Microsoft bu ay yayınladığı Patch Tuesday güncellemeleri ile 4 adet zero-day güvenlik açığı ve toplam 104 zafiyeti kapattı.
Bu ay yayınlanan güncellemerde düzeltilen 104 güvenlik açığından 2’si kritik olarak olarak sınıflandırıdı ve 45 RCE zafiyeti kapatıldı.
Kapatılan zafiyetler aşağıdaki gibidir:
- 26 Elevation of Privilege Vulnerabilities
- 3 Security Feature Bypass Vulnerabilities
- 45 Remote Code Execution Vulnerabilities
- 12 Information Disclosure Vulnerabilities
- 17 Denial of Service Vulnerabilities
- 1 Spoofing Vulnerabilities
Aktif olarak kullanılan üç zero-day kapatıldı
CVE-2023-41763 – Skype for Business Elevation of Privilege Vulnerability
CVE-2023-36563 – Microsoft WordPad Information Disclosure Vulnerability
CVE-2023-44487 – HTTP/2 Rapid Reset Attack
Ekim 2023 Patch Tuesday Güvenlik Güncellemelerinin Tam Listesi
Tag | CVE ID | CVE Title | Severity |
---|---|---|---|
Active Directory Domain Services | CVE-2023-36722 | Active Directory Domain Services Information Disclosure Vulnerability | Important |
Azure | CVE-2023-36737 | Azure Network Watcher VM Agent Elevation of Privilege Vulnerability | Important |
Azure | CVE-2023-36419 | Azure HDInsight Apache Oozie Workflow Scheduler Elevation of Privilege Vulnerability | Important |
Azure DevOps | CVE-2023-36561 | Azure DevOps Server Elevation of Privilege Vulnerability | Important |
Azure Real Time Operating System | CVE-2023-36418 | Azure RTOS GUIX Studio Remote Code Execution Vulnerability | Important |
Azure SDK | CVE-2023-36414 | Azure Identity SDK Remote Code Execution Vulnerability | Important |
Azure SDK | CVE-2023-36415 | Azure Identity SDK Remote Code Execution Vulnerability | Important |
Client Server Run-time Subsystem (CSRSS) | CVE-2023-41766 | Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability | Important |
HTTP/2 | CVE-2023-44487 | MITRE: CVE-2023-44487 HTTP/2 Rapid Reset Attack | Important |
Microsoft Common Data Model SDK | CVE-2023-36566 | Microsoft Common Data Model SDK Denial of Service Vulnerability | Important |
Microsoft Dynamics | CVE-2023-36429 | Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability | Important |
Microsoft Dynamics | CVE-2023-36416 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important |
Microsoft Dynamics | CVE-2023-36433 | Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability | Important |
Microsoft Edge (Chromium-based) | CVE-2023-5346 | Chromium: CVE-2023-5346 Type Confusion in V8 | Unknown |
Microsoft Exchange Server | CVE-2023-36778 | Microsoft Exchange Server Remote Code Execution Vulnerability | Important |
Microsoft Graphics Component | CVE-2023-36594 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
Microsoft Graphics Component | CVE-2023-38159 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
Microsoft Office | CVE-2023-36565 | Microsoft Office Graphics Elevation of Privilege Vulnerability | Important |
Microsoft Office | CVE-2023-36569 | Microsoft Office Elevation of Privilege Vulnerability | Important |
Microsoft Office | CVE-2023-36568 | Microsoft Office Click-To-Run Elevation of Privilege Vulnerability | Important |
Microsoft QUIC | CVE-2023-38171 | Microsoft QUIC Denial of Service Vulnerability | Important |
Microsoft QUIC | CVE-2023-36435 | Microsoft QUIC Denial of Service Vulnerability | Important |
Microsoft WDAC OLE DB provider for SQL | CVE-2023-36577 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
Microsoft Windows Media Foundation | CVE-2023-36710 | Windows Media Foundation Core Remote Code Execution Vulnerability | Important |
Microsoft Windows Search Component | CVE-2023-36564 | Windows Search Security Feature Bypass Vulnerability | Important |
Microsoft WordPad | CVE-2023-36563 | Microsoft WordPad Information Disclosure Vulnerability | Important |
Skype for Business | CVE-2023-36786 | Skype for Business Remote Code Execution Vulnerability | Important |
Skype for Business | CVE-2023-36780 | Skype for Business Remote Code Execution Vulnerability | Important |
Skype for Business | CVE-2023-36789 | Skype for Business Remote Code Execution Vulnerability | Important |
Skype for Business | CVE-2023-41763 | Skype for Business Elevation of Privilege Vulnerability | Important |
SQL Server | CVE-2023-36728 | Microsoft SQL Server Denial of Service Vulnerability | Important |
SQL Server | CVE-2023-36417 | Microsoft SQL ODBC Driver Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2023-36785 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2023-36598 | Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2023-36730 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2023-36420 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | Important |
Windows Active Template Library | CVE-2023-36585 | Active Template Library Denial of Service Vulnerability | Important |
Windows AllJoyn API | CVE-2023-36709 | Microsoft AllJoyn API Denial of Service Vulnerability | Important |
Windows Client/Server Runtime Subsystem | CVE-2023-36902 | Windows Runtime Remote Code Execution Vulnerability | Important |
Windows Common Log File System Driver | CVE-2023-36713 | Windows Common Log File System Driver Information Disclosure Vulnerability | Important |
Windows Container Manager Service | CVE-2023-36723 | Windows Container Manager Service Elevation of Privilege Vulnerability | Important |
Windows Deployment Services | CVE-2023-36707 | Windows Deployment Services Denial of Service Vulnerability | Important |
Windows Deployment Services | CVE-2023-36567 | Windows Deployment Services Information Disclosure Vulnerability | Important |
Windows Deployment Services | CVE-2023-36706 | Windows Deployment Services Information Disclosure Vulnerability | Important |
Windows DHCP Server | CVE-2023-36703 | DHCP Server Service Denial of Service Vulnerability | Important |
Windows Error Reporting | CVE-2023-36721 | Windows Error Reporting Service Elevation of Privilege Vulnerability | Important |
Windows HTML Platform | CVE-2023-36436 | Windows MSHTML Platform Remote Code Execution Vulnerability | Important |
Windows HTML Platform | CVE-2023-36557 | PrintHTML API Remote Code Execution Vulnerability | Important |
Windows IIS | CVE-2023-36434 | Windows IIS Server Elevation of Privilege Vulnerability | Important |
Windows IKE Extension | CVE-2023-36726 | Windows Internet Key Exchange (IKE) Extension Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2023-36576 | Windows Kernel Information Disclosure Vulnerability | Important |
Windows Kernel | CVE-2023-36712 | Windows Kernel Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2023-36698 | Windows Kernel Security Feature Bypass Vulnerability | Important |
Windows Layer 2 Tunneling Protocol | CVE-2023-41770 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | Critical |
Windows Layer 2 Tunneling Protocol | CVE-2023-41765 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | Critical |
Windows Layer 2 Tunneling Protocol | CVE-2023-41767 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | Critical |
Windows Layer 2 Tunneling Protocol | CVE-2023-38166 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | Critical |
Windows Layer 2 Tunneling Protocol | CVE-2023-41774 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | Critical |
Windows Layer 2 Tunneling Protocol | CVE-2023-41773 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | Critical |
Windows Layer 2 Tunneling Protocol | CVE-2023-41771 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | Critical |
Windows Layer 2 Tunneling Protocol | CVE-2023-41769 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | Critical |
Windows Layer 2 Tunneling Protocol | CVE-2023-41768 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | Critical |
Windows Mark of the Web (MOTW) | CVE-2023-36584 | Windows Mark of the Web Security Feature Bypass Vulnerability | Important |
Windows Message Queuing | CVE-2023-36571 | Microsoft Message Queuing Remote Code Execution Vulnerability | Important |
Windows Message Queuing | CVE-2023-36570 | Microsoft Message Queuing Remote Code Execution Vulnerability | Important |
Windows Message Queuing | CVE-2023-36431 | Microsoft Message Queuing Denial of Service Vulnerability | Important |
Windows Message Queuing | CVE-2023-35349 | Microsoft Message Queuing Remote Code Execution Vulnerability | Critical |
Windows Message Queuing | CVE-2023-36591 | Microsoft Message Queuing Remote Code Execution Vulnerability | Important |
Windows Message Queuing | CVE-2023-36590 | Microsoft Message Queuing Remote Code Execution Vulnerability | Important |
Windows Message Queuing | CVE-2023-36589 | Microsoft Message Queuing Remote Code Execution Vulnerability | Important |
Windows Message Queuing | CVE-2023-36583 | Microsoft Message Queuing Remote Code Execution Vulnerability | Important |
Windows Message Queuing | CVE-2023-36592 | Microsoft Message Queuing Remote Code Execution Vulnerability | Important |
Windows Message Queuing | CVE-2023-36697 | Microsoft Message Queuing Remote Code Execution Vulnerability | Critical |
Windows Message Queuing | CVE-2023-36606 | Microsoft Message Queuing Denial of Service Vulnerability | Important |
Windows Message Queuing | CVE-2023-36593 | Microsoft Message Queuing Remote Code Execution Vulnerability | Important |
Windows Message Queuing | CVE-2023-36582 | Microsoft Message Queuing Remote Code Execution Vulnerability | Important |
Windows Message Queuing | CVE-2023-36574 | Microsoft Message Queuing Remote Code Execution Vulnerability | Important |
Windows Message Queuing | CVE-2023-36575 | Microsoft Message Queuing Remote Code Execution Vulnerability | Important |
Windows Message Queuing | CVE-2023-36573 | Microsoft Message Queuing Remote Code Execution Vulnerability | Important |
Windows Message Queuing | CVE-2023-36572 | Microsoft Message Queuing Remote Code Execution Vulnerability | Important |
Windows Message Queuing | CVE-2023-36581 | Microsoft Message Queuing Denial of Service Vulnerability | Important |
Windows Message Queuing | CVE-2023-36579 | Microsoft Message Queuing Denial of Service Vulnerability | Important |
Windows Message Queuing | CVE-2023-36578 | Microsoft Message Queuing Remote Code Execution Vulnerability | Important |
Windows Microsoft DirectMusic | CVE-2023-36702 | Microsoft DirectMusic Remote Code Execution Vulnerability | Important |
Windows Mixed Reality Developer Tools | CVE-2023-36720 | Windows Mixed Reality Developer Tools Denial of Service Vulnerability | Important |
Windows Named Pipe File System | CVE-2023-36729 | Named Pipe File System Elevation of Privilege Vulnerability | Important |
Windows Named Pipe File System | CVE-2023-36605 | Windows Named Pipe Filesystem Elevation of Privilege Vulnerability | Important |
Windows NT OS Kernel | CVE-2023-36725 | Windows Kernel Elevation of Privilege Vulnerability | Important |
Windows Power Management Service | CVE-2023-36724 | Windows Power Management Service Information Disclosure Vulnerability | Important |
Windows RDP | CVE-2023-36790 | Windows RDP Encoder Mirror Driver Elevation of Privilege Vulnerability | Important |
Windows RDP | CVE-2023-29348 | Windows Remote Desktop Gateway (RD Gateway) Information Disclosure Vulnerability | Important |
Windows Remote Procedure Call | CVE-2023-36596 | Remote Procedure Call Information Disclosure Vulnerability | Important |
Windows Resilient File System (ReFS) | CVE-2023-36701 | Microsoft Resilient File System (ReFS) Elevation of Privilege Vulnerability | Important |
Windows Runtime C++ Template Library | CVE-2023-36711 | Windows Runtime C++ Template Library Elevation of Privilege Vulnerability | Important |
Windows Setup Files Cleanup | CVE-2023-36704 | Windows Setup Files Cleanup Remote Code Execution Vulnerability | Important |
Windows TCP/IP | CVE-2023-36438 | Windows TCP/IP Information Disclosure Vulnerability | Important |
Windows TCP/IP | CVE-2023-36603 | Windows TCP/IP Denial of Service Vulnerability | Important |
Windows TCP/IP | CVE-2023-36602 | Windows TCP/IP Denial of Service Vulnerability | Important |
Windows TPM | CVE-2023-36717 | Windows Virtual Trusted Platform Module Denial of Service Vulnerability | Important |
Windows Virtual Trusted Platform Module | CVE-2023-36718 | Microsoft Virtual Trusted Platform Module Remote Code Execution Vulnerability | Critical |
Windows Win32K | CVE-2023-36731 | Win32k Elevation of Privilege Vulnerability | Important |
Windows Win32K | CVE-2023-36732 | Win32k Elevation of Privilege Vulnerability | Important |
Windows Win32K | CVE-2023-36776 | Win32k Elevation of Privilege Vulnerability | Important |
Windows Win32K | CVE-2023-36743 | Win32k Elevation of Privilege Vulnerability | Important |
Windows Win32K | CVE-2023-41772 | Win32k Elevation of Privilege Vulnerability | Important |