Microsoft bu ay yayınladığı Patch Tuesday güncellemeleri ile 9 adet Zero-Day ve toplam 89 zafiyeti kapattı.
Kapatılan zafiyetler aşağıdaki gibi:
- 36 Elevation of Privilege Vulnerabilities
- 4 Security Feature Bypass Vulnerabilities
- 28 Remote Code Execution Vulnerabilities
- 8 Information Disclosure Vulnerabilities
- 6 Denial of Service Vulnerabilities
- 7 Spoofing Vulnerabilities
9 Adet Zero-Day Kapatıldı
CVE-2024-38178 – Scripting Engine Memory Corruption Vulnerability
CVE-2024-38193 – Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2024-38213 – Windows Mark of the Web Security Feature Bypass Vulnerability
CVE-2024-38106 – Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-38107 – Windows Power Dependency Coordinator Elevation of Privilege Vulnerability
CVE-2024-38189 – Microsoft Project Remote Code Execution Vulnerability
CVE-2024-38199 – Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability
CVE-2024-38200 – Microsoft Office Spoofing Vulnerability
CVE-2024-38202 – Windows Update Stack Elevation of Privilege Vulnerability
Ağustos 2024 Patch Tuesday Güvenlik Güncellemelerinin Tam Listesi
Tag | CVE ID | CVE Title | Severity |
---|---|---|---|
.NET and Visual Studio | CVE-2024-38168 | .NET and Visual Studio Denial of Service Vulnerability | Important |
.NET and Visual Studio | CVE-2024-38167 | .NET and Visual Studio Information Disclosure Vulnerability | Important |
Azure Connected Machine Agent | CVE-2024-38162 | Azure Connected Machine Agent Elevation of Privilege Vulnerability | Important |
Azure Connected Machine Agent | CVE-2024-38098 | Azure Connected Machine Agent Elevation of Privilege Vulnerability | Important |
Azure CycleCloud | CVE-2024-38195 | Azure CycleCloud Remote Code Execution Vulnerability | Important |
Azure Health Bot | CVE-2024-38109 | Azure Health Bot Elevation of Privilege Vulnerability | Critical |
Azure IoT SDK | CVE-2024-38158 | Azure IoT SDK Remote Code Execution Vulnerability | Important |
Azure IoT SDK | CVE-2024-38157 | Azure IoT SDK Remote Code Execution Vulnerability | Important |
Azure Stack | CVE-2024-38108 | Azure Stack Hub Spoofing Vulnerability | Important |
Azure Stack | CVE-2024-38201 | Azure Stack Hub Elevation of Privilege Vulnerability | Important |
Line Printer Daemon Service (LPD) | CVE-2024-38199 | Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability | Important |
Microsoft Bluetooth Driver | CVE-2024-38123 | Windows Bluetooth Driver Information Disclosure Vulnerability | Important |
Microsoft Copilot Studio | CVE-2024-38206 | Microsoft Copilot Studio Information Disclosure Vulnerability | Critical |
Microsoft Dynamics | CVE-2024-38166 | Microsoft Dynamics 365 Cross-site Scripting Vulnerability | Critical |
Microsoft Dynamics | CVE-2024-38211 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important |
Microsoft Edge (Chromium-based) | CVE-2024-7256 | Chromium: CVE-2024-7256 Insufficient data validation in Dawn | Unknown |
Microsoft Edge (Chromium-based) | CVE-2024-7536 | Chromium: CVE-2024-7550 Type Confusion in V8 | Unknown |
Microsoft Edge (Chromium-based) | CVE-2024-6990 | Chromium: CVE-2024-6990 Uninitialized Use in Dawn | Unknown |
Microsoft Edge (Chromium-based) | CVE-2024-7255 | Chromium: CVE-2024-7255 Out of bounds read in WebTransport | Unknown |
Microsoft Edge (Chromium-based) | CVE-2024-7534 | Chromium: CVE-2024-7535 Inappropriate implementation in V8 | Unknown |
Microsoft Edge (Chromium-based) | CVE-2024-7532 | Chromium: CVE-2024-7533 Use after free in Sharing | Unknown |
Microsoft Edge (Chromium-based) | CVE-2024-7550 | Chromium: CVE-2024-7532 Out of bounds memory access in ANGLE | Unknown |
Microsoft Edge (Chromium-based) | CVE-2024-7535 | Chromium: CVE-2024-7536 Use after free in WebAudio | Unknown |
Microsoft Edge (Chromium-based) | CVE-2024-7533 | Chromium: CVE-2024-7534 Heap buffer overflow in Layout | Unknown |
Microsoft Edge (Chromium-based) | CVE-2024-38218 | Microsoft Edge (HTML-based) Memory Corruption Vulnerability | Important |
Microsoft Edge (Chromium-based) | CVE-2024-38219 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | Moderate |
Microsoft Edge (Chromium-based) | CVE-2024-38222 | Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | Unknown |
Microsoft Local Security Authority Server (lsasrv) | CVE-2024-38118 | Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability | Important |
Microsoft Local Security Authority Server (lsasrv) | CVE-2024-38122 | Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability | Important |
Microsoft Office | CVE-2024-38200 | Microsoft Office Spoofing Vulnerability | Important |
Microsoft Office | CVE-2024-38084 | Microsoft OfficePlus Elevation of Privilege Vulnerability | Important |
Microsoft Office Excel | CVE-2024-38172 | Microsoft Excel Remote Code Execution Vulnerability | Important |
Microsoft Office Excel | CVE-2024-38170 | Microsoft Excel Remote Code Execution Vulnerability | Important |
Microsoft Office Outlook | CVE-2024-38173 | Microsoft Outlook Remote Code Execution Vulnerability | Important |
Microsoft Office PowerPoint | CVE-2024-38171 | Microsoft PowerPoint Remote Code Execution Vulnerability | Important |
Microsoft Office Project | CVE-2024-38189 | Microsoft Project Remote Code Execution Vulnerability | Important |
Microsoft Office Visio | CVE-2024-38169 | Microsoft Office Visio Remote Code Execution Vulnerability | Important |
Microsoft Streaming Service | CVE-2024-38134 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | Important |
Microsoft Streaming Service | CVE-2024-38144 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | Important |
Microsoft Streaming Service | CVE-2024-38125 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | Important |
Microsoft Teams | CVE-2024-38197 | Microsoft Teams for iOS Spoofing Vulnerability | Important |
Microsoft WDAC OLE DB provider for SQL | CVE-2024-38152 | Windows OLE Remote Code Execution Vulnerability | Important |
Microsoft Windows DNS | CVE-2024-37968 | Windows DNS Spoofing Vulnerability | Important |
Reliable Multicast Transport Driver (RMCAST) | CVE-2024-38140 | Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability | Critical |
Windows Ancillary Function Driver for WinSock | CVE-2024-38141 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important |
Windows Ancillary Function Driver for WinSock | CVE-2024-38193 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important |
Windows App Installer | CVE-2024-38177 | Windows App Installer Spoofing Vulnerability | Important |
Windows Clipboard Virtual Channel Extension | CVE-2024-38131 | Clipboard Virtual Channel Extension Remote Code Execution Vulnerability | Important |
Windows Cloud Files Mini Filter Driver | CVE-2024-38215 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | Important |
Windows Common Log File System Driver | CVE-2024-38196 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important |
Windows Compressed Folder | CVE-2024-38165 | Windows Compressed Folder Tampering Vulnerability | Important |
Windows Deployment Services | CVE-2024-38138 | Windows Deployment Services Remote Code Execution Vulnerability | Important |
Windows DWM Core Library | CVE-2024-38150 | Windows DWM Core Library Elevation of Privilege Vulnerability | Important |
Windows DWM Core Library | CVE-2024-38147 | Microsoft DWM Core Library Elevation of Privilege Vulnerability | Important |
Windows Initial Machine Configuration | CVE-2024-38223 | Windows Initial Machine Configuration Elevation of Privilege Vulnerability | Important |
Windows IP Routing Management Snapin | CVE-2024-38114 | Windows IP Routing Management Snapin Remote Code Execution Vulnerability | Important |
Windows IP Routing Management Snapin | CVE-2024-38116 | Windows IP Routing Management Snapin Remote Code Execution Vulnerability | Important |
Windows IP Routing Management Snapin | CVE-2024-38115 | Windows IP Routing Management Snapin Remote Code Execution Vulnerability | Important |
Windows Kerberos | CVE-2024-29995 | Windows Kerberos Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2024-38151 | Windows Kernel Information Disclosure Vulnerability | Important |
Windows Kernel | CVE-2024-38133 | Windows Kernel Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2024-38127 | Windows Hyper-V Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2024-38153 | Windows Kernel Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2024-38106 | Windows Kernel Elevation of Privilege Vulnerability | Important |
Windows Kernel-Mode Drivers | CVE-2024-38187 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | Important |
Windows Kernel-Mode Drivers | CVE-2024-38191 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability | Important |
Windows Kernel-Mode Drivers | CVE-2024-38184 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | Important |
Windows Kernel-Mode Drivers | CVE-2024-38186 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | Important |
Windows Kernel-Mode Drivers | CVE-2024-38185 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | Important |
Windows Layer-2 Bridge Network Driver | CVE-2024-38146 | Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability | Important |
Windows Layer-2 Bridge Network Driver | CVE-2024-38145 | Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability | Important |
Windows Mark of the Web (MOTW) | CVE-2024-38213 | Windows Mark of the Web Security Feature Bypass Vulnerability | Moderate |
Windows Mobile Broadband | CVE-2024-38161 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important |
Windows Network Address Translation (NAT) | CVE-2024-38132 | Windows Network Address Translation (NAT) Denial of Service Vulnerability | Important |
Windows Network Address Translation (NAT) | CVE-2024-38126 | Windows Network Address Translation (NAT) Denial of Service Vulnerability | Important |
Windows Network Virtualization | CVE-2024-38160 | Windows Network Virtualization Remote Code Execution Vulnerability | Critical |
Windows Network Virtualization | CVE-2024-38159 | Windows Network Virtualization Remote Code Execution Vulnerability | Critical |
Windows NT OS Kernel | CVE-2024-38135 | Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability | Important |
Windows NTFS | CVE-2024-38117 | NTFS Elevation of Privilege Vulnerability | Important |
Windows Power Dependency Coordinator | CVE-2024-38107 | Windows Power Dependency Coordinator Elevation of Privilege Vulnerability | Important |
Windows Print Spooler Components | CVE-2024-38198 | Windows Print Spooler Elevation of Privilege Vulnerability | Important |
Windows Resource Manager | CVE-2024-38137 | Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability | Important |
Windows Resource Manager | CVE-2024-38136 | Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability | Important |
Windows Routing and Remote Access Service (RRAS) | CVE-2024-38130 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
Windows Routing and Remote Access Service (RRAS) | CVE-2024-38128 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
Windows Routing and Remote Access Service (RRAS) | CVE-2024-38154 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
Windows Routing and Remote Access Service (RRAS) | CVE-2024-38121 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
Windows Routing and Remote Access Service (RRAS) | CVE-2024-38214 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | Important |
Windows Routing and Remote Access Service (RRAS) | CVE-2024-38120 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
Windows Scripting | CVE-2024-38178 | Scripting Engine Memory Corruption Vulnerability | Important |
Windows Secure Boot | CVE-2022-3775 | Redhat: CVE-2022-3775 grub2 – Heap based out-of-bounds write when rendering certain Unicode sequences | Critical |
Windows Secure Boot | CVE-2023-40547 | Redhat: CVE-2023-40547 Shim – RCE in HTTP boot support may lead to secure boot bypass | Critical |
Windows Secure Boot | CVE-2022-2601 | Redhat: CVE-2022-2601 grub2 – Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass | Important |
Windows Secure Kernel Mode | CVE-2024-21302 | Windows Secure Kernel Mode Elevation of Privilege Vulnerability | Important |
Windows Secure Kernel Mode | CVE-2024-38142 | Windows Secure Kernel Mode Elevation of Privilege Vulnerability | Important |
Windows Security Center | CVE-2024-38155 | Security Center Broker Information Disclosure Vulnerability | Important |
Windows SmartScreen | CVE-2024-38180 | Windows SmartScreen Security Feature Bypass Vulnerability | Important |
Windows TCP/IP | CVE-2024-38063 | Windows TCP/IP Remote Code Execution Vulnerability | Critical |
Windows Transport Security Layer (TLS) | CVE-2024-38148 | Windows Secure Channel Denial of Service Vulnerability | Important |
Windows Update Stack | CVE-2024-38202 | Windows Update Stack Elevation of Privilege Vulnerability | Important |
Windows Update Stack | CVE-2024-38163 | Windows Update Stack Elevation of Privilege Vulnerability | Important |
Windows WLAN Auto Config Service | CVE-2024-38143 | Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability | Important |