Haberler

Microsoft Ekim 2024 Patch Tuesday: 5 Zero-Day, 118 Zafiyet Kapatıldı

Microsoft bu ay yayınladığı Patch Tuesday güncellemeleri ile 5 adet Zero-Day ve toplam 118 zafiyeti kapattı.

Kapatılan zafiyetler aşağıdaki gibi:

  • 28 Elevation of Privilege vulnerabilities
  • 7 Security Feature Bypass vulnerabilities
  • 43 Remote Code Execution vulnerabilities
  • 6 Information Disclosure vulnerabilities
  • 26 Denial of Service vulnerabilities
  • 7 Spoofing vulnerabilities

5 Adet Zero-Day Kapatıldı

CVE-2024-43573 – Windows MSHTML Platform Spoofing Vulnerability

CVE-2024-43572 – Microsoft Management Console Remote Code Execution Vulnerability

CVE-2024-6197 – Open Source Curl Remote Code Execution Vulnerability

CVE-2024-20659 – Windows Hyper-V Security Feature Bypass Vulnerability

CVE-2024-43583 – Winlogon Elevation of Privilege Vulnerability

Ekim 2024 Patch Tuesday Güvenlik Güncellemelerinin Tam Listesi

TagCVE IDCVE TitleSeverity
.NET and Visual StudioCVE-2024-38229.NET and Visual Studio Remote Code Execution VulnerabilityImportant
.NET and Visual StudioCVE-2024-43485.NET and Visual Studio Denial of Service VulnerabilityImportant
.NET, .NET Framework, Visual StudioCVE-2024-43484.NET, .NET Framework, and Visual Studio Denial of Service VulnerabilityImportant
.NET, .NET Framework, Visual StudioCVE-2024-43483.NET, .NET Framework, and Visual Studio Denial of Service VulnerabilityImportant
Azure CLICVE-2024-43591Azure Command Line Integration (CLI) Elevation of Privilege VulnerabilityImportant
Azure MonitorCVE-2024-38097Azure Monitor Agent Elevation of Privilege VulnerabilityImportant
Azure StackCVE-2024-38179Azure Stack Hyperconverged Infrastructure (HCI) Elevation of Privilege VulnerabilityImportant
BranchCacheCVE-2024-43506BranchCache Denial of Service VulnerabilityImportant
BranchCacheCVE-2024-38149BranchCache Denial of Service VulnerabilityImportant
Code Integrity GuardCVE-2024-43585Code Integrity Guard Security Feature Bypass VulnerabilityImportant
DeepSpeedCVE-2024-43497DeepSpeed Remote Code Execution VulnerabilityImportant
Internet Small Computer Systems Interface (iSCSI)CVE-2024-43515Internet Small Computer Systems Interface (iSCSI) Denial of Service VulnerabilityImportant
Microsoft ActiveXCVE-2024-43517Microsoft ActiveX Data Objects Remote Code Execution VulnerabilityImportant
Microsoft Configuration ManagerCVE-2024-43468Microsoft Configuration Manager Remote Code Execution VulnerabilityCritical
Microsoft Defender for EndpointCVE-2024-43614Microsoft Defender for Endpoint for Linux Spoofing VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2024-9369Chromium: CVE-2024-9369 Insufficient data validation in MojoUnknown
Microsoft Edge (Chromium-based)CVE-2024-9370Chromium: CVE-2024-9370 Inappropriate implementation in V8Unknown
Microsoft Edge (Chromium-based)CVE-2024-7025Chromium: CVE-2024-7025 Integer overflow in LayoutUnknown
Microsoft Graphics ComponentCVE-2024-43534Windows Graphics Component Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2024-43508Windows Graphics Component Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2024-43556Windows Graphics Component Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2024-43509Windows Graphics Component Elevation of Privilege VulnerabilityImportant
Microsoft Management ConsoleCVE-2024-43572Microsoft Management Console Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2024-43616Microsoft Office Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2024-43576Microsoft Office Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2024-43609Microsoft Office Spoofing VulnerabilityImportant
Microsoft Office ExcelCVE-2024-43504Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2024-43503Microsoft SharePoint Elevation of Privilege VulnerabilityImportant
Microsoft Office VisioCVE-2024-43505Microsoft Office Visio Remote Code Execution VulnerabilityImportant
Microsoft Simple Certificate Enrollment ProtocolCVE-2024-43544Microsoft Simple Certificate Enrollment Protocol Denial of Service VulnerabilityImportant
Microsoft Simple Certificate Enrollment ProtocolCVE-2024-43541Microsoft Simple Certificate Enrollment Protocol Denial of Service VulnerabilityImportant
Microsoft WDAC OLE DB provider for SQLCVE-2024-43519Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution VulnerabilityImportant
Microsoft Windows SpeechCVE-2024-43574Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution VulnerabilityImportant
OpenSSH for WindowsCVE-2024-43615Microsoft OpenSSH for Windows Remote Code Execution VulnerabilityImportant
OpenSSH for WindowsCVE-2024-43581Microsoft OpenSSH for Windows Remote Code Execution VulnerabilityImportant
OpenSSH for WindowsCVE-2024-38029Microsoft OpenSSH for Windows Remote Code Execution VulnerabilityImportant
Outlook for AndroidCVE-2024-43604Outlook for Android Elevation of Privilege VulnerabilityImportant
Power BICVE-2024-43612Power BI Report Server Spoofing VulnerabilityImportant
Power BICVE-2024-43481Power BI Report Server Spoofing VulnerabilityImportant
Remote Desktop ClientCVE-2024-43533Remote Desktop Client Remote Code Execution VulnerabilityImportant
Remote Desktop ClientCVE-2024-43599Remote Desktop Client Remote Code Execution VulnerabilityImportant
Role: Windows Hyper-VCVE-2024-43521Windows Hyper-V Denial of Service VulnerabilityImportant
Role: Windows Hyper-VCVE-2024-20659Windows Hyper-V Security Feature Bypass VulnerabilityImportant
Role: Windows Hyper-VCVE-2024-43567Windows Hyper-V Denial of Service VulnerabilityImportant
Role: Windows Hyper-VCVE-2024-43575Windows Hyper-V Denial of Service VulnerabilityImportant
RPC Endpoint Mapper ServiceCVE-2024-43532Remote Registry Service Elevation of Privilege VulnerabilityImportant
Service FabricCVE-2024-43480Azure Service Fabric for Linux Remote Code Execution VulnerabilityImportant
Sudo for WindowsCVE-2024-43571Sudo for Windows Spoofing VulnerabilityImportant
Visual C++ Redistributable InstallerCVE-2024-43590Visual C++ Redistributable Installer Elevation of Privilege VulnerabilityImportant
Visual StudioCVE-2024-43603Visual Studio Collector Service Denial of Service VulnerabilityImportant
Visual Studio CodeCVE-2024-43488Visual Studio Code extension for Arduino Remote Code Execution VulnerabilityCritical
Visual Studio CodeCVE-2024-43601Visual Studio Code for Linux Remote Code Execution VulnerabilityImportant
Windows Ancillary Function Driver for WinSockCVE-2024-43563Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityImportant
Windows BitLockerCVE-2024-43513BitLocker Security Feature Bypass VulnerabilityImportant
Windows Common Log File System DriverCVE-2024-43501Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
Windows Cryptographic ServicesCVE-2024-43546Windows Cryptographic Information Disclosure VulnerabilityImportant
Windows cURL ImplementationCVE-2024-6197Open Source Curl Remote Code Execution VulnerabilityImportant
Windows EFI PartitionCVE-2024-37982Windows Resume Extensible Firmware Interface Security Feature Bypass VulnerabilityImportant
Windows EFI PartitionCVE-2024-37976Windows Resume Extensible Firmware Interface Security Feature Bypass VulnerabilityImportant
Windows EFI PartitionCVE-2024-37983Windows Resume Extensible Firmware Interface Security Feature Bypass VulnerabilityImportant
Windows Hyper-VCVE-2024-30092Windows Hyper-V Remote Code Execution VulnerabilityImportant
Windows KerberosCVE-2024-43547Windows Kerberos Information Disclosure VulnerabilityImportant
Windows KerberosCVE-2024-38129Windows Kerberos Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2024-43502Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2024-43511Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2024-43520Windows Kernel Denial of Service VulnerabilityImportant
Windows KernelCVE-2024-43527Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2024-43570Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2024-37979Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows Kernel-Mode DriversCVE-2024-43554Windows Kernel-Mode Driver Information Disclosure VulnerabilityImportant
Windows Kernel-Mode DriversCVE-2024-43535Windows Kernel-Mode Driver Elevation of Privilege VulnerabilityImportant
Windows Local Security Authority (LSA)CVE-2024-43522Windows Local Security Authority (LSA) Elevation of Privilege VulnerabilityImportant
Windows Mobile BroadbandCVE-2024-43555Windows Mobile Broadband Driver Denial of Service VulnerabilityImportant
Windows Mobile BroadbandCVE-2024-43540Windows Mobile Broadband Driver Denial of Service VulnerabilityImportant
Windows Mobile BroadbandCVE-2024-43536Windows Mobile Broadband Driver Remote Code Execution VulnerabilityImportant
Windows Mobile BroadbandCVE-2024-43538Windows Mobile Broadband Driver Denial of Service VulnerabilityImportant
Windows Mobile BroadbandCVE-2024-43525Windows Mobile Broadband Driver Remote Code Execution VulnerabilityImportant
Windows Mobile BroadbandCVE-2024-43559Windows Mobile Broadband Driver Denial of Service VulnerabilityImportant
Windows Mobile BroadbandCVE-2024-43561Windows Mobile Broadband Driver Denial of Service VulnerabilityImportant
Windows Mobile BroadbandCVE-2024-43558Windows Mobile Broadband Driver Denial of Service VulnerabilityImportant
Windows Mobile BroadbandCVE-2024-43542Windows Mobile Broadband Driver Denial of Service VulnerabilityImportant
Windows Mobile BroadbandCVE-2024-43557Windows Mobile Broadband Driver Denial of Service VulnerabilityImportant
Windows Mobile BroadbandCVE-2024-43526Windows Mobile Broadband Driver Remote Code Execution VulnerabilityImportant
Windows Mobile BroadbandCVE-2024-43543Windows Mobile Broadband Driver Remote Code Execution VulnerabilityImportant
Windows Mobile BroadbandCVE-2024-43523Windows Mobile Broadband Driver Remote Code Execution VulnerabilityImportant
Windows Mobile BroadbandCVE-2024-43524Windows Mobile Broadband Driver Remote Code Execution VulnerabilityImportant
Windows Mobile BroadbandCVE-2024-43537Windows Mobile Broadband Driver Denial of Service VulnerabilityImportant
Windows MSHTML PlatformCVE-2024-43573Windows MSHTML Platform Spoofing VulnerabilityModerate
Windows NetlogonCVE-2024-38124Windows Netlogon Elevation of Privilege VulnerabilityImportant
Windows Network Address Translation (NAT)CVE-2024-43562Windows Network Address Translation (NAT) Denial of Service VulnerabilityImportant
Windows Network Address Translation (NAT)CVE-2024-43565Windows Network Address Translation (NAT) Denial of Service VulnerabilityImportant
Windows NT OS KernelCVE-2024-43553NT OS Kernel Elevation of Privilege VulnerabilityImportant
Windows NTFSCVE-2024-43514Windows Resilient File System (ReFS) Elevation of Privilege VulnerabilityImportant
Windows Online Certificate Status Protocol (OCSP)CVE-2024-43545Windows Online Certificate Status Protocol (OCSP) Server Denial of Service VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2024-43529Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Remote DesktopCVE-2024-43582Remote Desktop Protocol Server Remote Code Execution VulnerabilityCritical
Windows Remote Desktop Licensing ServiceCVE-2024-38262Windows Remote Desktop Licensing Service Remote Code Execution VulnerabilityImportant
Windows Remote Desktop ServicesCVE-2024-43456Windows Remote Desktop Services Tampering VulnerabilityImportant
Windows Resilient File System (ReFS)CVE-2024-43500Windows Resilient File System (ReFS) Information Disclosure VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2024-43592Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2024-43589Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2024-38212Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2024-43593Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2024-38261Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2024-43611Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2024-43453Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2024-38265Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2024-43607Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2024-43549Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2024-43608Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2024-43564Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows ScriptingCVE-2024-43584Windows Scripting Engine Security Feature Bypass VulnerabilityImportant
Windows Secure ChannelCVE-2024-43550Windows Secure Channel Spoofing VulnerabilityImportant
Windows Secure Kernel ModeCVE-2024-43516Windows Secure Kernel Mode Elevation of Privilege VulnerabilityImportant
Windows Secure Kernel ModeCVE-2024-43528Windows Secure Kernel Mode Elevation of Privilege VulnerabilityImportant
Windows ShellCVE-2024-43552Windows Shell Remote Code Execution VulnerabilityImportant
Windows Standards-Based Storage Management ServiceCVE-2024-43512Windows Standards-Based Storage Management Service Denial of Service VulnerabilityImportant
Windows StorageCVE-2024-43551Windows Storage Elevation of Privilege VulnerabilityImportant
Windows Storage Port DriverCVE-2024-43560Microsoft Windows Storage Port Driver Elevation of Privilege VulnerabilityImportant
Windows Telephony ServerCVE-2024-43518Windows Telephony Server Remote Code Execution VulnerabilityImportant
WinlogonCVE-2024-43583Winlogon Elevation of Privilege VulnerabilityImportant

İlgili Makaleler

Bir yanıt yazın

E-posta adresiniz yayınlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir

Başa dön tuşu