Microsoft Haziran 2024 Patch Tuesday: 51 Zafiyet Kapatıldı

Mehmet Sait YILMAZ

11/06/2024

Microsoft bu ay yayınladığı Patch Tuesday güncellemeleri ile 18 adet RCE güvenlik açığı ve toplam 51 zafiyeti kapattı.

Kapatılan zafiyetler aşağıdaki gibi:

25 Elevation of Privilege Vulnerabilities
18 Remote Code Execution Vulnerabilities
3 Information Disclosure Vulnerabilities
5 Denial of Service Vulnerabilities

Public ortamda sömürülen bir adet zero day kapatıldı

CVE-2023-50868 – MITRE: CVE-2023-50868 NSEC3 closest encloser proof can exhaust CPU

Haziran 2024 Patch Tuesday Güvenlik Güncellemelerinin Tam Listesi

Tag	CVE ID	CVE Title	Severity
Azure Data Science Virtual Machines	CVE-2024-37325	Azure Science Virtual Machine (DSVM) Elevation of Privilege Vulnerability	Important
Azure File Sync	CVE-2024-35253	Microsoft Azure File Sync Elevation of Privilege Vulnerability	Important
Azure Monitor	CVE-2024-35254	Azure Monitor Agent Elevation of Privilege Vulnerability	Important
Azure SDK	CVE-2024-35255	Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability	Important
Azure Storage Library	CVE-2024-35252	Azure Storage Movement Client Library Denial of Service Vulnerability	Important
Dynamics Business Central	CVE-2024-35248	Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability	Important
Dynamics Business Central	CVE-2024-35249	Microsoft Dynamics 365 Business Central Remote Code Execution Vulnerability	Important
Microsoft Dynamics	CVE-2024-35263	Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability	Important
Microsoft Edge (Chromium-based)	CVE-2024-5498	Chromium: CVE-2024-5498 Use after free in Presentation API	Unknown
Microsoft Edge (Chromium-based)	CVE-2024-5493	Chromium: CVE-2024-5493 Heap buffer overflow in WebRTC	Unknown
Microsoft Edge (Chromium-based)	CVE-2024-5497	Chromium: CVE-2024-5497 Out of bounds memory access in Keyboard Inputs	Unknown
Microsoft Edge (Chromium-based)	CVE-2024-5495	Chromium: CVE-2024-5495 Use after free in Dawn	Unknown
Microsoft Edge (Chromium-based)	CVE-2024-5499	Chromium: CVE-2024-5499 Out of bounds write in Streams API	Unknown
Microsoft Edge (Chromium-based)	CVE-2024-5494	Chromium: CVE-2024-5494 Use after free in Dawn	Unknown
Microsoft Edge (Chromium-based)	CVE-2024-5496	Chromium: CVE-2024-5496 Use after free in Media Session	Unknown
Microsoft Office	CVE-2024-30101	Microsoft Office Remote Code Execution Vulnerability	Important
Microsoft Office	CVE-2024-30104	Microsoft Office Remote Code Execution Vulnerability	Important
Microsoft Office Outlook	CVE-2024-30103	Microsoft Outlook Remote Code Execution Vulnerability	Important
Microsoft Office SharePoint	CVE-2024-30100	Microsoft SharePoint Server Remote Code Execution Vulnerability	Important
Microsoft Office Word	CVE-2024-30102	Microsoft Office Remote Code Execution Vulnerability	Important
Microsoft Streaming Service	CVE-2024-30090	Microsoft Streaming Service Elevation of Privilege Vulnerability	Important
Microsoft Streaming Service	CVE-2024-30089	Microsoft Streaming Service Elevation of Privilege Vulnerability	Important
Microsoft WDAC OLE DB provider for SQL	CVE-2024-30077	Windows OLE Remote Code Execution Vulnerability	Important
Microsoft Windows	CVE-2023-50868	MITRE: CVE-2023-50868 NSEC3 closest encloser proof can exhaust CPU	Important
Microsoft Windows Speech	CVE-2024-30097	Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability	Important
Visual Studio	CVE-2024-30052	Visual Studio Remote Code Execution Vulnerability	Important
Visual Studio	CVE-2024-29060	Visual Studio Elevation of Privilege Vulnerability	Important
Visual Studio	CVE-2024-29187	GitHub: CVE-2024-29187 WiX Burn-based bundles are vulnerable to binary hijack when run as SYSTEM	Important
Windows Cloud Files Mini Filter Driver	CVE-2024-30085	Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability	Important
Windows Container Manager Service	CVE-2024-30076	Windows Container Manager Service Elevation of Privilege Vulnerability	Important
Windows Cryptographic Services	CVE-2024-30096	Windows Cryptographic Services Information Disclosure Vulnerability	Important
Windows DHCP Server	CVE-2024-30070	DHCP Server Service Denial of Service Vulnerability	Important
Windows Distributed File System (DFS)	CVE-2024-30063	Windows Distributed File System (DFS) Remote Code Execution Vulnerability	Important
Windows Event Logging Service	CVE-2024-30072	Microsoft Event Trace Log File Parsing Remote Code Execution Vulnerability	Important
Windows Kernel	CVE-2024-30068	Windows Kernel Elevation of Privilege Vulnerability	Important
Windows Kernel	CVE-2024-30064	Windows Kernel Elevation of Privilege Vulnerability	Important
Windows Kernel-Mode Drivers	CVE-2024-30084	Windows Kernel-Mode Driver Elevation of Privilege Vulnerability	Important
Windows Kernel-Mode Drivers	CVE-2024-35250	Windows Kernel-Mode Driver Elevation of Privilege Vulnerability	Important
Windows Link Layer Topology Discovery Protocol	CVE-2024-30075	Windows Link Layer Topology Discovery Protocol Remote Code Execution Vulnerability	Important
Windows Link Layer Topology Discovery Protocol	CVE-2024-30074	Windows Link Layer Topology Discovery Protocol Remote Code Execution Vulnerability	Important
Windows NT OS Kernel	CVE-2024-30099	Windows Kernel Elevation of Privilege Vulnerability	Important
Windows NT OS Kernel	CVE-2024-30088	Windows Kernel Elevation of Privilege Vulnerability	Important
Windows Perception Service	CVE-2024-35265	Windows Perception Service Elevation of Privilege Vulnerability	Important
Windows Remote Access Connection Manager	CVE-2024-30069	Windows Remote Access Connection Manager Information Disclosure Vulnerability	Important
Windows Routing and Remote Access Service (RRAS)	CVE-2024-30095	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	Important
Windows Routing and Remote Access Service (RRAS)	CVE-2024-30094	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	Important
Windows Server Service	CVE-2024-30062	Windows Standards-Based Storage Management Service Remote Code Execution Vulnerability	Important
Windows Server Service	CVE-2024-30080	Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability	Critical
Windows Standards-Based Storage Management Service	CVE-2024-30083	Windows Standards-Based Storage Management Service Denial of Service Vulnerability	Important
Windows Storage	CVE-2024-30093	Windows Storage Elevation of Privilege Vulnerability	Important
Windows Themes	CVE-2024-30065	Windows Themes Denial of Service Vulnerability	Important
Windows Wi-Fi Driver	CVE-2024-30078	Windows Wi-Fi Driver Remote Code Execution Vulnerability	Important
Windows Win32 Kernel Subsystem	CVE-2024-30086	Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability	Important
Windows Win32K – GRFX	CVE-2024-30087	Win32k Elevation of Privilege Vulnerability	Important
Windows Win32K – GRFX	CVE-2024-30091	Win32k Elevation of Privilege Vulnerability	Important
Windows Win32K – GRFX	CVE-2024-30082	Win32k Elevation of Privilege Vulnerability	Important
Winlogon	CVE-2024-30067	Winlogon Elevation of Privilege Vulnerability	Important
Winlogon	CVE-2024-30066	Winlogon Elevation of Privilege Vulnerability	Important