVE-2025-21336 | Windows Cryptographic Information Disclosure Vulnerability | Important |
| Windows Digital Media | CVE-2025-21261 | Windows Digital Media Elevation of Privilege Vulnerability | Important |
| Windows Digital Media | CVE-2025-21258 | Windows Digital Media Elevation of Privilege Vulnerability | Important |
| Windows Digital Media | CVE-2025-21232 | Windows Digital Media Elevation of Privilege Vulnerability | Important |
| Windows Digital Media | CVE-2025-21256 | Windows Digital Media Elevation of Privilege Vulnerability | Important |
| Windows Digital Media | CVE-2025-21255 | Windows Digital Media Elevation of Privilege Vulnerability | Important |
| Windows Digital Media | CVE-2025-21226 | Windows Digital Media Elevation of Privilege Vulnerability | Important |
| Windows Digital Media | CVE-2025-21310 | Windows Digital Media Elevation of Privilege Vulnerability | Important |
| Windows Digital Media | CVE-2025-21324 | Windows Digital Media Elevation of Privilege Vulnerability | Important |
| Windows Digital Media | CVE-2025-21249 | Windows Digital Media Elevation of Privilege Vulnerability | Important |
| Windows Digital Media | CVE-2025-21341 | Windows Digital Media Elevation of Privilege Vulnerability | Important |
| Windows Digital Media | CVE-2025-21227 | Windows Digital Media Elevation of Privilege Vulnerability | Important |
| Windows Digital Media | CVE-2025-21260 | Windows Digital Media Elevation of Privilege Vulnerability | Important |
| Windows Digital Media | CVE-2025-21265 | Windows Digital Media Elevation of Privilege Vulnerability | Important |
| Windows Digital Media | CVE-2025-21263 | Windows Digital Media Elevation of Privilege Vulnerability | Important |
| Windows Digital Media | CVE-2025-21228 | Windows Digital Media Elevation of Privilege Vulnerability | Important |
| Windows Digital Media | CVE-2025-21327 | Windows Digital Media Elevation of Privilege Vulnerability | Important |
| Windows Digital Media | CVE-2025-21229 | Windows Digital Media Elevation of Privilege Vulnerability | Important |
| Windows Direct Show | CVE-2025-21291 | Windows Direct Show Remote Code Execution Vulnerability | Important |
| Windows DWM Core Library | CVE-2025-21304 | Microsoft DWM Core Library Elevation of Privilege Vulnerability | Important |
| Windows Event Tracing | CVE-2025-21274 | Windows Event Tracing Denial of Service Vulnerability | Important |
| Windows Geolocation Service | CVE-2025-21301 | Windows Geolocation Service Information Disclosure Vulnerability | Important |
| Windows Hello | CVE-2025-21340 | Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability | Important |
| Windows Hyper-V NT Kernel Integration VSP | CVE-2025-21335 | Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability | Important |
| Windows Hyper-V NT Kernel Integration VSP | CVE-2025-21334 | Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability | Important |
| Windows Hyper-V NT Kernel Integration VSP | CVE-2025-21333 | Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability | Important |
| Windows Installer | CVE-2025-21275 | Windows App Package Installer Elevation of Privilege Vulnerability | Important |
| Windows Installer | CVE-2025-21331 | Windows Installer Elevation of Privilege Vulnerability | Important |
| Windows Installer | CVE-2025-21287 | Windows Installer Elevation of Privilege Vulnerability | Important |
| Windows Kerberos | CVE-2025-21242 | Windows Kerberos Information Disclosure Vulnerability | Important |
| Windows Kerberos | CVE-2025-21299 | Windows Kerberos Security Feature Bypass Vulnerability | Important |
| Windows Kerberos | CVE-2025-21218 | Windows Kerberos Denial of Service Vulnerability | Important |
| Windows Kernel Memory | CVE-2025-21316 | Windows Kernel Memory Information Disclosure Vulnerability | Important |
| Windows Kernel Memory | CVE-2025-21318 | Windows Kernel Memory Information Disclosure Vulnerability | Important |
| Windows Kernel Memory | CVE-2025-21321 | Windows Kernel Memory Information Disclosure Vulnerability | Important |
| Windows Kernel Memory | CVE-2025-21320 | Windows Kernel Memory Information Disclosure Vulnerability | Important |
| Windows Kernel Memory | CVE-2025-21317 | Windows Kernel Memory Information Disclosure Vulnerability | Important |
| Windows Kernel Memory | CVE-2025-21319 | Windows Kernel Memory Information Disclosure Vulnerability | Important |
| Windows Kernel Memory | CVE-2025-21323 | Windows Kernel Memory Information Disclosure Vulnerability | Important |
| Windows MapUrlToZone | CVE-2025-21268 | MapUrlToZone Security Feature Bypass Vulnerability | Important |
| Windows MapUrlToZone | CVE-2025-21269 | Windows HTML Platforms Security Feature Bypass Vulnerability | Important |
| Windows MapUrlToZone | CVE-2025-21332 | MapUrlToZone Security Feature Bypass Vulnerability | Important |
| Windows MapUrlToZone | CVE-2025-21276 | Windows MapUrlToZone Denial of Service Vulnerability | Important |
| Windows MapUrlToZone | CVE-2025-21219 | MapUrlToZone Security Feature Bypass Vulnerability | Important |
| Windows MapUrlToZone | CVE-2025-21328 | MapUrlToZone Security Feature Bypass Vulnerability | Important |
| Windows MapUrlToZone | CVE-2025-21329 | MapUrlToZone Security Feature Bypass Vulnerability | Important |
| Windows MapUrlToZone | CVE-2025-21189 | MapUrlToZone Security Feature Bypass Vulnerability | Important |
| Windows Message Queuing | CVE-2025-21251 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | Important |
| Windows Message Queuing | CVE-2025-21230 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | Important |
| Windows Message Queuing | CVE-2025-21220 | Microsoft Message Queuing Information Disclosure Vulnerability | Important |
| Windows Message Queuing | CVE-2025-21270 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | Important |
| Windows Message Queuing | CVE-2025-21285 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | Important |
| Windows Message Queuing | CVE-2025-21290 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | Important |
| Windows Message Queuing | CVE-2025-21289 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | Important |
| Windows Message Queuing | CVE-2025-21277 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | Important |
| Windows NTLM | CVE-2025-21217 | Windows NTLM Spoofing Vulnerability | Important |
| Windows NTLM | CVE-2025-21311 | Windows NTLM V1 Elevation of Privilege Vulnerability | Critical |
| Windows OLE | CVE-2025-21298 | Windows OLE Remote Code Execution Vulnerability | Critical |
| Windows PrintWorkflowUserSvc | CVE-2025-21235 | Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability | Important |
| Windows PrintWorkflowUserSvc | CVE-2025-21234 | Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability | Important |
| Windows Recovery Environment Agent | CVE-2025-21202 | Windows Recovery Environment Agent Elevation of Privilege Vulnerability | Important |
| Windows Remote Desktop Services | CVE-2025-21309 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Critical |
| Windows Remote Desktop Services | CVE-2025-21297 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Critical |
| Windows Remote Desktop Services | CVE-2025-21225 | Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability | Important |
| Windows Remote Desktop Services | CVE-2025-21330 | Windows Remote Desktop Services Denial of Service Vulnerability | Important |
| Windows Remote Desktop Services | CVE-2025-21278 | Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability | Important |
| Windows Secure Boot | CVE-2024-7344 | Cert CC: CVE-2024-7344 Howyar Taiwan Secure Boot Bypass | Important |
| Windows Security Account Manager | CVE-2025-21313 | Windows Security Account Manager (SAM) Denial of Service Vulnerability | Important |
| Windows Smart Card | CVE-2025-21312 | Windows Smart Card Reader Information Disclosure Vulnerability | Important |
| Windows SmartScreen | CVE-2025-21314 | Windows SmartScreen Spoofing Vulnerability | Important |
| Windows SPNEGO Extended Negotiation | CVE-2025-21295 | SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability | Critical |
| Windows Telephony Service | CVE-2025-21243 | Windows Telephony Service Remote Code Execution Vulnerability | Important |
| Windows Telephony Service | CVE-2025-21244 | Windows Telephony Service Remote Code Execution Vulnerability | Important |
| Windows Telephony Service | CVE-2025-21241 | Windows Telephony Service Remote Code Execution Vulnerability | Important |
| Windows Telephony Service | CVE-2025-21303 | Windows Telephony Service Remote Code Execution Vulnerability | Important |
| Windows Telephony Service | CVE-2025-21246 | Windows Telephony Service Remote Code Execution Vulnerability | Important |
| Windows Telephony Service | CVE-2025-21252 | Windows Telephony Service Remote Code Execution Vulnerability | Important |
| Windows Telephony Service | CVE-2025-21417 | Windows Telephony Service Remote Code Execution Vulnerability | Important |
| Windows Telephony Service | CVE-2025-21248 | Windows Telephony Service Remote Code Execution Vulnerability | Important |
| Windows Telephony Service | CVE-2025-21306 | Windows Telephony Service Remote Code Execution Vulnerability | Important |
| Windows Telephony Service | CVE-2025-21233 | Windows Telephony Service Remote Code Execution Vulnerability | Important |
| Windows Telephony Service | CVE-2025-21411 | Windows Telephony Service Remote Code Execution Vulnerability | Important |
| Windows Telephony Service | CVE-2025-21413 | Windows Telephony Service Remote Code Execution Vulnerability | Important |
| Windows Telephony Service | CVE-2025-21237 | Windows Telephony Service Remote Code Execution Vulnerability | Important |
| Windows Telephony Service | CVE-2025-21239 | Windows Telephony Service Remote Code Execution Vulnerability | Important |
| Windows Telephony Service | CVE-2025-21339 | Windows Telephony Service Remote Code Execution Vulnerability | Important |
| Windows Telephony Service | CVE-2025-21236 | Windows Telephony Service Remote Code Execution Vulnerability | Important |
| Windows Telephony Service | CVE-2025-21245 | Windows Telephony Service Remote Code Execution Vulnerability | Important |
| Windows Telephony Service | CVE-2025-21409 | Windows Telephony Service Remote Code Execution Vulnerability | Important |
| Windows Telephony Service | CVE-2025-21223 | Windows Telephony Service Remote Code Execution Vulnerability | Important |
| Windows Telephony Service | CVE-2025-21282 | Windows Telephony Service Remote Code Execution Vulnerability | Important |
| Windows Telephony Service | CVE-2025-21305 | Windows Telephony Service Remote Code Execution Vulnerability | Important |
| Windows Telephony Service | CVE-2025-21273 | Windows Telephony Service Remote Code Execution Vulnerability | Important |
| Windows Telephony Service | CVE-2025-21266 | Windows Telephony Service Remote Code Execution Vulnerability | Important |
| Windows Telephony Service | CVE-2025-21250 | Windows Telephony Service Remote Code Execution Vulnerability | Important |
| Windows Telephony Service | CVE-2025-21302 | Windows Telephony Service Remote Code Execution Vulnerability | Important |
| Windows Telephony Service | CVE-2025-21240 | Windows Telephony Service Remote Code Execution Vulnerability | Important |
| Windows Telephony Service | CVE-2025-21286 | Windows Telephony Service Remote Code Execution Vulnerability | Important |
| Windows Telephony Service | CVE-2025-21238 | Windows Telephony Service Remote Code Execution Vulnerability | Important |
| Windows Themes | CVE-2025-21308 | Windows Themes Spoofing Vulnerability | Important |
| Windows UPnP Device Host | CVE-2025-21300 | Windows upnphost.dll Denial of Service Vulnerability | Important |
| Windows UPnP Device Host | CVE-2025-21389 | Windows upnphost.dll Denial of Service Vulnerability | Important |
| Windows Virtual Trusted Platform Module | CVE-2025-21210 | Windows BitLocker Information Disclosure Vulnerability | Important |
| Windows Virtual Trusted Platform Module | CVE-2025-21284 | Windows Virtual Trusted Platform Module Denial of Service Vulnerability | Important |
| Windows Virtual Trusted Platform Module | CVE-2025-21280 | Windows Virtual Trusted Platform Module Denial of Service Vulnerability | Important |
| Windows Virtualization-Based Security (VBS) Enclave | CVE-2025-21370 | Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability | Important |
| Windows Web Threat Defense User Service | CVE-2025-21343 | Windows Web Threat Defense User Service Information Disclosure Vulnerability | Important |
| Windows Win32K – GRFX | CVE-2025-21338 | GDI+ Remote Code Execution Vulnerability | Important |
| Windows WLAN Auto Config Service | CVE-2025-21257 | Windows WLAN AutoConfig Service Information Disclosure Vulnerability | Important |
