Microsoft Eylül 2022 Patch Tuesday: 2 Zero-Day, 63 Zafiyet Kapatıldı

Microsoft bu ay yayınladığı Patch Tuesday yamaları ile 2 adet zero-day güvenlik açığı ve toplam 63 zafiyeti kapattı.

Bugünkü güncellemede düzeltilen 63 güvenlik açığından beşi uzaktan kod yürütülmesine izin verdikleri için ‘Kritik’ olarak sınıflandırıldı.

Kapatılan zafiyetler aşağıdaki gibidir:

İki zero-day kapatıldı, bir tanesi aktif olarak kullanıldı

Zero-day güvenlik açıklarından biri olan ‘ CVE-2022-37969 – “Windows Common Log File System Driver Elevation of Privilege Vulnerability” zafiyeti. Bu güvenlik açığından başarıyla yararlanan bir saldırgan SYSTEM ayrıcalıkları kazanabiliyor.

Diğer zero-day ise CVE-2022-23960 – “Cache Speculation Restriction Vulnerability” zafiyeti.

Eylül 2022 Patch Tuesday Güvenlik Güncellemelerinin Tam Listesi

TagCVE IDCVE TitleSeverity
.NET and Visual StudioCVE-2022-38013.NET Core and Visual Studio Denial of Service VulnerabilityImportant
.NET FrameworkCVE-2022-26929.NET Framework Remote Code Execution VulnerabilityImportant
Azure ArcCVE-2022-38007Azure Guest Configuration and Azure Arc-enabled servers Elevation of Privilege VulnerabilityImportant
Cache SpeculationCVE-2022-23960Arm: CVE-2022-23960 Cache Speculation Restriction VulnerabilityImportant
HTTP.sysCVE-2022-35838HTTP V3 Denial of Service VulnerabilityImportant
Microsoft DynamicsCVE-2022-35805Microsoft Dynamics CRM (on-premises) Remote Code Execution VulnerabilityCritical
Microsoft DynamicsCVE-2022-34700Microsoft Dynamics CRM (on-premises) Remote Code Execution VulnerabilityCritical
Microsoft Edge (Chromium-based)CVE-2022-3053Chromium: CVE-2022-3053 Inappropriate implementation in Pointer LockUnknown
Microsoft Edge (Chromium-based)CVE-2022-3047Chromium: CVE-2022-3047 Insufficient policy enforcement in Extensions APIUnknown
Microsoft Edge (Chromium-based)CVE-2022-3054Chromium: CVE-2022-3054 Insufficient policy enforcement in DevToolsUnknown
Microsoft Edge (Chromium-based)CVE-2022-3041Chromium: CVE-2022-3041 Use after free in WebSQLUnknown
Microsoft Edge (Chromium-based)CVE-2022-3040Chromium: CVE-2022-3040 Use after free in LayoutUnknown
Microsoft Edge (Chromium-based)CVE-2022-3046Chromium: CVE-2022-3046 Use after free in Browser TagUnknown
Microsoft Edge (Chromium-based)CVE-2022-3039Chromium: CVE-2022-3039 Use after free in WebSQLUnknown
Microsoft Edge (Chromium-based)CVE-2022-3045Chromium: CVE-2022-3045 Insufficient validation of untrusted input in V8Unknown
Microsoft Edge (Chromium-based)CVE-2022-3044Chromium: CVE-2022-3044 Inappropriate implementation in Site IsolationUnknown
Microsoft Edge (Chromium-based)CVE-2022-3057Chromium: CVE-2022-3057 Inappropriate implementation in iframe SandboxUnknown
Microsoft Edge (Chromium-based)CVE-2022-3075Chromium: CVE-2022-3075 Insufficient data validation in MojoUnknown
Microsoft Edge (Chromium-based)CVE-2022-3058Chromium: CVE-2022-3058 Use after free in Sign-In FlowUnknown
Microsoft Edge (Chromium-based)CVE-2022-3038Chromium: CVE-2022-3038 Use after free in Network ServiceUnknown
Microsoft Edge (Chromium-based)CVE-2022-3056Chromium: CVE-2022-3056 Insufficient policy enforcement in Content Security PolicyUnknown
Microsoft Edge (Chromium-based)CVE-2022-3055Chromium: CVE-2022-3055 Use after free in PasswordsUnknown
Microsoft Edge (Chromium-based)CVE-2022-38012Microsoft Edge (Chromium-based) Remote Code Execution VulnerabilityLow
Microsoft Graphics ComponentCVE-2022-37954DirectX Graphics Kernel Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2022-38006Windows Graphics Component Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2022-34729Windows GDI Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2022-34728Windows Graphics Component Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2022-35837Windows Graphics Component Information Disclosure VulnerabilityImportant
Microsoft OfficeCVE-2022-37962Microsoft PowerPoint Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2022-35823Microsoft SharePoint Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2022-38009Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2022-38008Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2022-37961Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
Microsoft Office VisioCVE-2022-37963Microsoft Office Visio Remote Code Execution VulnerabilityImportant
Microsoft Office VisioCVE-2022-38010Microsoft Office Visio Remote Code Execution VulnerabilityImportant
Microsoft Windows ALPCCVE-2022-34725Windows ALPC Elevation of Privilege VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2022-38011Raw Image Extension Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2022-38019AV1 Video Extension Remote Code Execution VulnerabilityImportant
Network Device Enrollment Service (NDES)CVE-2022-37959Network Device Enrollment Service (NDES) Security Feature Bypass VulnerabilityImportant
Role: DNS ServerCVE-2022-34724Windows DNS Server Denial of Service VulnerabilityImportant
Role: Windows Fax ServiceCVE-2022-38004Windows Fax Service Remote Code Execution VulnerabilityImportant
SPNEGO Extended NegotiationCVE-2022-37958SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Information Disclosure VulnerabilityImportant
Visual Studio CodeCVE-2022-38020Visual Studio Code Elevation of Privilege VulnerabilityImportant
Windows Common Log File System DriverCVE-2022-35803Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
Windows Common Log File System DriverCVE-2022-37969Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
Windows Credential Roaming ServiceCVE-2022-30170Windows Credential Roaming Service Elevation of Privilege VulnerabilityImportant
Windows DefenderCVE-2022-35828Microsoft Defender for Endpoint for Mac Elevation of Privilege VulnerabilityImportant
Windows Distributed File System (DFS)CVE-2022-34719Windows Distributed File System (DFS) Elevation of Privilege VulnerabilityImportant
Windows DPAPI (Data Protection Application Programming Interface)CVE-2022-34723Windows DPAPI (Data Protection Application Programming Interface) Information Disclosure VulnerabilityImportant
Windows Enterprise App ManagementCVE-2022-35841Windows Enterprise App Management Service Remote Code Execution VulnerabilityImportant
Windows Event TracingCVE-2022-35832Windows Event Tracing Denial of Service VulnerabilityImportant
Windows Group PolicyCVE-2022-37955Windows Group Policy Elevation of Privilege VulnerabilityImportant
Windows IKE ExtensionCVE-2022-34722Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution VulnerabilityCritical
Windows IKE ExtensionCVE-2022-34720Windows Internet Key Exchange (IKE) Extension Denial of Service VulnerabilityImportant
Windows IKE ExtensionCVE-2022-34721Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution VulnerabilityCritical
Windows KerberosCVE-2022-33647Windows Kerberos Elevation of Privilege VulnerabilityImportant
Windows KerberosCVE-2022-33679Windows Kerberos Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2022-37964Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2022-37956Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2022-37957Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows LDAP – Lightweight Directory Access ProtocolCVE-2022-30200Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution VulnerabilityImportant
Windows ODBC DriverCVE-2022-34726Microsoft ODBC Driver Remote Code Execution VulnerabilityImportant
Windows ODBC DriverCVE-2022-34730Microsoft ODBC Driver Remote Code Execution VulnerabilityImportant
Windows ODBC DriverCVE-2022-34727Microsoft ODBC Driver Remote Code Execution VulnerabilityImportant
Windows ODBC DriverCVE-2022-34732Microsoft ODBC Driver Remote Code Execution VulnerabilityImportant
Windows ODBC DriverCVE-2022-34734Microsoft ODBC Driver Remote Code Execution VulnerabilityImportant
Windows OLECVE-2022-35834Microsoft OLE DB Provider for SQL Server Remote Code Execution VulnerabilityImportant
Windows OLECVE-2022-35835Microsoft OLE DB Provider for SQL Server Remote Code Execution VulnerabilityImportant
Windows OLECVE-2022-35836Microsoft OLE DB Provider for SQL Server Remote Code Execution VulnerabilityImportant
Windows OLECVE-2022-35840Microsoft OLE DB Provider for SQL Server Remote Code Execution VulnerabilityImportant
Windows OLECVE-2022-34733Microsoft OLE DB Provider for SQL Server Remote Code Execution VulnerabilityImportant
Windows OLECVE-2022-34731Microsoft OLE DB Provider for SQL Server Remote Code Execution VulnerabilityImportant
Windows Photo Import APICVE-2022-26928Windows Photo Import API Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2022-38005Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Remote Access Connection ManagerCVE-2022-35831Windows Remote Access Connection Manager Information Disclosure VulnerabilityImportant
Windows Remote Procedure CallCVE-2022-35830Remote Procedure Call Runtime Remote Code Execution VulnerabilityImportant
Windows TCP/IPCVE-2022-34718Windows TCP/IP Remote Code Execution VulnerabilityCritical
Windows Transport Security Layer (TLS)CVE-2022-35833Windows Secure Channel Denial of Service VulnerabilityImportant
Windows Transport Security Layer (TLS)CVE-2022-30196Windows Secure Channel Denial of Service VulnerabilityImportant

Kaynak: bleepingcomputer.com

Exit mobile version