Haberler

Microsoft Ağustos 2023 Patch Tuesday: 2 Zero-Day, 87 Zafiyet Kapatıldı

Microsoft bu ay yayınladığı Patch Tuesday güncellemeleri ile 2 adet zero-day güvenlik açığı ve toplam 87 zafiyeti kapattı.

Bu ay yayınlanan güncellemerle 87 güvenlik açığından 6 tanesi kritik olarak listelendi ve 23 RCE zafiyeti kapatıldı.

Kapatılan zafiyetler aşağıdaki gibidir

  • 18 Elevation of Privilege vulnerabilities
  • 3 Security Feature Bypass vulnerabilities
  • 23 Remote Code Execution vulnerabilities
  • 10 Information Disclosure vulnerabilities
  • 8 Denial of Service vulnerabilities
  • 12 Spoofing vulnerabilities

Aktif olarak kullanılan iki zero-day

ADV230003 – Microsoft Office Defense in Depth Update (publicly disclosed)

CVE-2023-38180 – .NET and Visual Studio Denial of Service Vulnerability

Ağustos 2023 Patch Tuesday Güvenlik Güncellemelerinin Tam Listesi

TagCVE IDCVE TitleSeverity
.NET CoreCVE-2023-38178.NET Core and Visual Studio Denial of Service VulnerabilityImportant
.NET CoreCVE-2023-35390.NET and Visual Studio Remote Code Execution VulnerabilityImportant
.NET FrameworkCVE-2023-36873.NET Framework Spoofing VulnerabilityImportant
ASP .NETCVE-2023-38180.NET and Visual Studio Denial of Service VulnerabilityImportant
ASP.NETCVE-2023-36899ASP.NET Elevation of Privilege VulnerabilityImportant
ASP.NET and Visual StudioCVE-2023-35391ASP.NET Core SignalR and Visual Studio Information Disclosure VulnerabilityImportant
Azure ArcCVE-2023-38176Azure Arc-Enabled Servers Elevation of Privilege VulnerabilityImportant
Azure DevOpsCVE-2023-36869Azure DevOps Server Spoofing VulnerabilityImportant
Azure HDInsightsCVE-2023-38188Azure Apache Hadoop Spoofing VulnerabilityImportant
Azure HDInsightsCVE-2023-35393Azure Apache Hive Spoofing VulnerabilityImportant
Azure HDInsightsCVE-2023-35394Azure HDInsight Jupyter Notebook Spoofing VulnerabilityImportant
Azure HDInsightsCVE-2023-36881Azure Apache Ambari Spoofing VulnerabilityImportant
Azure HDInsightsCVE-2023-36877Azure Apache Oozie Spoofing VulnerabilityImportant
Dynamics Business Central ControlCVE-2023-38167Microsoft Dynamics Business Central Elevation Of Privilege VulnerabilityImportant
MarinerCVE-2023-35945UnknownUnknown
Memory Integrity System Readiness Scan ToolADV230004Memory Integrity System Readiness Scan Tool Defense in Depth UpdateModerate
Microsoft DynamicsCVE-2023-35389Microsoft Dynamics 365 On-Premises Remote Code Execution VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2023-38157Microsoft Edge (Chromium-based) Security Feature Bypass VulnerabilityModerate
Microsoft Edge (Chromium-based)CVE-2023-4068Chromium: CVE-2023-4068 Type Confusion in V8Unknown
Microsoft Edge (Chromium-based)CVE-2023-4072Chromium: CVE-2023-4072 Out of bounds read and write in WebGLUnknown
Microsoft Edge (Chromium-based)CVE-2023-4071Chromium: CVE-2023-4071 Heap buffer overflow in VisualsUnknown
Microsoft Edge (Chromium-based)CVE-2023-4073Chromium: CVE-2023-4073 Out of bounds memory access in ANGLEUnknown
Microsoft Edge (Chromium-based)CVE-2023-4075Chromium: CVE-2023-4075 Use after free in CastUnknown
Microsoft Edge (Chromium-based)CVE-2023-4074Chromium: CVE-2023-4074 Use after free in Blink Task SchedulingUnknown
Microsoft Edge (Chromium-based)CVE-2023-4076Chromium: CVE-2023-4076 Use after free in WebRTCUnknown
Microsoft Edge (Chromium-based)CVE-2023-4077Chromium: CVE-2023-4077 Insufficient data validation in ExtensionsUnknown
Microsoft Edge (Chromium-based)CVE-2023-4078Chromium: CVE-2023-4078 Inappropriate implementation in ExtensionsUnknown
Microsoft Edge (Chromium-based)CVE-2023-4070Chromium: CVE-2023-4070 Type Confusion in V8Unknown
Microsoft Edge (Chromium-based)CVE-2023-4069Chromium: CVE-2023-4069 Type Confusion in V8Unknown
Microsoft Exchange ServerCVE-2023-38185Microsoft Exchange Server Remote Code Execution VulnerabilityImportant
Microsoft Exchange ServerCVE-2023-35388Microsoft Exchange Server Remote Code Execution VulnerabilityImportant
Microsoft Exchange ServerCVE-2023-35368Microsoft Exchange Remote Code Execution VulnerabilityImportant
Microsoft Exchange ServerCVE-2023-38181Microsoft Exchange Server Spoofing VulnerabilityImportant
Microsoft Exchange ServerCVE-2023-38182Microsoft Exchange Server Remote Code Execution VulnerabilityImportant
Microsoft Exchange ServerCVE-2023-21709Microsoft Exchange Server Elevation of Privilege VulnerabilityImportant
Microsoft OfficeADV230003Microsoft Office Defense in Depth UpdateModerate
Microsoft OfficeCVE-2023-36897Visual Studio Tools for Office Runtime Spoofing VulnerabilityImportant
Microsoft Office ExcelCVE-2023-36896Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2023-35371Microsoft Office Remote Code Execution VulnerabilityImportant
Microsoft Office OutlookCVE-2023-36893Microsoft Outlook Spoofing VulnerabilityImportant
Microsoft Office OutlookCVE-2023-36895Microsoft Outlook Remote Code Execution VulnerabilityCritical
Microsoft Office SharePointCVE-2023-36891Microsoft SharePoint Server Spoofing VulnerabilityImportant
Microsoft Office SharePointCVE-2023-36894Microsoft SharePoint Server Information Disclosure VulnerabilityImportant
Microsoft Office SharePointCVE-2023-36890Microsoft SharePoint Server Information Disclosure VulnerabilityImportant
Microsoft Office SharePointCVE-2023-36892Microsoft SharePoint Server Spoofing VulnerabilityImportant
Microsoft Office VisioCVE-2023-35372Microsoft Office Visio Remote Code Execution VulnerabilityImportant
Microsoft Office VisioCVE-2023-36865Microsoft Office Visio Remote Code Execution VulnerabilityImportant
Microsoft Office VisioCVE-2023-36866Microsoft Office Visio Remote Code Execution VulnerabilityImportant
Microsoft TeamsCVE-2023-29328Microsoft Teams Remote Code Execution VulnerabilityCritical
Microsoft TeamsCVE-2023-29330Microsoft Teams Remote Code Execution VulnerabilityCritical
Microsoft WDAC OLE DB provider for SQLCVE-2023-36882Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution VulnerabilityImportant
Microsoft WindowsCVE-2023-20569AMD: CVE-2023-20569 Return Address PredictorImportant
Microsoft Windows Codecs LibraryCVE-2023-38170HEVC Video Extensions Remote Code Execution VulnerabilityImportant
Reliability Analysis Metrics Calculation EngineCVE-2023-36876Reliability Analysis Metrics Calculation (RacTask) Elevation of Privilege VulnerabilityImportant
Role: Windows Hyper-VCVE-2023-36908Windows Hyper-V Information Disclosure VulnerabilityImportant
SQL ServerCVE-2023-38169Microsoft OLE DB Remote Code Execution VulnerabilityImportant
Tablet Windows User InterfaceCVE-2023-36898Tablet Windows User Interface Application Core Remote Code Execution VulnerabilityImportant
Windows Bluetooth A2DP driverCVE-2023-35387Windows Bluetooth A2DP driver Elevation of Privilege VulnerabilityImportant
Windows Cloud Files Mini Filter DriverCVE-2023-36904Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityImportant
Windows Common Log File System DriverCVE-2023-36900Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
Windows Cryptographic ServicesCVE-2023-36907Windows Cryptographic Services Information Disclosure VulnerabilityImportant
Windows Cryptographic ServicesCVE-2023-36906Windows Cryptographic Services Information Disclosure VulnerabilityImportant
Windows DefenderCVE-2023-38175Microsoft Windows Defender Elevation of Privilege VulnerabilityImportant
Windows Fax and Scan ServiceCVE-2023-35381Windows Fax Service Remote Code Execution VulnerabilityImportant
Windows Group PolicyCVE-2023-36889Windows Group Policy Security Feature Bypass VulnerabilityImportant
Windows HTML PlatformCVE-2023-35384Windows HTML Platforms Security Feature Bypass VulnerabilityImportant
Windows KernelCVE-2023-35359Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2023-38154Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2023-35382Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2023-35386Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2023-35380Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows LDAP – Lightweight Directory Access ProtocolCVE-2023-38184Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution VulnerabilityImportant
Windows Message QueuingCVE-2023-36909Microsoft Message Queuing Denial of Service VulnerabilityImportant
Windows Message QueuingCVE-2023-35376Microsoft Message Queuing Denial of Service VulnerabilityImportant
Windows Message QueuingCVE-2023-38172Microsoft Message Queuing Denial of Service VulnerabilityImportant
Windows Message QueuingCVE-2023-35385Microsoft Message Queuing Remote Code Execution VulnerabilityCritical
Windows Message QueuingCVE-2023-35383Microsoft Message Queuing Information Disclosure VulnerabilityImportant
Windows Message QueuingCVE-2023-36913Microsoft Message Queuing Information Disclosure VulnerabilityImportant
Windows Message QueuingCVE-2023-35377Microsoft Message Queuing Denial of Service VulnerabilityImportant
Windows Message QueuingCVE-2023-38254Microsoft Message Queuing Denial of Service VulnerabilityImportant
Windows Message QueuingCVE-2023-36911Microsoft Message Queuing Remote Code Execution VulnerabilityCritical
Windows Message QueuingCVE-2023-36910Microsoft Message Queuing Remote Code Execution VulnerabilityCritical
Windows Message QueuingCVE-2023-36912Microsoft Message Queuing Denial of Service VulnerabilityImportant
Windows Mobile Device ManagementCVE-2023-38186Windows Mobile Device Management Elevation of Privilege VulnerabilityImportant
Windows Projected File SystemCVE-2023-35378Windows Projected File System Elevation of Privilege VulnerabilityImportant
Windows Reliability Analysis Metrics Calculation EngineCVE-2023-35379Reliability Analysis Metrics Calculation Engine (RACEng) Elevation of Privilege VulnerabilityImportant
Windows Smart CardCVE-2023-36914Windows Smart Card Resource Management Server Security Feature Bypass VulnerabilityImportant
Windows System Assessment ToolCVE-2023-36903Windows System Assessment Tool Elevation of Privilege VulnerabilityImportant
Windows Wireless Wide Area Network ServiceCVE-2023-36905Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure VulnerabilityImportant

Kaynak: bleepingcomputer.com

İlgili Makaleler

Bir yanıt yazın

E-posta adresiniz yayınlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir

Başa dön tuşu