Haberler

Microsoft Eylül 2022 Patch Tuesday: 2 Zero-Day, 63 Zafiyet Kapatıldı

Mehmet Sait YILMAZ fotoğrafı Mehmet Sait YILMAZ Bir e-posta göndermek 13/09/2022
0 3 dakika okuma süresi

Microsoft bu ay yayınladığı Patch Tuesday yamaları ile 2 adet zero-day güvenlik açığı ve toplam 63 zafiyeti kapattı.

Bugünkü güncellemede düzeltilen 63 güvenlik açığından beşi uzaktan kod yürütülmesine izin verdikleri için ‘Kritik’ olarak sınıflandırıldı.

Kapatılan zafiyetler aşağıdaki gibidir:

  • 18 Elevation of Privilege Vulnerabilities
  • 1 Security Feature Bypass Vulnerabilities
  • 30 Remote Code Execution Vulnerabilities
  • 7 Information Disclosure Vulnerabilities
  • 7 Denial of Service Vulnerabilities
  • 16 Edge – Chromium Vulnerabilities

İki zero-day kapatıldı, bir tanesi aktif olarak kullanıldı

Zero-day güvenlik açıklarından biri olan ‘ CVE-2022-37969 – “Windows Common Log File System Driver Elevation of Privilege Vulnerability” zafiyeti. Bu güvenlik açığından başarıyla yararlanan bir saldırgan SYSTEM ayrıcalıkları kazanabiliyor.

Diğer zero-day ise CVE-2022-23960 – “Cache Speculation Restriction Vulnerability” zafiyeti.

Eylül 2022 Patch Tuesday Güvenlik Güncellemelerinin Tam Listesi

TagCVE IDCVE TitleSeverity
.NET and Visual StudioCVE-2022-38013.NET Core and Visual Studio Denial of Service VulnerabilityImportant
.NET FrameworkCVE-2022-26929.NET Framework Remote Code Execution VulnerabilityImportant
Azure ArcCVE-2022-38007Azure Guest Configuration and Azure Arc-enabled servers Elevation of Privilege VulnerabilityImportant
Cache SpeculationCVE-2022-23960Arm: CVE-2022-23960 Cache Speculation Restriction VulnerabilityImportant
HTTP.sysCVE-2022-35838HTTP V3 Denial of Service VulnerabilityImportant
Microsoft DynamicsCVE-2022-35805Microsoft Dynamics CRM (on-premises) Remote Code Execution VulnerabilityCritical
Microsoft DynamicsCVE-2022-34700Microsoft Dynamics CRM (on-premises) Remote Code Execution VulnerabilityCritical
Microsoft Edge (Chromium-based)CVE-2022-3053Chromium: CVE-2022-3053 Inappropriate implementation in Pointer LockUnknown
Microsoft Edge (Chromium-based)CVE-2022-3047Chromium: CVE-2022-3047 Insufficient policy enforcement in Extensions APIUnknown
Microsoft Edge (Chromium-based)CVE-2022-3054Chromium: CVE-2022-3054 Insufficient policy enforcement in DevToolsUnknown
Microsoft Edge (Chromium-based)CVE-2022-3041Chromium: CVE-2022-3041 Use after free in WebSQLUnknown
Microsoft Edge (Chromium-based)CVE-2022-3040Chromium: CVE-2022-3040 Use after free in LayoutUnknown
Microsoft Edge (Chromium-based)CVE-2022-3046Chromium: CVE-2022-3046 Use after free in Browser TagUnknown
Microsoft Edge (Chromium-based)CVE-2022-3039Chromium: CVE-2022-3039 Use after free in WebSQLUnknown
Microsoft Edge (Chromium-based)CVE-2022-3045Chromium: CVE-2022-3045 Insufficient validation of untrusted input in V8Unknown
Microsoft Edge (Chromium-based)CVE-2022-3044Chromium: CVE-2022-3044 Inappropriate implementation in Site IsolationUnknown
Microsoft Edge (Chromium-based)CVE-2022-3057Chromium: CVE-2022-3057 Inappropriate implementation in iframe SandboxUnknown
Microsoft Edge (Chromium-based)CVE-2022-3075Chromium: CVE-2022-3075 Insufficient data validation in MojoUnknown
Microsoft Edge (Chromium-based)CVE-2022-3058Chromium: CVE-2022-3058 Use after free in Sign-In FlowUnknown
Microsoft Edge (Chromium-based)CVE-2022-3038Chromium: CVE-2022-3038 Use after free in Network ServiceUnknown
Microsoft Edge (Chromium-based)CVE-2022-3056Chromium: CVE-2022-3056 Insufficient policy enforcement in Content Security PolicyUnknown
Microsoft Edge (Chromium-based)CVE-2022-3055Chromium: CVE-2022-3055 Use after free in PasswordsUnknown
Microsoft Edge (Chromium-based)CVE-2022-38012Microsoft Edge (Chromium-based) Remote Code Execution VulnerabilityLow
Microsoft Graphics ComponentCVE-2022-37954DirectX Graphics Kernel Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2022-38006Windows Graphics Component Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2022-34729Windows GDI Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2022-34728Windows Graphics Component Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2022-35837Windows Graphics Component Information Disclosure VulnerabilityImportant
Microsoft OfficeCVE-2022-37962Microsoft PowerPoint Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2022-35823Microsoft SharePoint Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2022-38009Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2022-38008Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2022-37961Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
Microsoft Office VisioCVE-2022-37963Microsoft Office Visio Remote Code Execution VulnerabilityImportant
Microsoft Office VisioCVE-2022-38010Microsoft Office Visio Remote Code Execution VulnerabilityImportant
Microsoft Windows ALPCCVE-2022-34725Windows ALPC Elevation of Privilege VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2022-38011Raw Image Extension Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2022-38019AV1 Video Extension Remote Code Execution VulnerabilityImportant
Network Device Enrollment Service (NDES)CVE-2022-37959Network Device Enrollment Service (NDES) Security Feature Bypass VulnerabilityImportant
Role: DNS ServerCVE-2022-34724Windows DNS Server Denial of Service VulnerabilityImportant
Role: Windows Fax ServiceCVE-2022-38004Windows Fax Service Remote Code Execution VulnerabilityImportant
SPNEGO Extended NegotiationCVE-2022-37958SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Information Disclosure VulnerabilityImportant
Visual Studio CodeCVE-2022-38020Visual Studio Code Elevation of Privilege VulnerabilityImportant
Windows Common Log File System DriverCVE-2022-35803Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
Windows Common Log File System DriverCVE-2022-37969Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
Windows Credential Roaming ServiceCVE-2022-30170Windows Credential Roaming Service Elevation of Privilege VulnerabilityImportant
Windows DefenderCVE-2022-35828Microsoft Defender for Endpoint for Mac Elevation of Privilege VulnerabilityImportant
Windows Distributed File System (DFS)CVE-2022-34719Windows Distributed File System (DFS) Elevation of Privilege VulnerabilityImportant
Windows DPAPI (Data Protection Application Programming Interface)CVE-2022-34723Windows DPAPI (Data Protection Application Programming Interface) Information Disclosure VulnerabilityImportant
Windows Enterprise App ManagementCVE-2022-35841Windows Enterprise App Management Service Remote Code Execution VulnerabilityImportant
Windows Event TracingCVE-2022-35832Windows Event Tracing Denial of Service VulnerabilityImportant
Windows Group PolicyCVE-2022-37955Windows Group Policy Elevation of Privilege VulnerabilityImportant
Windows IKE ExtensionCVE-2022-34722Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution VulnerabilityCritical
Windows IKE ExtensionCVE-2022-34720Windows Internet Key Exchange (IKE) Extension Denial of Service VulnerabilityImportant
Windows IKE ExtensionCVE-2022-34721Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution VulnerabilityCritical
Windows KerberosCVE-2022-33647Windows Kerberos Elevation of Privilege VulnerabilityImportant
Windows KerberosCVE-2022-33679Windows Kerberos Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2022-37964Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2022-37956Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2022-37957Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows LDAP – Lightweight Directory Access ProtocolCVE-2022-30200Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution VulnerabilityImportant
Windows ODBC DriverCVE-2022-34726Microsoft ODBC Driver Remote Code Execution VulnerabilityImportant
Windows ODBC DriverCVE-2022-34730Microsoft ODBC Driver Remote Code Execution VulnerabilityImportant
Windows ODBC DriverCVE-2022-34727Microsoft ODBC Driver Remote Code Execution VulnerabilityImportant
Windows ODBC DriverCVE-2022-34732Microsoft ODBC Driver Remote Code Execution VulnerabilityImportant
Windows ODBC DriverCVE-2022-34734Microsoft ODBC Driver Remote Code Execution VulnerabilityImportant
Windows OLECVE-2022-35834Microsoft OLE DB Provider for SQL Server Remote Code Execution VulnerabilityImportant
Windows OLECVE-2022-35835Microsoft OLE DB Provider for SQL Server Remote Code Execution VulnerabilityImportant
Windows OLECVE-2022-35836Microsoft OLE DB Provider for SQL Server Remote Code Execution VulnerabilityImportant
Windows OLECVE-2022-35840Microsoft OLE DB Provider for SQL Server Remote Code Execution VulnerabilityImportant
Windows OLECVE-2022-34733Microsoft OLE DB Provider for SQL Server Remote Code Execution VulnerabilityImportant
Windows OLECVE-2022-34731Microsoft OLE DB Provider for SQL Server Remote Code Execution VulnerabilityImportant
Windows Photo Import APICVE-2022-26928Windows Photo Import API Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2022-38005Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Remote Access Connection ManagerCVE-2022-35831Windows Remote Access Connection Manager Information Disclosure VulnerabilityImportant
Windows Remote Procedure CallCVE-2022-35830Remote Procedure Call Runtime Remote Code Execution VulnerabilityImportant
Windows TCP/IPCVE-2022-34718Windows TCP/IP Remote Code Execution VulnerabilityCritical
Windows Transport Security Layer (TLS)CVE-2022-35833Windows Secure Channel Denial of Service VulnerabilityImportant
Windows Transport Security Layer (TLS)CVE-2022-30196Windows Secure Channel Denial of Service VulnerabilityImportant

Kaynak: bleepingcomputer.com

Mehmet Sait YILMAZ fotoğrafı Mehmet Sait YILMAZ Bir e-posta göndermek 13/09/2022
0 3 dakika okuma süresi
Mehmet Sait YILMAZ fotoğrafı

Mehmet Sait YILMAZ

İlgili Makaleler

Google, Adalet Bakanlığı'nın Chrome'u Satma Talebinin Tüketicilere Ve Amerika'nın Teknoloji Liderliğine Zarar Vereceğini İddia Ediyor!

Google, Adalet Bakanlığı’nın Chrome’u Satma Talebinin Tüketicilere Ve Amerika’nın Teknoloji Liderliğine Zarar Vereceğini İddia Ediyor!

22/11/2024
Windows 10 22H2 için KB5046714 Güncellemesi Yayınlandı! Aktivasyon Sorunları Ortadan Kaldırıldı

Windows 10 22H2 için KB5046714 Güncellemesi Yayınlandı! Aktivasyon Sorunları Ortadan Kaldırıldı

22/11/2024
Microsoft, Windows 10 Uygulama Güncelleme Sorununu Çözdü!

Microsoft, Windows 10 Uygulama Güncelleme Sorununu Çözdü!

22/11/2024
WhatsApp Sesli Mesajları Yazıya Çevirme Özelliğini Duyurdu

WhatsApp Sesli Mesajları Yazıya Çevirme Özelliğini Duyurdu

22/11/2024

Bir yanıt yazın

E-posta adresiniz yayınlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir

Başa dön tuşu