Microsoft bu ay yayınladığı Patch Tuesday güncellemeleri ile 3 adet Zero day güvenlik açığı ve toplam 61 zafiyeti kapattı.
Kapatılan zafiyetler aşağıdaki gibi:
- 17 Elevation of Privilege Vulnerabilities
- 2 Security Feature Bypass Vulnerabilities
- 27 Remote Code Execution Vulnerabilities
- 7 Information Disclosure Vulnerabilities
- 3 Denial of Service Vulnerabilities
- 4 Spoofing Vulnerabilities
Üç Adet Zero Day Kapatıldı
CVE-2024-30040 – Windows MSHTML Platform Security Feature Bypass Vulnerability
CVE-2024-30051 – Windows DWM Core Library Elevation of Privilege Vulnerability
CVE-2024-30046 – Visual Studio Denial of Service Vulnerability
Mayıs 2024 Patch Tuesday Güvenlik Güncellemelerinin Tam Listesi
Tag | CVE ID | CVE Title | Severity |
---|---|---|---|
.NET and Visual Studio | CVE-2024-30045 | .NET and Visual Studio Remote Code Execution Vulnerability | Important |
Azure Migrate | CVE-2024-30053 | Azure Migrate Cross-Site Scripting Vulnerability | Important |
Microsoft Bing | CVE-2024-30041 | Microsoft Bing Search Spoofing Vulnerability | Important |
Microsoft Brokering File System | CVE-2024-30007 | Microsoft Brokering File System Elevation of Privilege Vulnerability | Important |
Microsoft Dynamics 365 Customer Insights | CVE-2024-30048 | Dynamics 365 Customer Insights Spoofing Vulnerability | Important |
Microsoft Dynamics 365 Customer Insights | CVE-2024-30047 | Dynamics 365 Customer Insights Spoofing Vulnerability | Important |
Microsoft Edge (Chromium-based) | CVE-2024-4558 | Chromium: CVE-2024-4558 Use after free in ANGLE | Unknown |
Microsoft Edge (Chromium-based) | CVE-2024-4331 | Chromium: CVE-2024-4331 Use after free in Picture In Picture | Unknown |
Microsoft Edge (Chromium-based) | CVE-2024-4671 | Chromium: CVE-2024-4671 Use after free in Visuals | Unknown |
Microsoft Edge (Chromium-based) | CVE-2024-30055 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | Low |
Microsoft Edge (Chromium-based) | CVE-2024-4368 | Chromium: CVE-2024-4368 Use after free in Dawn | Unknown |
Microsoft Edge (Chromium-based) | CVE-2024-4559 | Chromium: CVE-2024-4559 Heap buffer overflow in WebAudio | Unknown |
Microsoft Intune | CVE-2024-30059 | Microsoft Intune for Android Mobile Application Management Tampering Vulnerability | Important |
Microsoft Office Excel | CVE-2024-30042 | Microsoft Excel Remote Code Execution Vulnerability | Important |
Microsoft Office SharePoint | CVE-2024-30044 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Critical |
Microsoft Office SharePoint | CVE-2024-30043 | Microsoft SharePoint Server Information Disclosure Vulnerability | Important |
Microsoft WDAC OLE DB provider for SQL | CVE-2024-30006 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
Microsoft Windows SCSI Class System File | CVE-2024-29994 | Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability | Important |
Microsoft Windows Search Component | CVE-2024-30033 | Windows Search Service Elevation of Privilege Vulnerability | Important |
Power BI | CVE-2024-30054 | Microsoft Power BI Client JavaScript SDK Information Disclosure Vulnerability | Important |
Visual Studio | CVE-2024-30046 | Visual Studio Denial of Service Vulnerability | Important |
Visual Studio | CVE-2024-32004 | GitHub: CVE-2024-32004 Remote Code Execution while cloning special-crafted local repositories | Important |
Visual Studio | CVE-2024-32002 | CVE-2024-32002 Recursive clones on case-insensitive filesystems that support symlinks are susceptible to Remote Code Execution | Important |
Windows Cloud Files Mini Filter Driver | CVE-2024-30034 | Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability | Important |
Windows CNG Key Isolation Service | CVE-2024-30031 | Windows CNG Key Isolation Service Elevation of Privilege Vulnerability | Important |
Windows Common Log File System Driver | CVE-2024-29996 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important |
Windows Common Log File System Driver | CVE-2024-30037 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important |
Windows Common Log File System Driver | CVE-2024-30025 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important |
Windows Cryptographic Services | CVE-2024-30020 | Windows Cryptographic Services Remote Code Execution Vulnerability | Important |
Windows Cryptographic Services | CVE-2024-30016 | Windows Cryptographic Services Information Disclosure Vulnerability | Important |
Windows Deployment Services | CVE-2024-30036 | Windows Deployment Services Information Disclosure Vulnerability | Important |
Windows DHCP Server | CVE-2024-30019 | DHCP Server Service Denial of Service Vulnerability | Important |
Windows DWM Core Library | CVE-2024-30008 | Windows DWM Core Library Information Disclosure Vulnerability | Important |
Windows DWM Core Library | CVE-2024-30051 | Windows DWM Core Library Elevation of Privilege Vulnerability | Important |
Windows DWM Core Library | CVE-2024-30035 | Windows DWM Core Library Elevation of Privilege Vulnerability | Important |
Windows DWM Core Library | CVE-2024-30032 | Windows DWM Core Library Elevation of Privilege Vulnerability | Important |
Windows Hyper-V | CVE-2024-30011 | Windows Hyper-V Denial of Service Vulnerability | Important |
Windows Hyper-V | CVE-2024-30017 | Windows Hyper-V Remote Code Execution Vulnerability | Important |
Windows Hyper-V | CVE-2024-30010 | Windows Hyper-V Remote Code Execution Vulnerability | Important |
Windows Kernel | CVE-2024-30018 | Windows Kernel Elevation of Privilege Vulnerability | Important |
Windows Mark of the Web (MOTW) | CVE-2024-30050 | Windows Mark of the Web Security Feature Bypass Vulnerability | Moderate |
Windows Mobile Broadband | CVE-2024-30002 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important |
Windows Mobile Broadband | CVE-2024-29997 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important |
Windows Mobile Broadband | CVE-2024-30003 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important |
Windows Mobile Broadband | CVE-2024-30012 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important |
Windows Mobile Broadband | CVE-2024-29999 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important |
Windows Mobile Broadband | CVE-2024-29998 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important |
Windows Mobile Broadband | CVE-2024-30000 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important |
Windows Mobile Broadband | CVE-2024-30005 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important |
Windows Mobile Broadband | CVE-2024-30004 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important |
Windows Mobile Broadband | CVE-2024-30021 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important |
Windows Mobile Broadband | CVE-2024-30001 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important |
Windows MSHTML Platform | CVE-2024-30040 | Windows MSHTML Platform Security Feature Bypass Vulnerability | Important |
Windows NTFS | CVE-2024-30027 | NTFS Elevation of Privilege Vulnerability | Important |
Windows Remote Access Connection Manager | CVE-2024-30039 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | Important |
Windows Routing and Remote Access Service (RRAS) | CVE-2024-30009 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
Windows Routing and Remote Access Service (RRAS) | CVE-2024-30024 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
Windows Routing and Remote Access Service (RRAS) | CVE-2024-30015 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
Windows Routing and Remote Access Service (RRAS) | CVE-2024-30029 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
Windows Routing and Remote Access Service (RRAS) | CVE-2024-30023 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
Windows Routing and Remote Access Service (RRAS) | CVE-2024-30014 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
Windows Routing and Remote Access Service (RRAS) | CVE-2024-30022 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
Windows Task Scheduler | CVE-2024-26238 | Microsoft PLUGScheduler Scheduled Task Elevation of Privilege Vulnerability | Important |
Windows Win32K – GRFX | CVE-2024-30030 | Win32k Elevation of Privilege Vulnerability | Important |
Windows Win32K – ICOMP | CVE-2024-30038 | Win32k Elevation of Privilege Vulnerability | Important |
Windows Win32K – ICOMP | CVE-2024-30049 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | Important |
Windows Win32K – ICOMP | CVE-2024-30028 | Win32k Elevation of Privilege Vulnerability | Important |