Microsoft bu ay yayınladığı Patch Tuesday güncellemeleri ile 7 adet Zero-Day güvenlik açığı ve toplam 57 zafiyeti kapattı.
Kapatılan zafiyetler aşağıdaki gibi:
- 23 Elevation of Privilege Vulnerabilities
- 3 Security Feature Bypass Vulnerabilities
- 23 Remote Code Execution Vulnerabilities
- 4 Information Disclosure Vulnerabilities
- 1 Denial of Service Vulnerabilities
- 3 Spoofing Vulnerabilities
7 Zero-Day Zafiyeti Kapatıldı
CVE-2025-24983 – Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
CVE-2025-24984 – Windows NTFS Information Disclosure Vulnerability
CVE-2025-24985 – Windows Fast FAT File System Driver Remote Code Execution Vulnerability
CVE-2025-24991 – Windows NTFS Information Disclosure Vulnerability
CVE-2025-24993 – Windows NTFS Remote Code Execution Vulnerability
CVE-2025-26633 – Microsoft Management Console Security Feature Bypass Vulnerability
CVE-2025-26630 – Microsoft Access Remote Code Execution Vulnerability
Mart 2024 Patch Tuesday Güvenlik Güncellemelerinin Tam Listesi
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| .NET | CVE-2025-24043 | WinDbg Remote Code Execution Vulnerability | Important |
| ASP.NET Core & Visual Studio | CVE-2025-24070 | ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability | Important |
| Azure Agent Installer | CVE-2025-21199 | Azure Agent Installer for Backup and Site Recovery Elevation of Privilege Vulnerability | Important |
| Azure Arc | CVE-2025-26627 | Azure Arc Installer Elevation of Privilege Vulnerability | Important |
| Azure CLI | CVE-2025-24049 | Azure Command Line Integration (CLI) Elevation of Privilege Vulnerability | Important |
| Azure PromptFlow | CVE-2025-24986 | Azure Promptflow Remote Code Execution Vulnerability | Important |
| Kernel Streaming WOW Thunk Service Driver | CVE-2025-24995 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | Important |
| Microsoft Local Security Authority Server (lsasrv) | CVE-2025-24072 | Microsoft Local Security Authority (LSA) Server Elevation of Privilege Vulnerability | Important |
| Microsoft Management Console | CVE-2025-26633 | Microsoft Management Console Security Feature Bypass Vulnerability | Important |
| Microsoft Office | CVE-2025-24083 | Microsoft Office Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2025-26629 | Microsoft Office Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2025-24080 | Microsoft Office Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2025-24057 | Microsoft Office Remote Code Execution Vulnerability | Critical |
| Microsoft Office Access | CVE-2025-26630 | Microsoft Access Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-24081 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-24082 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-24075 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Word | CVE-2025-24077 | Microsoft Word Remote Code Execution Vulnerability | Important |
| Microsoft Office Word | CVE-2025-24078 | Microsoft Word Remote Code Execution Vulnerability | Important |
| Microsoft Office Word | CVE-2025-24079 | Microsoft Word Remote Code Execution Vulnerability | Important |
| Microsoft Streaming Service | CVE-2025-24046 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability | Important |
| Microsoft Streaming Service | CVE-2025-24067 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2025-25008 | Windows Server Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2024-9157 | Synaptics: CVE-2024-9157 Synaptics Service Binaries DLL Loading Vulnerability | Important |
| Remote Desktop Client | CVE-2025-26645 | Remote Desktop Client Remote Code Execution Vulnerability | Critical |
| Role: DNS Server | CVE-2025-24064 | Windows Domain Name Service Remote Code Execution Vulnerability | Critical |
| Role: Windows Hyper-V | CVE-2025-24048 | Windows Hyper-V Elevation of Privilege Vulnerability | Important |
| Role: Windows Hyper-V | CVE-2025-24050 | Windows Hyper-V Elevation of Privilege Vulnerability | Important |
| Visual Studio | CVE-2025-24998 | Visual Studio Elevation of Privilege Vulnerability | Important |
| Visual Studio | CVE-2025-25003 | Visual Studio Elevation of Privilege Vulnerability | Important |
| Visual Studio Code | CVE-2025-26631 | Visual Studio Code Elevation of Privilege Vulnerability | Important |
| Windows Common Log File System Driver | CVE-2025-24059 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important |
| Windows Cross Device Service | CVE-2025-24994 | Microsoft Windows Cross Device Service Elevation of Privilege Vulnerability | Important |
| Windows Cross Device Service | CVE-2025-24076 | Microsoft Windows Cross Device Service Elevation of Privilege Vulnerability | Important |
| Windows exFAT File System | CVE-2025-21180 | Windows exFAT File System Remote Code Execution Vulnerability | Important |
| Windows Fast FAT Driver | CVE-2025-24985 | Windows Fast FAT File System Driver Remote Code Execution Vulnerability | Important |
| Windows File Explorer | CVE-2025-24071 | Microsoft Windows File Explorer Spoofing Vulnerability | Important |
| Windows Kernel Memory | CVE-2025-24997 | DirectX Graphics Kernel File Denial of Service Vulnerability | Important |
| Windows Kernel-Mode Drivers | CVE-2025-24066 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability | Important |
| Windows MapUrlToZone | CVE-2025-21247 | MapUrlToZone Security Feature Bypass Vulnerability | Important |
| Windows Mark of the Web (MOTW) | CVE-2025-24061 | Windows Mark of the Web Security Feature Bypass Vulnerability | Important |
| Windows NTFS | CVE-2025-24993 | Windows NTFS Remote Code Execution Vulnerability | Important |
| Windows NTFS | CVE-2025-24984 | Windows NTFS Information Disclosure Vulnerability | Important |
| Windows NTFS | CVE-2025-24992 | Windows NTFS Information Disclosure Vulnerability | Important |
| Windows NTFS | CVE-2025-24991 | Windows NTFS Information Disclosure Vulnerability | Important |
| Windows NTLM | CVE-2025-24996 | NTLM Hash Disclosure Spoofing Vulnerability | Important |
| Windows NTLM | CVE-2025-24054 | NTLM Hash Disclosure Spoofing Vulnerability | Important |
| Windows Remote Desktop Services | CVE-2025-24035 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Critical |
| Windows Remote Desktop Services | CVE-2025-24045 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Critical |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-24051 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Subsystem for Linux | CVE-2025-24084 | Windows Subsystem for Linux (WSL2) Kernel Remote Code Execution Vulnerability | Critical |
| Windows Telephony Server | CVE-2025-24056 | Windows Telephony Service Remote Code Execution Vulnerability | Important |
| Windows USB Video Driver | CVE-2025-24988 | Windows USB Video Class System Driver Elevation of Privilege Vulnerability | Important |
| Windows USB Video Driver | CVE-2025-24987 | Windows USB Video Class System Driver Elevation of Privilege Vulnerability | Important |
| Windows USB Video Driver | CVE-2025-24055 | Windows USB Video Class System Driver Information Disclosure Vulnerability | Important |
| Windows Win32 Kernel Subsystem | CVE-2025-24044 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | Important |
| Windows Win32 Kernel Subsystem | CVE-2025-24983 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | Important |
