Microsoft bu ay yayınladığı Patch Tuesday güncellemeleri ile 2 adet zero-day güvenlik açığı ve toplam 84 zafiyeti kapattı.
Bu ay yayınlanan güncellemerde düzeltilen 84 güvenlik açığından 13’ü kritik olarak olarak sınıflandırıdı.
Kapatılan zafiyetler aşağıdaki gibidir:
- 39 Elevation of Privilege Vulnerabilities
- 2 Security Feature Bypass Vulnerabilities
- 20 Remote Code Execution Vulnerabilities
- 11 Information Disclosure Vulnerabilities
- 8 Denial of Service Vulnerabilities
- 4 Spoofing Vulnerabilities
İki zero-day kapatıldı, bir tanesi aktif olarak kullanıldı
Aktif olarak kullanıldığı belirtilen zero-day zafiyetlerinden biri olan “CVE-2022-41033 – Windows COM+ Event System Service Elevation of Privilege Vulnerability.” güvenlik açığı başarılı bir şekilde istismar edilirse, saldırganlar sistem üzerinde tam yetki kazanabiliyor. Diğeri ise “CVE-2022-41043 – Microsoft Office Information Disclosure Vulnerability” güvenlik açığı ve saldırganların bu güvenlik açığını kullanarak kullanıcıların kimlik doğrulama token’larına erişebiliyor.
Microsoft Exchange Zero-day zafiyet için yama yok!
Microsoft, CVE-2022-41040 ve CVE-2022-41082 olarak izlenen ve ProxyNotShell olarak da adlandırılan güvenlik zafiyeti için güncelleştirme yayımlamadı. Microsoft Exchange bülteninde “Ekim 2022 SU’ları yayınlandı ancak 29 Eylül 2022’de (CVE-2022-41040 ve CVE-2022-41082) bildirilen zero-day güvenlik açıkları için düzeltmeler içermiyor.
Microsoft güncellemelerin henüz hazır olmadığını ancak bu blog gönderisinedeki mitigate adımlarının uygulanmasını tavsiye ediyor.
Ekim 2022 Patch Tuesday Güvenlik Güncellemelerinin Tam Listesi
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| Active Directory Domain Services | CVE-2022-38042 | Active Directory Domain Services Elevation of Privilege Vulnerability | Important |
| Azure | CVE-2022-38017 | StorSimple 8000 Series Elevation of Privilege Vulnerability | Important |
| Azure Arc | CVE-2022-37968 | Azure Arc-enabled Kubernetes cluster Connect Elevation of Privilege Vulnerability | Critical |
| Client Server Run-time Subsystem (CSRSS) | CVE-2022-37987 | Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability | Important |
| Client Server Run-time Subsystem (CSRSS) | CVE-2022-37989 | Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2022-3311 | Chromium: CVE-2022-3311 Use after free in Import | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2022-3313 | Chromium: CVE-2022-3313 Incorrect security UI in Full Screen | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2022-3315 | Chromium: CVE-2022-3315 Type confusion in Blink | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2022-3370 | Chromium: CVE-2022-3370 Use after free in Custom Elements | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2022-3373 | Chromium: CVE-2022-3373 Out of bounds write in V8 | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2022-3316 | Chromium: CVE-2022-3316 Insufficient validation of untrusted input in Safe Browsing | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2022-3317 | Chromium: CVE-2022-3317 Insufficient validation of untrusted input in Intents | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2022-3310 | Chromium: CVE-2022-3310 Insufficient policy enforcement in Custom Tabs | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2022-3304 | Chromium: CVE-2022-3304 Use after free in CSS | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2022-41035 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | Moderate |
| Microsoft Edge (Chromium-based) | CVE-2022-3308 | Chromium: CVE-2022-3308 Insufficient policy enforcement in Developer Tools | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2022-3307 | Chromium: CVE-2022-3307 Use after free in Media | Unknown |
| Microsoft Graphics Component | CVE-2022-37986 | Windows Win32k Elevation of Privilege Vulnerability | Important |
| Microsoft Graphics Component | CVE-2022-38051 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
| Microsoft Graphics Component | CVE-2022-37997 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
| Microsoft Graphics Component | CVE-2022-37985 | Windows Graphics Component Information Disclosure Vulnerability | Important |
| Microsoft Graphics Component | CVE-2022-33635 | Windows GDI+ Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2022-38001 | Microsoft Office Spoofing Vulnerability | Important |
| Microsoft Office | CVE-2022-38048 | Microsoft Office Remote Code Execution Vulnerability | Critical |
| Microsoft Office | CVE-2022-41043 | Microsoft Office Information Disclosure Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2022-38053 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2022-41036 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2022-41038 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Critical |
| Microsoft Office SharePoint | CVE-2022-41037 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
| Microsoft Office Word | CVE-2022-41031 | Microsoft Word Remote Code Execution Vulnerability | Important |
| Microsoft Office Word | CVE-2022-38049 | Microsoft Office Graphics Remote Code Execution Vulnerability | Important |
| Microsoft WDAC OLE DB provider for SQL | CVE-2022-37982 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
| Microsoft WDAC OLE DB provider for SQL | CVE-2022-38031 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
| NuGet Client | CVE-2022-41032 | NuGet Client Elevation of Privilege Vulnerability | Important |
| Remote Access Service Point-to-Point Tunneling Protocol | CVE-2022-37965 | Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability | Important |
| Role: Windows Hyper-V | CVE-2022-37979 | Windows Hyper-V Elevation of Privilege Vulnerability | Critical |
| Service Fabric | CVE-2022-35829 | Service Fabric Explorer Spoofing Vulnerability | Important |
| Visual Studio Code | CVE-2022-41042 | Visual Studio Code Information Disclosure Vulnerability | Important |
| Visual Studio Code | CVE-2022-41034 | Visual Studio Code Remote Code Execution Vulnerability | Important |
| Visual Studio Code | CVE-2022-41083 | Visual Studio Code Elevation of Privilege Vulnerability | Important |
| Windows Active Directory Certificate Services | CVE-2022-37978 | Windows Active Directory Certificate Services Security Feature Bypass | Important |
| Windows Active Directory Certificate Services | CVE-2022-37976 | Active Directory Certificate Services Elevation of Privilege Vulnerability | Critical |
| Windows ALPC | CVE-2022-38029 | Windows ALPC Elevation of Privilege Vulnerability | Important |
| Windows CD-ROM Driver | CVE-2022-38044 | Windows CD-ROM File System Driver Remote Code Execution Vulnerability | Important |
| Windows COM+ Event System Service | CVE-2022-41033 | Windows COM+ Event System Service Elevation of Privilege Vulnerability | Important |
| Windows Connected User Experiences and Telemetry | CVE-2022-38021 | Connected User Experiences and Telemetry Elevation of Privilege Vulnerability | Important |
| Windows CryptoAPI | CVE-2022-34689 | Windows CryptoAPI Spoofing Vulnerability | Critical |
| Windows Defender | CVE-2022-37971 | Microsoft Windows Defender Elevation of Privilege Vulnerability | Important |
| Windows DHCP Client | CVE-2022-38026 | Windows DHCP Client Information Disclosure Vulnerability | Important |
| Windows DHCP Client | CVE-2022-37980 | Windows DHCP Client Elevation of Privilege Vulnerability | Important |
| Windows Distributed File System (DFS) | CVE-2022-38025 | Windows Distributed File System (DFS) Information Disclosure Vulnerability | Important |
| Windows DWM Core Library | CVE-2022-37970 | Windows DWM Core Library Elevation of Privilege Vulnerability | Important |
| Windows DWM Core Library | CVE-2022-37983 | Microsoft DWM Core Library Elevation of Privilege Vulnerability | Important |
| Windows Event Logging Service | CVE-2022-37981 | Windows Event Logging Service Denial of Service Vulnerability | Important |
| Windows Group Policy | CVE-2022-37975 | Windows Group Policy Elevation of Privilege Vulnerability | Important |
| Windows Group Policy Preference Client | CVE-2022-37994 | Windows Group Policy Preference Client Elevation of Privilege Vulnerability | Important |
| Windows Group Policy Preference Client | CVE-2022-37993 | Windows Group Policy Preference Client Elevation of Privilege Vulnerability | Important |
| Windows Group Policy Preference Client | CVE-2022-37999 | Windows Group Policy Preference Client Elevation of Privilege Vulnerability | Important |
| Windows Internet Key Exchange (IKE) Protocol | CVE-2022-38036 | Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability | Important |
| Windows Kernel | CVE-2022-37988 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2022-38037 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2022-37990 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2022-38038 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2022-38039 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2022-37995 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2022-37991 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2022-38022 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Local Security Authority (LSA) | CVE-2022-38016 | Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability | Important |
| Windows Local Security Authority Subsystem Service (LSASS) | CVE-2022-37977 | Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability | Important |
| Windows Local Session Manager (LSM) | CVE-2022-37973 | Windows Local Session Manager (LSM) Denial of Service Vulnerability | Important |
| Windows Local Session Manager (LSM) | CVE-2022-37998 | Windows Local Session Manager (LSM) Denial of Service Vulnerability | Important |
| Windows NTFS | CVE-2022-37996 | Windows Kernel Memory Information Disclosure Vulnerability | Important |
| Windows NTLM | CVE-2022-35770 | Windows NTLM Spoofing Vulnerability | Important |
| Windows ODBC Driver | CVE-2022-38040 | Microsoft ODBC Driver Remote Code Execution Vulnerability | Important |
| Windows Perception Simulation Service | CVE-2022-37974 | Windows Mixed Reality Developer Tools Information Disclosure Vulnerability | Important |
| Windows Point-to-Point Tunneling Protocol | CVE-2022-33634 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | Critical |
| Windows Point-to-Point Tunneling Protocol | CVE-2022-22035 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | Critical |
| Windows Point-to-Point Tunneling Protocol | CVE-2022-24504 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | Critical |
| Windows Point-to-Point Tunneling Protocol | CVE-2022-38047 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | Critical |
| Windows Point-to-Point Tunneling Protocol | CVE-2022-41081 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | Critical |
| Windows Point-to-Point Tunneling Protocol | CVE-2022-30198 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | Critical |
| Windows Point-to-Point Tunneling Protocol | CVE-2022-38000 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | Critical |
| Windows Portable Device Enumerator Service | CVE-2022-38032 | Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability | Important |
| Windows Print Spooler Components | CVE-2022-38028 | Windows Print Spooler Elevation of Privilege Vulnerability | Important |
| Windows Resilient File System (ReFS) | CVE-2022-38003 | Windows Resilient File System Elevation of Privilege | Important |
| Windows Secure Channel | CVE-2022-38041 | Windows Secure Channel Denial of Service Vulnerability | Important |
| Windows Security Support Provider Interface | CVE-2022-38043 | Windows Security Support Provider Interface Information Disclosure Vulnerability | Important |
| Windows Server Remotely Accessible Registry Keys | CVE-2022-38033 | Windows Server Remotely Accessible Registry Keys Information Disclosure Vulnerability | Important |
| Windows Server Service | CVE-2022-38045 | Server Service Remote Protocol Elevation of Privilege Vulnerability | Important |
| Windows Storage | CVE-2022-38027 | Windows Storage Elevation of Privilege Vulnerability | Important |
| Windows TCP/IP | CVE-2022-33645 | Windows TCP/IP Driver Denial of Service Vulnerability | Important |
| Windows USB Serial Driver | CVE-2022-38030 | Windows USB Serial Driver Information Disclosure Vulnerability | Important |
| Windows Web Account Manager | CVE-2022-38046 | Web Account Manager Information Disclosure Vulnerability | Important |
| Windows Win32K | CVE-2022-38050 | Win32k Elevation of Privilege Vulnerability | Important |
| Windows WLAN Service | CVE-2022-37984 | Windows WLAN Service Elevation of Privilege Vulnerability | Important |
| Windows Workstation Service | CVE-2022-38034 | Windows Workstation Service Elevation of Privilege Vulnerability | Important |
Kaynak: bleepingcomputer.com
