Microsoft Kasım 2023 Patch Tuesday: 5 Zero-Day, 58 Zafiyet Kapatıldı

Mehmet Sait YILMAZ

Microsoft bu ay yayınladığı Patch Tuesday güncellemeleri ile 5 adet zero-day güvenlik açığı ve toplam 58 zafiyeti kapattı.

Bu ay yayınlanan güncellemerde düzeltilen 5 RCE zafiyeti kapatılırken 1 tanesi kritik olarak olarak sınıflandırıdı.

Kapatılan zafiyetler aşağıdaki gibidir:

Beş adet zero-day kapatıldı

CVE-2023-36036 – Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

CVE-2023-36033 – Windows DWM Core Library Elevation of Privilege Vulnerability

CVE-2023-36025 – Windows SmartScreen Security Feature Bypass Vulnerability

CVE-2023-36413 – Microsoft Office Security Feature Bypass Vulnerability

CVE-2023-36038 – ASP.NET Core Denial of Service Vulnerability

Kasım 2023 Patch Tuesday Güvenlik Güncellemelerinin Tam Listesi

TagCVE IDCVE TitleSeverity
.NET FrameworkCVE-2023-36049.NET, .NET Framework, and Visual Studio Elevation of Privilege VulnerabilityImportant
ASP.NETCVE-2023-36560ASP.NET Security Feature Bypass VulnerabilityImportant
ASP.NETCVE-2023-36038ASP.NET Core Denial of Service VulnerabilityImportant
ASP.NETCVE-2023-36558ASP.NET Core – Security Feature Bypass VulnerabilityImportant
AzureCVE-2023-36052Azure CLI REST Command Information Disclosure VulnerabilityCritical
AzureCVE-2023-38151Microsoft Host Integration Server 2020 Remote Code Execution VulnerabilityImportant
AzureCVE-2023-36021Microsoft On-Prem Data Gateway Security Feature Bypass VulnerabilityImportant
Azure DevOpsCVE-2023-36437Azure DevOps Server Remote Code Execution VulnerabilityImportant
MarinerCVE-2020-1747UnknownUnknown
MarinerCVE-2023-46316UnknownUnknown
MarinerCVE-2023-46753UnknownUnknown
MarinerCVE-2020-8554UnknownUnknown
MarinerCVE-2020-14343UnknownUnknown
Microsoft Bluetooth DriverCVE-2023-24023Mitre: CVE-2023-24023 Bluetooth VulnerabilityImportant
Microsoft DynamicsCVE-2023-36016Microsoft Dynamics 365 (on-premises) Cross-site Scripting VulnerabilityImportant
Microsoft DynamicsCVE-2023-36007Microsoft Send Customer Voice survey from Dynamics 365 Spoofing VulnerabilityImportant
Microsoft DynamicsCVE-2023-36031Microsoft Dynamics 365 (on-premises) Cross-site Scripting VulnerabilityImportant
Microsoft DynamicsCVE-2023-36410Microsoft Dynamics 365 (on-premises) Cross-site Scripting VulnerabilityImportant
Microsoft Dynamics 365 SalesCVE-2023-36030Microsoft Dynamics 365 Sales Spoofing VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2023-36014Microsoft Edge (Chromium-based) Remote Code Execution VulnerabilityModerate
Microsoft Edge (Chromium-based)CVE-2023-5996Chromium: CVE-2023-5996 Use after free in WebAudioUnknown
Microsoft Edge (Chromium-based)CVE-2023-36022Microsoft Edge (Chromium-based) Remote Code Execution VulnerabilityModerate
Microsoft Edge (Chromium-based)CVE-2023-36027Microsoft Edge (Chromium-based) Elevation of Privilege VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2023-36029Microsoft Edge (Chromium-based) Spoofing VulnerabilityModerate
Microsoft Edge (Chromium-based)CVE-2023-5480Chromium: CVE-2023-5480 Inappropriate implementation in PaymentsUnknown
Microsoft Edge (Chromium-based)CVE-2023-5856Chromium: CVE-2023-5856 Use after free in Side PanelUnknown
Microsoft Edge (Chromium-based)CVE-2023-5855Chromium: CVE-2023-5855 Use after free in Reading ModeUnknown
Microsoft Edge (Chromium-based)CVE-2023-5854Chromium: CVE-2023-5854 Use after free in ProfilesUnknown
Microsoft Edge (Chromium-based)CVE-2023-5859Chromium: CVE-2023-5859 Incorrect security UI in Picture In PictureUnknown
Microsoft Edge (Chromium-based)CVE-2023-5858Chromium: CVE-2023-5858 Inappropriate implementation in WebApp ProviderUnknown
Microsoft Edge (Chromium-based)CVE-2023-5857Chromium: CVE-2023-5857 Inappropriate implementation in DownloadsUnknown
Microsoft Edge (Chromium-based)CVE-2023-5850Chromium: CVE-2023-5850 Incorrect security UI in DownloadsUnknown
Microsoft Edge (Chromium-based)CVE-2023-5849Chromium: CVE-2023-5849 Integer overflow in USBUnknown
Microsoft Edge (Chromium-based)CVE-2023-5482Chromium: CVE-2023-5482 Insufficient data validation in USBUnknown
Microsoft Edge (Chromium-based)CVE-2023-5853Chromium: CVE-2023-5853 Incorrect security UI in DownloadsUnknown
Microsoft Edge (Chromium-based)CVE-2023-5852Chromium: CVE-2023-5852 Use after free in PrintingUnknown
Microsoft Edge (Chromium-based)CVE-2023-5851Chromium: CVE-2023-5851 Inappropriate implementation in DownloadsUnknown
Microsoft Edge (Chromium-based)CVE-2023-36024Microsoft Edge (Chromium-based) Elevation of Privilege VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2023-36034Microsoft Edge (Chromium-based) Remote Code Execution VulnerabilityModerate
Microsoft Exchange ServerCVE-2023-36439Microsoft Exchange Server Remote Code Execution VulnerabilityImportant
Microsoft Exchange ServerCVE-2023-36050Microsoft Exchange Server Spoofing VulnerabilityImportant
Microsoft Exchange ServerCVE-2023-36039Microsoft Exchange Server Spoofing VulnerabilityImportant
Microsoft Exchange ServerCVE-2023-36035Microsoft Exchange Server Spoofing VulnerabilityImportant
Microsoft OfficeCVE-2023-36413Microsoft Office Security Feature Bypass VulnerabilityImportant
Microsoft OfficeCVE-2023-36045Microsoft Office Graphics Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2023-36041Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2023-36037Microsoft Excel Security Feature Bypass VulnerabilityImportant
Microsoft Office SharePointCVE-2023-38177Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
Microsoft Remote Registry ServiceCVE-2023-36423Microsoft Remote Registry Service Remote Code Execution VulnerabilityImportant
Microsoft Remote Registry ServiceCVE-2023-36401Microsoft Remote Registry Service Remote Code Execution VulnerabilityImportant
Microsoft WDAC OLE DB provider for SQLCVE-2023-36402Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution VulnerabilityImportant
Microsoft Windows Search ComponentCVE-2023-36394Windows Search Service Elevation of Privilege VulnerabilityImportant
Microsoft Windows SpeechCVE-2023-36719Microsoft Speech Application Programming Interface (SAPI) Elevation of Privilege VulnerabilityImportant
Open Management InfrastructureCVE-2023-36043Open Management Infrastructure Information Disclosure VulnerabilityImportant
Tablet Windows User InterfaceCVE-2023-36393Windows User Interface Application Core Remote Code Execution VulnerabilityImportant
Visual StudioCVE-2023-36042Visual Studio Denial of Service VulnerabilityImportant
Visual Studio CodeCVE-2023-36018Visual Studio Code Jupyter Extension Spoofing VulnerabilityImportant
Windows Authentication MethodsCVE-2023-36047Windows Authentication Elevation of Privilege VulnerabilityImportant
Windows Authentication MethodsCVE-2023-36428Microsoft Local Security Authority Subsystem Service Information Disclosure VulnerabilityImportant
Windows Authentication MethodsCVE-2023-36046Windows Authentication Denial of Service VulnerabilityImportant
Windows Cloud Files Mini Filter DriverCVE-2023-36036Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityImportant
Windows Common Log File System DriverCVE-2023-36424Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
Windows Compressed FolderCVE-2023-36396Windows Compressed Folder Remote Code Execution VulnerabilityImportant
Windows DefenderCVE-2023-36422Microsoft Windows Defender Elevation of Privilege VulnerabilityImportant
Windows Deployment ServicesCVE-2023-36395Windows Deployment Services Denial of Service VulnerabilityImportant
Windows DHCP ServerCVE-2023-36392DHCP Server Service Denial of Service VulnerabilityImportant
Windows Distributed File System (DFS)CVE-2023-36425Windows Distributed File System (DFS) Remote Code Execution VulnerabilityImportant
Windows DWM Core LibraryCVE-2023-36033Windows DWM Core Library Elevation of Privilege VulnerabilityImportant
Windows HMAC Key DerivationCVE-2023-36400Windows HMAC Key Derivation Elevation of Privilege VulnerabilityCritical
Windows Hyper-VCVE-2023-36427Windows Hyper-V Elevation of Privilege VulnerabilityImportant
Windows Hyper-VCVE-2023-36407Windows Hyper-V Elevation of Privilege VulnerabilityImportant
Windows Hyper-VCVE-2023-36406Windows Hyper-V Information Disclosure VulnerabilityImportant
Windows Hyper-VCVE-2023-36408Windows Hyper-V Elevation of Privilege VulnerabilityImportant
Windows InstallerCVE-2023-36705Windows Installer Elevation of Privilege VulnerabilityImportant
Windows Internet Connection Sharing (ICS)CVE-2023-36397Windows Pragmatic General Multicast (PGM) Remote Code Execution VulnerabilityCritical
Windows KernelCVE-2023-36405Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2023-36404Windows Kernel Information Disclosure VulnerabilityImportant
Windows KernelCVE-2023-36403Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows NTFSCVE-2023-36398Windows NTFS Information Disclosure VulnerabilityImportant
Windows Protected EAP (PEAP)CVE-2023-36028Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution VulnerabilityImportant
Windows ScriptingCVE-2023-36017Windows Scripting Engine Memory Corruption VulnerabilityImportant
Windows SmartScreenCVE-2023-36025Windows SmartScreen Security Feature Bypass VulnerabilityImportant
Windows StorageCVE-2023-36399Windows Storage Elevation of Privilege VulnerabilityImportant

Kaynak: bleepingcomputer.com

Exit mobile version