Microsoft bu ay yayınladığı Patch Tuesday güncellemeleri ile 1 adet zero-day güvenlik açığı ve toplam 34 zafiyeti kapattı.
Bu ay yayınlanan güncellemerle 34 güvenlik açığından 3 tanesi kritik olarak listelendi ve 8 RCE zafiyeti kapatıldı.
Kapatılan zafiyetler aşağıdaki gibidir
- 10 Elevation of Privilege Vulnerabilities
- 8 Remote Code Execution Vulnerabilities
- 6 Information Disclosure Vulnerabilities
- 5 Denial of Service Vulnerabilities
- 5 Spoofing Vulnerabilities
Aktif olarak kullanılan zero-day
- CVE-2023-20588 – AMD: CVE-2023-20588 AMD Speculative Leak
Aralık 2023 Patch Tuesday Güvenlik Güncellemelerinin Tam Listesi
Tag | CVE ID | CVE Title | Severity |
---|---|---|---|
Azure Connected Machine Agent | CVE-2023-35624 | Azure Connected Machine Agent Elevation of Privilege Vulnerability | Important |
Azure Machine Learning | CVE-2023-35625 | Azure Machine Learning Compute Instance for SDK Users Information Disclosure Vulnerability | Important |
Chipsets | CVE-2023-20588 | AMD: CVE-2023-20588 AMD Speculative Leaks Security Notice | Important |
Microsoft Bluetooth Driver | CVE-2023-35634 | Windows Bluetooth Driver Remote Code Execution Vulnerability | Important |
Microsoft Dynamics | CVE-2023-35621 | Microsoft Dynamics 365 Finance and Operations Denial of Service Vulnerability | Important |
Microsoft Dynamics | CVE-2023-36020 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important |
Microsoft Edge (Chromium-based) | CVE-2023-35618 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | Moderate |
Microsoft Edge (Chromium-based) | CVE-2023-36880 | Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | Low |
Microsoft Edge (Chromium-based) | CVE-2023-38174 | Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | Low |
Microsoft Edge (Chromium-based) | CVE-2023-6509 | Chromium: CVE-2023-6509 Use after free in Side Panel Search | Unknown |
Microsoft Edge (Chromium-based) | CVE-2023-6512 | Chromium: CVE-2023-6512 Inappropriate implementation in Web Browser UI | Unknown |
Microsoft Edge (Chromium-based) | CVE-2023-6508 | Chromium: CVE-2023-6508 Use after free in Media Stream | Unknown |
Microsoft Edge (Chromium-based) | CVE-2023-6511 | Chromium: CVE-2023-6511 Inappropriate implementation in Autofill | Unknown |
Microsoft Edge (Chromium-based) | CVE-2023-6510 | Chromium: CVE-2023-6510 Use after free in Media Capture | Unknown |
Microsoft Office Outlook | CVE-2023-35636 | Microsoft Outlook Information Disclosure Vulnerability | Important |
Microsoft Office Outlook | CVE-2023-35619 | Microsoft Outlook for Mac Spoofing Vulnerability | Important |
Microsoft Office Word | CVE-2023-36009 | Microsoft Word Information Disclosure Vulnerability | Important |
Microsoft Power Platform Connector | CVE-2023-36019 | Microsoft Power Platform Connector Spoofing Vulnerability | Critical |
Microsoft WDAC OLE DB provider for SQL | CVE-2023-36006 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
Microsoft Windows DNS | CVE-2023-35622 | Windows DNS Spoofing Vulnerability | Important |
Windows Cloud Files Mini Filter Driver | CVE-2023-36696 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | Important |
Windows Defender | CVE-2023-36010 | Microsoft Defender Denial of Service Vulnerability | Important |
Windows DHCP Server | CVE-2023-35643 | DHCP Server Service Information Disclosure Vulnerability | Important |
Windows DHCP Server | CVE-2023-35638 | DHCP Server Service Denial of Service Vulnerability | Important |
Windows DHCP Server | CVE-2023-36012 | DHCP Server Service Information Disclosure Vulnerability | Important |
Windows DPAPI (Data Protection Application Programming Interface) | CVE-2023-36004 | Windows DPAPI (Data Protection Application Programming Interface) Spoofing Vulnerability | Important |
Windows Internet Connection Sharing (ICS) | CVE-2023-35642 | Internet Connection Sharing (ICS) Denial of Service Vulnerability | Important |
Windows Internet Connection Sharing (ICS) | CVE-2023-35630 | Internet Connection Sharing (ICS) Remote Code Execution Vulnerability | Critical |
Windows Internet Connection Sharing (ICS) | CVE-2023-35632 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important |
Windows Internet Connection Sharing (ICS) | CVE-2023-35641 | Internet Connection Sharing (ICS) Remote Code Execution Vulnerability | Critical |
Windows Kernel | CVE-2023-35633 | Windows Kernel Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2023-35635 | Windows Kernel Denial of Service Vulnerability | Important |
Windows Kernel-Mode Drivers | CVE-2023-35644 | Windows Sysmain Service Elevation of Privilege | Important |
Windows Local Security Authority Subsystem Service (LSASS) | CVE-2023-36391 | Local Security Authority Subsystem Service Elevation of Privilege Vulnerability | Important |
Windows Media | CVE-2023-21740 | Windows Media Remote Code Execution Vulnerability | Important |
Windows MSHTML Platform | CVE-2023-35628 | Windows MSHTML Platform Remote Code Execution Vulnerability | Critical |
Windows ODBC Driver | CVE-2023-35639 | Microsoft ODBC Driver Remote Code Execution Vulnerability | Important |
Windows Telephony Server | CVE-2023-36005 | Windows Telephony Server Elevation of Privilege Vulnerability | Important |
Windows USB Mass Storage Class Driver | CVE-2023-35629 | Microsoft USBHUB 3.0 Device Driver Remote Code Execution Vulnerability | Important |
Windows Win32K | CVE-2023-36011 | Win32k Elevation of Privilege Vulnerability | Important |
Windows Win32K | CVE-2023-35631 | Win32k Elevation of Privilege Vulnerability | Important |
XAML Diagnostics | CVE-2023-36003 | XAML Diagnostics Elevation of Privilege Vulnerability | Important |