Microsoft Haziran 2022 Patch Tuesday: 1 Zero-Day, 55 Zafiyet Kapatıldı

Mehmet Sait YILMAZ 15/06/2022

0 3 dakika okuma süresi

Microsoft bu ay yayınladığı Patch Tuesday yamaları ile 1 sıfırıncı gün güvenlik açığı ve toplam 55 zafiyeti kapattı. Bunların içerisinde Windows MSDT ‘Follina’ zero-day güvenlik açığı ve yeni Intel MMIO’da bulunuyor. Düzeltilen 55 güvenlik açığından üçü uzaktan kod yürütülmesine izin verdikleri için ‘Kritik’ olarak sınıflandırılırken, geri kalanı Önemli olarak sınıflandırıldı.

Kapatılan zafiyetler aşağıdaki gibidir

12 Elevation of Privilege Vulnerabilities
1 Security Feature Bypass Vulnerabilities
27 Remote Code Execution Vulnerabilities
11 Information Disclosure Vulnerabilities
3 Denial of Service Vulnerabilities
1 Spoofing Vulnerability

Follina zero-day kapatıldı

Microsoft, Haziran 2022 Güncellemelerinde CVE-2022-30190 olarak izlenen Windows Follina MSDT zero-day güvenlik açığını kapattı.

Haziran 2022 Yaması Salı Güvenlik Güncellemeleri

Tag	CVE ID	CVE Title	Severity
.NET and Visual Studio	CVE-2022-30184	.NET and Visual Studio Information Disclosure Vulnerability	Important
Azure OMI	CVE-2022-29149	Azure Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability	Important
Azure Real Time Operating System	CVE-2022-30179	Azure RTOS GUIX Studio Remote Code Execution Vulnerability	Important
Azure Real Time Operating System	CVE-2022-30178	Azure RTOS GUIX Studio Remote Code Execution Vulnerability	Important
Azure Real Time Operating System	CVE-2022-30180	Azure RTOS GUIX Studio Information Disclosure Vulnerability	Important
Azure Real Time Operating System	CVE-2022-30177	Azure RTOS GUIX Studio Remote Code Execution Vulnerability	Important
Azure Service Fabric Container	CVE-2022-30137	Azure Service Fabric Container Elevation of Privilege Vulnerability	Important
Intel	CVE-2022-21127	Intel: CVE-2022-21127 Special Register Buffer Data Sampling Update (SRBDS Update)	Important
Intel	ADV220002	Microsoft Guidance on Intel Processor MMIO Stale Data Vulnerabilities	Unknown
Intel	CVE-2022-21123	Intel: CVE-2022-21123 Shared Buffers Data Read (SBDR)	Important
Intel	CVE-2022-21125	Intel: CVE-2022-21125 Shared Buffers Data Sampling (SBDS)	Important
Intel	CVE-2022-21166	Intel: CVE-2022-21166 Device Register Partial Write (DRPW)	Important
Microsoft Edge (Chromium-based)	CVE-2022-2011	Chromium: CVE-2022-2011 Use after free in ANGLE	Unknown
Microsoft Edge (Chromium-based)	CVE-2022-2010	Chromium: CVE-2022-2010 Out of bounds read in compositing	Unknown
Microsoft Edge (Chromium-based)	CVE-2022-2008	Chromium: CVE-2022-2008 Out of bounds memory access in WebGL	Unknown
Microsoft Edge (Chromium-based)	CVE-2022-2007	Chromium: CVE-2022-2007 Use after free in WebGPU	Unknown
Microsoft Edge (Chromium-based)	CVE-2022-22021	Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability	Moderate
Microsoft Office	CVE-2022-30159	Microsoft Office Information Disclosure Vulnerability	Important
Microsoft Office	CVE-2022-30171	Microsoft Office Information Disclosure Vulnerability	Important
Microsoft Office	CVE-2022-30172	Microsoft Office Information Disclosure Vulnerability	Important
Microsoft Office	CVE-2022-30174	Microsoft Office Remote Code Execution Vulnerability	Important
Microsoft Office Excel	CVE-2022-30173	Microsoft Excel Remote Code Execution Vulnerability	Important
Microsoft Office SharePoint	CVE-2022-30158	Microsoft SharePoint Server Remote Code Execution Vulnerability	Important
Microsoft Office SharePoint	CVE-2022-30157	Microsoft SharePoint Server Remote Code Execution Vulnerability	Important
Microsoft Windows ALPC	CVE-2022-30160	Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability	Important
Microsoft Windows Codecs Library	CVE-2022-29119	HEVC Video Extensions Remote Code Execution Vulnerability	Important
Microsoft Windows Codecs Library	CVE-2022-30188	HEVC Video Extensions Remote Code Execution Vulnerability	Important
Microsoft Windows Codecs Library	CVE-2022-30167	AV1 Video Extension Remote Code Execution Vulnerability	Important
Microsoft Windows Codecs Library	CVE-2022-30193	AV1 Video Extension Remote Code Execution Vulnerability	Important
Microsoft Windows Codecs Library	CVE-2022-29111	HEVC Video Extensions Remote Code Execution Vulnerability	Important
Microsoft Windows Codecs Library	CVE-2022-22018	HEVC Video Extensions Remote Code Execution Vulnerability	Important
Remote Volume Shadow Copy Service (RVSS)	CVE-2022-30154	Microsoft File Server Shadow Copy Agent Service (RVSS) Elevation of Privilege Vulnerability	Important
Role: Windows Hyper-V	CVE-2022-30163	Windows Hyper-V Remote Code Execution Vulnerability	Critical
SQL Server	CVE-2022-29143	Microsoft SQL Server Remote Code Execution Vulnerability	Important
Windows Ancillary Function Driver for WinSock	CVE-2022-30151	Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability	Important
Windows App Store	CVE-2022-30168	Microsoft Photos App Remote Code Execution Vulnerability	Important
Windows Autopilot	CVE-2022-30189	Windows Autopilot Device Management and Enrollment Client Spoofing Vulnerability	Important
Windows Container Isolation FS Filter Driver	CVE-2022-30131	Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability	Important
Windows Container Manager Service	CVE-2022-30132	Windows Container Manager Service Elevation of Privilege Vulnerability	Important
Windows Defender	CVE-2022-30150	Windows Defender Remote Credential Guard Elevation of Privilege Vulnerability	Important
Windows Encrypting File System (EFS)	CVE-2022-30145	Windows Encrypting File System (EFS) Remote Code Execution Vulnerability	Important
Windows File History Service	CVE-2022-30142	Windows File History Remote Code Execution Vulnerability	Important
Windows Installer	CVE-2022-30147	Windows Installer Elevation of Privilege Vulnerability	Important
Windows iSCSI	CVE-2022-30140	Windows iSCSI Discovery Service Remote Code Execution Vulnerability	Important
Windows Kerberos	CVE-2022-30164	Kerberos AppContainer Security Feature Bypass Vulnerability	Important
Windows Kerberos	CVE-2022-30165	Windows Kerberos Elevation of Privilege Vulnerability	Important
Windows Kernel	CVE-2022-30162	Windows Kernel Information Disclosure Vulnerability	Important
Windows Kernel	CVE-2022-30155	Windows Kernel Denial of Service Vulnerability	Important
Windows LDAP – Lightweight Directory Access Protocol	CVE-2022-30143	Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability	Important
Windows LDAP – Lightweight Directory Access Protocol	CVE-2022-30161	Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability	Important
Windows LDAP – Lightweight Directory Access Protocol	CVE-2022-30141	Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability	Important
Windows LDAP – Lightweight Directory Access Protocol	CVE-2022-30153	Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability	Important
Windows LDAP – Lightweight Directory Access Protocol	CVE-2022-30139	Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability	Critical
Windows LDAP – Lightweight Directory Access Protocol	CVE-2022-30149	Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability	Important
Windows LDAP – Lightweight Directory Access Protocol	CVE-2022-30146	Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability	Important
Windows Local Security Authority Subsystem Service	CVE-2022-30166	Local Security Authority Subsystem Service Elevation of Privilege Vulnerability	Important
Windows Media	CVE-2022-30135	Windows Media Center Elevation of Privilege Vulnerability	Important
Windows Network Address Translation (NAT)	CVE-2022-30152	Windows Network Address Translation (NAT) Denial of Service Vulnerability	Important
Windows Network File System	CVE-2022-30136	Windows Network File System Remote Code Execution Vulnerability	Critical
Windows PowerShell	CVE-2022-30148	Windows Desired State Configuration (DSC) Information Disclosure Vulnerability	Important
Windows SMB	CVE-2022-32230	Windows SMB Denial of Service Vulnerability	Important

Kaynak: bleepingcomputer.com

Mehmet Sait YILMAZ 15/06/2022

0 3 dakika okuma süresi

Microsoft Haziran 2022 Patch Tuesday: 1 Zero-Day, 55 Zafiyet Kapatıldı

Kapatılan zafiyetler aşağıdaki gibidir

Follina zero-day kapatıldı

Haziran 2022 Yaması Salı Güvenlik Güncellemeleri

Mehmet Sait YILMAZ

Bir yanıt yazın Yanıtı iptal et

Microsoft Teams Toplantıları İçin 10 İpucu

Windows 10 Üzerinde Kali Linux Kullanımı

Bir Samsung Modeli Daha Android 14 Güncellemesi Aldı. İşte Tüm Modeller!

Acı Kaybımız, Uğur Demir’ i Kaybettik

Bir Veritabanı Sunucusuna Brute Force ile Saldırmak ve Sunucuyu Savunmak

Windows 0x0000011b Ağ Yazdırma Hatası Nasıl Düzeltilir

Kapatılan zafiyetler aşağıdaki gibidir

Follina zero-day kapatıldı

Haziran 2022 Yaması Salı Güvenlik Güncellemeleri

Mehmet Sait YILMAZ

Bir Devir Kapanıyor, Internet Explorer Desteği 15 Haziran Çarşamba ( Yarın ) Son Buluyor

Microsoft, Windows 11 KB5014697 İle 33 Hatayı Düzeltti

İlgili Makaleler

OpenAI, Yapay Zeka Ahlakı Araştırmaları İçin Duke Üniversitesi’ne Fon Sağlıyor

WinZip’te Kritik Güvenlik Açığı!

OpenAI, Galaxy Telefonlarında Yapay Zeka Özelliklerini Kullanmak İçin Samsung’la Görüşüyor!

LinkedIn, Clubhouse Benzeri Sesli Etkinlik Özelliğini Kapatıyor!

Bir yanıt yazın Yanıtı iptal et

Microsoft Teams Toplantıları İçin 10 İpucu

Windows 10 Üzerinde Kali Linux Kullanımı

Bir Samsung Modeli Daha Android 14 Güncellemesi Aldı. İşte Tüm Modeller!

Acı Kaybımız, Uğur Demir’ i Kaybettik

Bir Veritabanı Sunucusuna Brute Force ile Saldırmak ve Sunucuyu Savunmak

Windows 0x0000011b Ağ Yazdırma Hatası Nasıl Düzeltilir