Haberler
Microsoft Mart 2023 Patch Tuesday: 2 Zero-Day, 83 Zafiyet Kapatıldı
Microsoft bu ay yayınladığı Patch Tuesday güncellemeleri ile 2 adet zero-day güvenlik açığı ve toplam 83 zafiyeti kapattı.
Bu ay yayınlanan güncellemerde düzeltilen 83 güvenlik açığından 9 tanesi kritik olarak olarak sınıflandırıdı.
Kapatılan zafiyetler aşağıdaki gibidir:
- 21 Elevation of Privilege Vulnerabilities
- 2 Security Feature Bypass Vulnerabilities
- 27 Remote Code Execution Vulnerabilities
- 15 Information Disclosure Vulnerabilities
- 4 Denial of Service Vulnerabilities
- 10 Spoofing Vulnerabilities
- 1 Edge – Chromium Vulnerability
İki adet zero-day kapatıldı
CVE-2023-23397 – Microsoft Outlook Elevation of Privilege Vulnerability
CVE-2023-24880 – Windows SmartScreen Security Feature Bypass Vulnerability
Mart 2023 Patch Tuesday Güvenlik Güncellemelerinin Tam Listesi
Tag | CVE ID | CVE Title | Severity |
---|---|---|---|
Azure | CVE-2023-23408 | Azure Apache Ambari Spoofing Vulnerability | Important |
Client Server Run-time Subsystem (CSRSS) | CVE-2023-23409 | Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability | Important |
Client Server Run-time Subsystem (CSRSS) | CVE-2023-23394 | Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability | Important |
Internet Control Message Protocol (ICMP) | CVE-2023-23415 | Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability | Critical |
Mariner | CVE-2023-0567 | Unknown | Unknown |
Mariner | CVE-2023-20052 | Unknown | Unknown |
Mariner | CVE-2023-20032 | Unknown | Unknown |
Microsoft Bluetooth Driver | CVE-2023-23388 | Windows Bluetooth Driver Elevation of Privilege Vulnerability | Important |
Microsoft Dynamics | CVE-2023-24920 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important |
Microsoft Dynamics | CVE-2023-24879 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important |
Microsoft Dynamics | CVE-2023-24919 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important |
Microsoft Dynamics | CVE-2023-24891 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important |
Microsoft Dynamics | CVE-2023-24922 | Microsoft Dynamics 365 Information Disclosure Vulnerability | Important |
Microsoft Dynamics | CVE-2023-24921 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important |
Microsoft Edge (Chromium-based) | CVE-2023-1236 | Chromium: CVE-2023-1236 Inappropriate implementation in Internals | Unknown |
Microsoft Edge (Chromium-based) | CVE-2023-1235 | Chromium: CVE-2023-1235 Type Confusion in DevTools | Unknown |
Microsoft Edge (Chromium-based) | CVE-2023-1213 | Chromium: CVE-2023-1213 Use after free in Swiftshader | Unknown |
Microsoft Edge (Chromium-based) | CVE-2023-24892 | Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability | Important |
Microsoft Edge (Chromium-based) | CVE-2023-1234 | Chromium: CVE-2023-1234 Inappropriate implementation in Intents | Unknown |
Microsoft Edge (Chromium-based) | CVE-2023-1223 | Chromium: CVE-2023-1223 Insufficient policy enforcement in Autofill | Unknown |
Microsoft Edge (Chromium-based) | CVE-2023-1222 | Chromium: CVE-2023-1222 Heap buffer overflow in Web Audio API | Unknown |
Microsoft Edge (Chromium-based) | CVE-2023-1221 | Chromium: CVE-2023-1221 Insufficient policy enforcement in Extensions API | Unknown |
Microsoft Edge (Chromium-based) | CVE-2023-1229 | Chromium: CVE-2023-1229 Inappropriate implementation in Permission prompts | Unknown |
Microsoft Edge (Chromium-based) | CVE-2023-1228 | Chromium: CVE-2023-1228 Insufficient policy enforcement in Intents | Unknown |
Microsoft Edge (Chromium-based) | CVE-2023-1224 | Chromium: CVE-2023-1224 Insufficient policy enforcement in Web Payments API | Unknown |
Microsoft Edge (Chromium-based) | CVE-2023-1220 | Chromium: CVE-2023-1220 Heap buffer overflow in UMA | Unknown |
Microsoft Edge (Chromium-based) | CVE-2023-1216 | Chromium: CVE-2023-1216 Use after free in DevTools | Unknown |
Microsoft Edge (Chromium-based) | CVE-2023-1215 | Chromium: CVE-2023-1215 Type Confusion in CSS | Unknown |
Microsoft Edge (Chromium-based) | CVE-2023-1214 | Chromium: CVE-2023-1214 Type Confusion in V8 | Unknown |
Microsoft Edge (Chromium-based) | CVE-2023-1219 | Chromium: CVE-2023-1219 Heap buffer overflow in Metrics | Unknown |
Microsoft Edge (Chromium-based) | CVE-2023-1218 | Chromium: CVE-2023-1218 Use after free in WebRTC | Unknown |
Microsoft Edge (Chromium-based) | CVE-2023-1217 | Chromium: CVE-2023-1217 Stack buffer overflow in Crash reporting | Unknown |
Microsoft Edge (Chromium-based) | CVE-2023-1230 | Chromium: CVE-2023-1230 Inappropriate implementation in WebApp Installs | Unknown |
Microsoft Edge (Chromium-based) | CVE-2023-1232 | Chromium: CVE-2023-1232 Insufficient policy enforcement in Resource Timing | Unknown |
Microsoft Edge (Chromium-based) | CVE-2023-1233 | Chromium: CVE-2023-1233 Insufficient policy enforcement in Resource Timing | Unknown |
Microsoft Edge (Chromium-based) | CVE-2023-1231 | Chromium: CVE-2023-1231 Inappropriate implementation in Autofill | Unknown |
Microsoft Graphics Component | CVE-2023-24910 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
Microsoft Office Excel | CVE-2023-23398 | Microsoft Excel Spoofing Vulnerability | Important |
Microsoft Office Excel | CVE-2023-23396 | Microsoft Excel Denial of Service Vulnerability | Important |
Microsoft Office Excel | CVE-2023-23399 | Microsoft Excel Remote Code Execution Vulnerability | Important |
Microsoft Office Outlook | CVE-2023-23397 | Microsoft Outlook Elevation of Privilege Vulnerability | Critical |
Microsoft Office SharePoint | CVE-2023-23395 | Microsoft SharePoint Server Spoofing Vulnerability | Important |
Microsoft OneDrive | CVE-2023-24890 | Microsoft OneDrive for iOS Security Feature Bypass Vulnerability | Important |
Microsoft OneDrive | CVE-2023-24930 | Microsoft OneDrive for MacOS Elevation of Privilege Vulnerability | Important |
Microsoft OneDrive | CVE-2023-24882 | Microsoft OneDrive for Android Information Disclosure Vulnerability | Important |
Microsoft OneDrive | CVE-2023-24923 | Microsoft OneDrive for Android Information Disclosure Vulnerability | Important |
Microsoft PostScript Printer Driver | CVE-2023-24907 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
Microsoft PostScript Printer Driver | CVE-2023-24857 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Important |
Microsoft PostScript Printer Driver | CVE-2023-24868 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
Microsoft PostScript Printer Driver | CVE-2023-24872 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
Microsoft PostScript Printer Driver | CVE-2023-24876 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
Microsoft PostScript Printer Driver | CVE-2023-24913 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
Microsoft PostScript Printer Driver | CVE-2023-24864 | Microsoft PostScript and PCL6 Class Printer Driver Elevation of Privilege Vulnerability | Important |
Microsoft PostScript Printer Driver | CVE-2023-24866 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Important |
Microsoft PostScript Printer Driver | CVE-2023-24906 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Important |
Microsoft PostScript Printer Driver | CVE-2023-24867 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
Microsoft PostScript Printer Driver | CVE-2023-24863 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Important |
Microsoft PostScript Printer Driver | CVE-2023-24858 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Important |
Microsoft PostScript Printer Driver | CVE-2023-24911 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Important |
Microsoft PostScript Printer Driver | CVE-2023-24870 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Important |
Microsoft PostScript Printer Driver | CVE-2023-24909 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
Microsoft PostScript Printer Driver | CVE-2023-23406 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
Microsoft PostScript Printer Driver | CVE-2023-23413 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
Microsoft PostScript Printer Driver | CVE-2023-24856 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Important |
Microsoft Printer Drivers | CVE-2023-24865 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Important |
Microsoft Printer Drivers | CVE-2023-23403 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
Microsoft Windows Codecs Library | CVE-2023-23401 | Windows Media Remote Code Execution Vulnerability | Important |
Microsoft Windows Codecs Library | CVE-2023-23402 | Windows Media Remote Code Execution Vulnerability | Important |
Office for Android | CVE-2023-23391 | Office for Android Spoofing Vulnerability | Important |
Remote Access Service Point-to-Point Tunneling Protocol | CVE-2023-23404 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | Critical |
Role: DNS Server | CVE-2023-23400 | Windows DNS Server Remote Code Execution Vulnerability | Important |
Role: Windows Hyper-V | CVE-2023-23411 | Windows Hyper-V Denial of Service Vulnerability | Critical |
Service Fabric | CVE-2023-23383 | Service Fabric Explorer Spoofing Vulnerability | Important |
Visual Studio | CVE-2023-23618 | GitHub: CVE-2023-23618 Git for Windows Remote Code Execution Vulnerability | Important |
Visual Studio | CVE-2023-22743 | GitHub: CVE-2023-22743 Git for Windows Installer Elevation of Privilege Vulnerability | Important |
Visual Studio | CVE-2023-23946 | GitHub: CVE-2023-23946 mingit Remote Code Execution Vulnerability | Important |
Visual Studio | CVE-2023-22490 | GitHub: CVE-2023-22490 mingit Information Disclosure Vulnerability | Important |
Windows Accounts Control | CVE-2023-23412 | Windows Accounts Picture Elevation of Privilege Vulnerability | Important |
Windows Bluetooth Service | CVE-2023-24871 | Windows Bluetooth Service Remote Code Execution Vulnerability | Important |
Windows Central Resource Manager | CVE-2023-23393 | Windows BrokerInfrastructure Service Elevation of Privilege Vulnerability | Important |
Windows Cryptographic Services | CVE-2023-23416 | Windows Cryptographic Services Remote Code Execution Vulnerability | Critical |
Windows Defender | CVE-2023-23389 | Microsoft Defender Elevation of Privilege Vulnerability | Important |
Windows HTTP Protocol Stack | CVE-2023-23392 | HTTP Protocol Stack Remote Code Execution Vulnerability | Critical |
Windows HTTP.sys | CVE-2023-23410 | Windows HTTP.sys Elevation of Privilege Vulnerability | Important |
Windows Internet Key Exchange (IKE) Protocol | CVE-2023-24859 | Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | Important |
Windows Kernel | CVE-2023-23420 | Windows Kernel Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2023-23422 | Windows Kernel Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2023-23421 | Windows Kernel Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2023-23423 | Windows Kernel Elevation of Privilege Vulnerability | Important |
Windows Partition Management Driver | CVE-2023-23417 | Windows Partition Management Driver Elevation of Privilege Vulnerability | Important |
Windows Point-to-Point Protocol over Ethernet (PPPoE) | CVE-2023-23407 | Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability | Important |
Windows Point-to-Point Protocol over Ethernet (PPPoE) | CVE-2023-23385 | Windows Point-to-Point Protocol over Ethernet (PPPoE) Elevation of Privilege Vulnerability | Important |
Windows Point-to-Point Protocol over Ethernet (PPPoE) | CVE-2023-23414 | Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability | Important |
Windows Remote Procedure Call | CVE-2023-21708 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Critical |
Windows Remote Procedure Call Runtime | CVE-2023-23405 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important |
Windows Remote Procedure Call Runtime | CVE-2023-24869 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important |
Windows Remote Procedure Call Runtime | CVE-2023-24908 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important |
Windows Resilient File System (ReFS) | CVE-2023-23419 | Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability | Important |
Windows Resilient File System (ReFS) | CVE-2023-23418 | Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability | Important |
Windows Secure Channel | CVE-2023-24862 | Windows Secure Channel Denial of Service Vulnerability | Important |
Windows SmartScreen | CVE-2023-24880 | Windows SmartScreen Security Feature Bypass Vulnerability | Moderate |
Windows TPM | CVE-2023-1017 | CERT/CC: CVE-2023-1017 TPM2.0 Module Library Elevation of Privilege Vulnerability | Critical |
Windows TPM | CVE-2023-1018 | CERT/CC: CVE-2023-1018 TPM2.0 Module Library Elevation of Privilege Vulnerability | Critical |
Windows Win32K | CVE-2023-24861 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
Kaynak: bleepingcomputer.com