Microsoft Ağustos 2022 Patch Tuesday: 2 Zero-Day, 121 Zafiyet Kapatıldı

Mehmet Sait YILMAZ

09/08/2022

Microsoft bu ay yayınladığı Patch Tuesday yamaları ile 1 adet zero-day güvenlik açığı ve toplam 121 zafiyeti kapattı.

Bugünkü güncellemede düzeltilen 121 güvenlik açığından on yedisi, uzaktan kod yürütülmesine veya ayrıcalıkların yükseltilmesine izin verdikleri için ‘Kritik’ olarak sınıflandırıldı.

Kapatılan zafiyetler aşağıdaki gibidir:

64 Elevation of Privilege Vulnerabilities
6 Security Feature Bypass Vulnerabilities
31 Remote Code Execution Vulnerabilities
12 Information Disclosure Vulnerabilities
7 Denial of Service Vulnerabilities
1 Spoofing Vulnerability

İki zero-day kapatıldı, bir tanesi aktif olarak kullanıldı

Aktif olarak yararlanılan zero-day güvenlik açıklarında ilki ‘ DogWalk ‘ olarak biliniyor ve Microsoft tarafından ‘ CVE-2022-34713 ‘ – “Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability” güvenlik açığı olarak izleniyor. Diğer zero-day güvenlik açığı ‘ CVE-2022-30134 ‘ olarak izleniyor ve “Microsoft Exchange Information Disclosure Vulnerability” olarak gösteriliyor. Zafiyetin istismar edilmesi durumunda e-posta mesajlarını okumasına olanak tanıyor.

Ağustos 2022 Patch Tuesday Güvenlik Güncellemelerinin Tam Listesi

Tag	CVE ID	CVE Title	Severity
.NET Core	CVE-2022-34716	.NET Spoofing Vulnerability	Important
Active Directory Domain Services	CVE-2022-34691	Active Directory Domain Services Elevation of Privilege Vulnerability	Critical
Azure Batch Node Agent	CVE-2022-33646	Azure Batch Node Agent Elevation of Privilege Vulnerability	Critical
Azure Real Time Operating System	CVE-2022-34685	Azure RTOS GUIX Studio Information Disclosure Vulnerability	Important
Azure Real Time Operating System	CVE-2022-34686	Azure RTOS GUIX Studio Information Disclosure Vulnerability	Important
Azure Real Time Operating System	CVE-2022-35773	Azure RTOS GUIX Studio Remote Code Execution Vulnerability	Important
Azure Real Time Operating System	CVE-2022-35779	Azure RTOS GUIX Studio Remote Code Execution Vulnerability	Important
Azure Real Time Operating System	CVE-2022-35806	Azure RTOS GUIX Studio Remote Code Execution Vulnerability	Important
Azure Real Time Operating System	CVE-2022-34687	Azure RTOS GUIX Studio Remote Code Execution Vulnerability	Important
Azure Real Time Operating System	CVE-2022-30176	Azure RTOS GUIX Studio Remote Code Execution Vulnerability	Important
Azure Real Time Operating System	CVE-2022-30175	Azure RTOS GUIX Studio Remote Code Execution Vulnerability	Important
Azure Site Recovery	CVE-2022-35791	Azure Site Recovery Elevation of Privilege Vulnerability	Important
Azure Site Recovery	CVE-2022-35818	Azure Site Recovery Elevation of Privilege Vulnerability	Important
Azure Site Recovery	CVE-2022-35809	Azure Site Recovery Elevation of Privilege Vulnerability	Important
Azure Site Recovery	CVE-2022-35789	Azure Site Recovery Elevation of Privilege Vulnerability	Important
Azure Site Recovery	CVE-2022-35815	Azure Site Recovery Elevation of Privilege Vulnerability	Important
Azure Site Recovery	CVE-2022-35817	Azure Site Recovery Elevation of Privilege Vulnerability	Important
Azure Site Recovery	CVE-2022-35816	Azure Site Recovery Elevation of Privilege Vulnerability	Important
Azure Site Recovery	CVE-2022-35814	Azure Site Recovery Elevation of Privilege Vulnerability	Important
Azure Site Recovery	CVE-2022-35785	Azure Site Recovery Elevation of Privilege Vulnerability	Important
Azure Site Recovery	CVE-2022-35812	Azure Site Recovery Elevation of Privilege Vulnerability	Important
Azure Site Recovery	CVE-2022-35811	Azure Site Recovery Elevation of Privilege Vulnerability	Important
Azure Site Recovery	CVE-2022-35784	Azure Site Recovery Elevation of Privilege Vulnerability	Important
Azure Site Recovery	CVE-2022-35810	Azure Site Recovery Elevation of Privilege Vulnerability	Important
Azure Site Recovery	CVE-2022-35813	Azure Site Recovery Elevation of Privilege Vulnerability	Important
Azure Site Recovery	CVE-2022-35788	Azure Site Recovery Elevation of Privilege Vulnerability	Important
Azure Site Recovery	CVE-2022-35783	Azure Site Recovery Elevation of Privilege Vulnerability	Important
Azure Site Recovery	CVE-2022-35786	Azure Site Recovery Elevation of Privilege Vulnerability	Important
Azure Site Recovery	CVE-2022-35787	Azure Site Recovery Elevation of Privilege Vulnerability	Important
Azure Site Recovery	CVE-2022-35819	Azure Site Recovery Elevation of Privilege Vulnerability	Important
Azure Site Recovery	CVE-2022-35781	Azure Site Recovery Elevation of Privilege Vulnerability	Important
Azure Site Recovery	CVE-2022-35775	Azure Site Recovery Elevation of Privilege Vulnerability	Important
Azure Site Recovery	CVE-2022-35790	Azure Site Recovery Elevation of Privilege Vulnerability	Important
Azure Site Recovery	CVE-2022-35780	Azure Site Recovery Elevation of Privilege Vulnerability	Important
Azure Site Recovery	CVE-2022-35799	Azure Site Recovery Elevation of Privilege Vulnerability	Important
Azure Site Recovery	CVE-2022-35772	Azure Site Recovery Remote Code Execution Vulnerability	Important
Azure Site Recovery	CVE-2022-35800	Azure Site Recovery Elevation of Privilege Vulnerability	Important
Azure Site Recovery	CVE-2022-35774	Azure Site Recovery Elevation of Privilege Vulnerability	Important
Azure Site Recovery	CVE-2022-35802	Azure Site Recovery Elevation of Privilege Vulnerability	Important
Azure Site Recovery	CVE-2022-35782	Azure Site Recovery Elevation of Privilege Vulnerability	Important
Azure Site Recovery	CVE-2022-35824	Azure Site Recovery Remote Code Execution Vulnerability	Important
Azure Site Recovery	CVE-2022-35801	Azure Site Recovery Elevation of Privilege Vulnerability	Important
Azure Site Recovery	CVE-2022-35808	Azure Site Recovery Elevation of Privilege Vulnerability	Important
Azure Site Recovery	CVE-2022-35776	Azure Site Recovery Denial of Service Vulnerability	Important
Azure Site Recovery	CVE-2022-35807	Azure Site Recovery Elevation of Privilege Vulnerability	Important
Azure Sphere	CVE-2022-35821	Azure Sphere Information Disclosure Vulnerability	Important
Microsoft ATA Port Driver	CVE-2022-35760	Microsoft ATA Port Driver Elevation of Privilege Vulnerability	Important
Microsoft Bluetooth Driver	CVE-2022-35820	Windows Bluetooth Driver Elevation of Privilege Vulnerability	Important
Microsoft Edge (Chromium-based)	CVE-2022-35796	Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability	Low
Microsoft Edge (Chromium-based)	CVE-2022-33649	Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability	Important
Microsoft Edge (Chromium-based)	CVE-2022-2618	Chromium: CVE-2022-2618 Insufficient validation of untrusted input in Internals	Unknown
Microsoft Edge (Chromium-based)	CVE-2022-2616	Chromium: CVE-2022-2616 Inappropriate implementation in Extensions API	Unknown
Microsoft Edge (Chromium-based)	CVE-2022-2617	Chromium: CVE-2022-2617 Use after free in Extensions API	Unknown
Microsoft Edge (Chromium-based)	CVE-2022-2619	Chromium: CVE-2022-2619 Insufficient validation of untrusted input in Settings	Unknown
Microsoft Edge (Chromium-based)	CVE-2022-2622	Chromium: CVE-2022-2622 Insufficient validation of untrusted input in Safe Browsing	Unknown
Microsoft Edge (Chromium-based)	CVE-2022-2623	Chromium: CVE-2022-2623 Use after free in Offline	Unknown
Microsoft Edge (Chromium-based)	CVE-2022-33636	Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability	Moderate
Microsoft Edge (Chromium-based)	CVE-2022-2621	Chromium: CVE-2022-2621 Use after free in Extensions	Unknown
Microsoft Edge (Chromium-based)	CVE-2022-2615	Chromium: CVE-2022-2615 Insufficient policy enforcement in Cookies	Unknown
Microsoft Edge (Chromium-based)	CVE-2022-2604	Chromium: CVE-2022-2604 Use after free in Safe Browsing	Unknown
Microsoft Edge (Chromium-based)	CVE-2022-2605	Chromium: CVE-2022-2605 Out of bounds read in Dawn	Unknown
Microsoft Edge (Chromium-based)	CVE-2022-2624	Chromium: CVE-2022-2624 Heap buffer overflow in PDF	Unknown
Microsoft Edge (Chromium-based)	CVE-2022-2603	Chromium: CVE-2022-2603 Use after free in Omnibox	Unknown
Microsoft Edge (Chromium-based)	CVE-2022-2606	Chromium: CVE-2022-2606 Use after free in Managed devices API	Unknown
Microsoft Edge (Chromium-based)	CVE-2022-2612	Chromium: CVE-2022-2612 Side-channel information leakage in Keyboard input	Unknown
Microsoft Edge (Chromium-based)	CVE-2022-2614	Chromium: CVE-2022-2614 Use after free in Sign-In Flow	Unknown
Microsoft Edge (Chromium-based)	CVE-2022-2610	Chromium: CVE-2022-2610 Insufficient policy enforcement in Background Fetch	Unknown
Microsoft Edge (Chromium-based)	CVE-2022-2611	Chromium: CVE-2022-2611 Inappropriate implementation in Fullscreen API	Unknown
Microsoft Exchange Server	CVE-2022-34692	Microsoft Exchange Information Disclosure Vulnerability	Important
Microsoft Exchange Server	CVE-2022-21980	Microsoft Exchange Server Elevation of Privilege Vulnerability	Critical
Microsoft Exchange Server	CVE-2022-21979	Microsoft Exchange Information Disclosure Vulnerability	Important
Microsoft Exchange Server	CVE-2022-24516	Microsoft Exchange Server Elevation of Privilege Vulnerability	Critical
Microsoft Exchange Server	CVE-2022-30134	Microsoft Exchange Information Disclosure Vulnerability	Important
Microsoft Exchange Server	CVE-2022-24477	Microsoft Exchange Server Elevation of Privilege Vulnerability	Critical
Microsoft Office	CVE-2022-34717	Microsoft Office Remote Code Execution Vulnerability	Important
Microsoft Office Excel	CVE-2022-33648	Microsoft Excel Remote Code Execution Vulnerability	Important
Microsoft Office Excel	CVE-2022-33631	Microsoft Excel Security Feature Bypass Vulnerability	Important
Microsoft Office Outlook	CVE-2022-35742	Microsoft Outlook Denial of Service Vulnerability	Important
Microsoft Windows Support Diagnostic Tool (MSDT)	CVE-2022-34713	Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability	Important
Microsoft Windows Support Diagnostic Tool (MSDT)	CVE-2022-35743	Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability	Important
Remote Access Service Point-to-Point Tunneling Protocol	CVE-2022-35752	Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability	Critical
Remote Access Service Point-to-Point Tunneling Protocol	CVE-2022-35753	Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability	Critical
Remote Access Service Point-to-Point Tunneling Protocol	CVE-2022-35769	Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability	Important
Role: Windows Fax Service	CVE-2022-34690	Windows Fax Service Elevation of Privilege Vulnerability	Important
Role: Windows Hyper-V	CVE-2022-34696	Windows Hyper-V Remote Code Execution Vulnerability	Critical
Role: Windows Hyper-V	CVE-2022-35751	Windows Hyper-V Elevation of Privilege Vulnerability	Important
System Center Operations Manager	CVE-2022-33640	System Center Operations Manager: Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability	Important
Visual Studio	CVE-2022-35827	Visual Studio Remote Code Execution Vulnerability	Important
Visual Studio	CVE-2022-35777	Visual Studio Remote Code Execution Vulnerability	Important
Visual Studio	CVE-2022-35825	Visual Studio Remote Code Execution Vulnerability	Important
Visual Studio	CVE-2022-35826	Visual Studio Remote Code Execution Vulnerability	Important
Windows Bluetooth Service	CVE-2022-30144	Windows Bluetooth Service Remote Code Execution Vulnerability	Important
Windows Canonical Display Driver	CVE-2022-35750	Win32k Elevation of Privilege Vulnerability	Important
Windows Cloud Files Mini Filter Driver	CVE-2022-35757	Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability	Important
Windows Defender Credential Guard	CVE-2022-35771	Windows Defender Credential Guard Elevation of Privilege Vulnerability	Important
Windows Defender Credential Guard	CVE-2022-34705	Windows Defender Credential Guard Elevation of Privilege Vulnerability	Important
Windows Defender Credential Guard	CVE-2022-34710	Windows Defender Credential Guard Information Disclosure Vulnerability	Important
Windows Defender Credential Guard	CVE-2022-34709	Windows Defender Credential Guard Security Feature Bypass Vulnerability	Important
Windows Defender Credential Guard	CVE-2022-34704	Windows Defender Credential Guard Information Disclosure Vulnerability	Important
Windows Defender Credential Guard	CVE-2022-34712	Windows Defender Credential Guard Information Disclosure Vulnerability	Important
Windows Digital Media	CVE-2022-35746	Windows Digital Media Receiver Elevation of Privilege Vulnerability	Important
Windows Digital Media	CVE-2022-35749	Windows Digital Media Receiver Elevation of Privilege Vulnerability	Important
Windows Error Reporting	CVE-2022-35795	Windows Error Reporting Service Elevation of Privilege Vulnerability	Important
Windows Hello	CVE-2022-35797	Windows Hello Security Feature Bypass Vulnerability	Important
Windows Internet Information Services	CVE-2022-35748	HTTP.sys Denial of Service Vulnerability	Important
Windows Kerberos	CVE-2022-35756	Windows Kerberos Elevation of Privilege Vulnerability	Important
Windows Kernel	CVE-2022-35761	Windows Kernel Elevation of Privilege Vulnerability	Important
Windows Kernel	CVE-2022-35768	Windows Kernel Elevation of Privilege Vulnerability	Important
Windows Kernel	CVE-2022-34708	Windows Kernel Information Disclosure Vulnerability	Important
Windows Kernel	CVE-2022-34707	Windows Kernel Elevation of Privilege Vulnerability	Important
Windows Kernel	CVE-2022-35804	SMB Client and Server Remote Code Execution Vulnerability	Critical
Windows Kernel	CVE-2022-30197	Windows Kernel Information Disclosure Vulnerability	Important
Windows Kernel	CVE-2022-35758	Windows Kernel Memory Information Disclosure Vulnerability	Important
Windows Local Security Authority (LSA)	CVE-2022-34706	Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability	Important
Windows Local Security Authority (LSA)	CVE-2022-35759	Windows Local Security Authority (LSA) Denial of Service Vulnerability	Important
Windows Network File System	CVE-2022-34715	Windows Network File System Remote Code Execution Vulnerability	Important
Windows Partition Management Driver	CVE-2022-33670	Windows Partition Management Driver Elevation of Privilege Vulnerability	Important
Windows Partition Management Driver	CVE-2022-34703	Windows Partition Management Driver Elevation of Privilege Vulnerability	Important
Windows Point-to-Point Tunneling Protocol	CVE-2022-30133	Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability	Critical
Windows Point-to-Point Tunneling Protocol	CVE-2022-35747	Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability	Important
Windows Point-to-Point Tunneling Protocol	CVE-2022-35744	Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability	Critical
Windows Print Spooler Components	CVE-2022-35793	Windows Print Spooler Elevation of Privilege Vulnerability	Important
Windows Print Spooler Components	CVE-2022-35755	Windows Print Spooler Elevation of Privilege Vulnerability	Important
Windows Secure Boot	CVE-2022-34301	CERT/CC: CVE-2022-34301 Eurosoft Boot Loader Bypass	Important
Windows Secure Boot	CVE-2022-34302	CERT/CC: CVE-2022-34302 New Horizon Data Systems Inc Boot Loader Bypass	Important
Windows Secure Boot	CVE-2022-34303	CERT/CC: CVE-20220-34303 Crypto Pro Boot Loader Bypass	Important
Windows Secure Socket Tunneling Protocol (SSTP)	CVE-2022-35745	Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability	Critical
Windows Secure Socket Tunneling Protocol (SSTP)	CVE-2022-35766	Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability	Critical
Windows Secure Socket Tunneling Protocol (SSTP)	CVE-2022-35794	Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability	Critical
Windows Secure Socket Tunneling Protocol (SSTP)	CVE-2022-34701	Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability	Important
Windows Secure Socket Tunneling Protocol (SSTP)	CVE-2022-34714	Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability	Critical
Windows Secure Socket Tunneling Protocol (SSTP)	CVE-2022-34702	Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability	Critical
Windows Secure Socket Tunneling Protocol (SSTP)	CVE-2022-35767	Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability	Critical
Windows Storage Spaces Direct	CVE-2022-35762	Storage Spaces Direct Elevation of Privilege Vulnerability	Important
Windows Storage Spaces Direct	CVE-2022-35765	Storage Spaces Direct Elevation of Privilege Vulnerability	Important
Windows Storage Spaces Direct	CVE-2022-35792	Storage Spaces Direct Elevation of Privilege Vulnerability	Important
Windows Storage Spaces Direct	CVE-2022-35763	Storage Spaces Direct Elevation of Privilege Vulnerability	Important
Windows Storage Spaces Direct	CVE-2022-35764	Storage Spaces Direct Elevation of Privilege Vulnerability	Important
Windows Unified Write Filter	CVE-2022-35754	Unified Write Filter Elevation of Privilege Vulnerability	Important
Windows WebBrowser Control	CVE-2022-30194	Windows WebBrowser Control Remote Code Execution Vulnerability	Important
Windows Win32K	CVE-2022-34699	Windows Win32k Elevation of Privilege Vulnerability	Important

Kaynak: bleepingcomputer.com