Microsoft Nisan 2022 Patch Tuesday: 2 Zero-Day, 119 Zafiyet Kapatıldı

Microsoft bu ay yayınladığı Patch Tuesday yamaları ile 2 sıfırıncı gün güvenlik açığı ve toplam 119 zafiyeti kapattı. Microsoft, bu güncellemelerle 119 güvenlik açığını (26 Microsoft Edge güvenlik açığı hariç) düzeltti ve 10 tanesi uzaktan kod yürütülmesine (RCE) izin verdiği için kritik olarak sınıflandırıldı.

Kapatılan zafiyetler aşağıdaki gibidir

2 sıfır gün düzeltildi, hiçbiri aktif olarak kullanılmadı

CVE-2022-26904 – Windows User Profile Service Elevation of Privilege Vulnerability

CrowdStrike ve ABD Ulusal Güvenlik Ajansı (NSA) tarafından keşfedilen zafiyet, ayrıcalık yükseltme güvenlik açığı.

CVE-2022-24521 –  Windows Common Log File System Driver Elevation of Privilege Vulnerability

Nisan 2022 Yaması Salı Güvenlik Güncellemeleri

TagCVE IDCVE TitleSeverity
.NET FrameworkCVE-2022-26832.NET Framework Denial of Service VulnerabilityImportant
Active Directory Domain ServicesCVE-2022-26814Windows DNS Server Remote Code Execution VulnerabilityImportant
Active Directory Domain ServicesCVE-2022-26817Windows DNS Server Remote Code Execution VulnerabilityImportant
Azure SDKCVE-2022-26907Azure SDK for .NET Information Disclosure VulnerabilityImportant
Azure Site RecoveryCVE-2022-26898Azure Site Recovery Remote Code Execution VulnerabilityImportant
Azure Site RecoveryCVE-2022-26897Azure Site Recovery Information Disclosure VulnerabilityImportant
Azure Site RecoveryCVE-2022-26896Azure Site Recovery Information Disclosure VulnerabilityImportant
LDAP – Lightweight Directory Access ProtocolCVE-2022-26831Windows LDAP Denial of Service VulnerabilityImportant
LDAP – Lightweight Directory Access ProtocolCVE-2022-26919Windows LDAP Remote Code Execution VulnerabilityCritical
Microsoft Bluetooth DriverCVE-2022-26828Windows Bluetooth Driver Elevation of Privilege VulnerabilityImportant
Microsoft DynamicsCVE-2022-23259Microsoft Dynamics 365 (on-premises) Remote Code Execution VulnerabilityCritical
Microsoft Edge (Chromium-based)CVE-2022-26909Microsoft Edge (Chromium-based) Elevation of Privilege VulnerabilityModerate
Microsoft Edge (Chromium-based)CVE-2022-1139Chromium: CVE-2022-1139 Inappropriate implementation in Background Fetch APIUnknown
Microsoft Edge (Chromium-based)CVE-2022-26912Microsoft Edge (Chromium-based) Elevation of Privilege VulnerabilityModerate
Microsoft Edge (Chromium-based)CVE-2022-26908Microsoft Edge (Chromium-based) Elevation of Privilege VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2022-1146Chromium: CVE-2022-1146 Inappropriate implementation in Resource TimingUnknown
Microsoft Edge (Chromium-based)CVE-2022-26895Microsoft Edge (Chromium-based) Elevation of Privilege VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2022-26900Microsoft Edge (Chromium-based) Elevation of Privilege VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2022-26894Microsoft Edge (Chromium-based) Elevation of Privilege VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2022-1232Chromium: CVE-2022-1232 Type Confusion in V8Unknown
Microsoft Edge (Chromium-based)CVE-2022-26891Microsoft Edge (Chromium-based) Elevation of Privilege VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2022-1125Chromium: CVE-2022-1125 Use after free in PortalsUnknown
Microsoft Edge (Chromium-based)CVE-2022-1136Chromium: CVE-2022-1136 Use after free in Tab StripUnknown
Microsoft Edge (Chromium-based)CVE-2022-24475Microsoft Edge (Chromium-based) Elevation of Privilege VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2022-1145Chromium: CVE-2022-1145 Use after free in ExtensionsUnknown
Microsoft Edge (Chromium-based)CVE-2022-1135Chromium: CVE-2022-1135 Use after free in Shopping CartUnknown
Microsoft Edge (Chromium-based)CVE-2022-1138Chromium: CVE-2022-1138 Inappropriate implementation in Web CursorUnknown
Microsoft Edge (Chromium-based)CVE-2022-1143Chromium: CVE-2022-1143 Heap buffer overflow in WebUIUnknown
Microsoft Edge (Chromium-based)CVE-2022-24523Microsoft Edge (Chromium-based) Spoofing VulnerabilityModerate
Microsoft Edge (Chromium-based)CVE-2022-1137Chromium: CVE-2022-1137 Inappropriate implementation in ExtensionsUnknown
Microsoft Edge (Chromium-based)CVE-2022-1134Chromium: CVE-2022-1134 Type Confusion in V8Unknown
Microsoft Edge (Chromium-based)CVE-2022-1127Chromium: CVE-2022-1127 Use after free in QR Code GeneratorUnknown
Microsoft Edge (Chromium-based)CVE-2022-1128Chromium: CVE-2022-1128 Inappropriate implementation in Web Share APIUnknown
Microsoft Edge (Chromium-based)CVE-2022-1133Chromium: CVE-2022-1133 Use after free in WebRTCUnknown
Microsoft Edge (Chromium-based)CVE-2022-1130Chromium: CVE-2022-1130 Insufficient validation of untrusted input in WebOTPUnknown
Microsoft Edge (Chromium-based)CVE-2022-1129Chromium: CVE-2022-1129 Inappropriate implementation in Full Screen ModeUnknown
Microsoft Edge (Chromium-based)CVE-2022-1131Chromium: CVE-2022-1131 Use after free in Cast UIUnknown
Microsoft Graphics ComponentCVE-2022-26920Windows Graphics Component Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2022-26903Windows Graphics Component Remote Code Execution VulnerabilityImportant
Microsoft Local Security Authority Server (lsasrv)CVE-2022-24493Microsoft Local Security Authority (LSA) Server Information Disclosure VulnerabilityImportant
Microsoft Office ExcelCVE-2022-24473Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2022-26901Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2022-24472Microsoft SharePoint Server Spoofing VulnerabilityImportant
Microsoft Windows ALPCCVE-2022-24482Windows ALPC Elevation of Privilege VulnerabilityImportant
Microsoft Windows ALPCCVE-2022-24540Windows ALPC Elevation of Privilege VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2022-24532HEVC Video Extensions Remote Code Execution VulnerabilityImportant
Microsoft Windows Media FoundationCVE-2022-24495Windows Direct Show – Remote Code Execution VulnerabilityImportant
Power BICVE-2022-23292Microsoft Power BI Spoofing VulnerabilityImportant
Role: DNS ServerCVE-2022-26815Windows DNS Server Remote Code Execution VulnerabilityImportant
Role: DNS ServerCVE-2022-26816Windows DNS Server Information Disclosure VulnerabilityImportant
Role: DNS ServerCVE-2022-24536Windows DNS Server Remote Code Execution VulnerabilityImportant
Role: DNS ServerCVE-2022-26824Windows DNS Server Remote Code Execution VulnerabilityImportant
Role: DNS ServerCVE-2022-26823Windows DNS Server Remote Code Execution VulnerabilityImportant
Role: DNS ServerCVE-2022-26822Windows DNS Server Remote Code Execution VulnerabilityImportant
Role: DNS ServerCVE-2022-26829Windows DNS Server Remote Code Execution VulnerabilityImportant
Role: DNS ServerCVE-2022-26826Windows DNS Server Remote Code Execution VulnerabilityImportant
Role: DNS ServerCVE-2022-26825Windows DNS Server Remote Code Execution VulnerabilityImportant
Role: DNS ServerCVE-2022-26821Windows DNS Server Remote Code Execution VulnerabilityImportant
Role: DNS ServerCVE-2022-26820Windows DNS Server Remote Code Execution VulnerabilityImportant
Role: DNS ServerCVE-2022-26813Windows DNS Server Remote Code Execution VulnerabilityImportant
Role: DNS ServerCVE-2022-26818Windows DNS Server Remote Code Execution VulnerabilityImportant
Role: DNS ServerCVE-2022-26819Windows DNS Server Remote Code Execution VulnerabilityImportant
Role: DNS ServerCVE-2022-26811Windows DNS Server Remote Code Execution VulnerabilityImportant
Role: DNS ServerCVE-2022-26812Windows DNS Server Remote Code Execution VulnerabilityImportant
Role: Windows Hyper-VCVE-2022-22008Windows Hyper-V Remote Code Execution VulnerabilityCritical
Role: Windows Hyper-VCVE-2022-24490Windows Hyper-V Shared Virtual Hard Disks Information Disclosure VulnerabilityImportant
Role: Windows Hyper-VCVE-2022-24539Windows Hyper-V Shared Virtual Hard Disks Information Disclosure VulnerabilityImportant
Role: Windows Hyper-VCVE-2022-26785Windows Hyper-V Shared Virtual Hard Disks Information Disclosure VulnerabilityImportant
Role: Windows Hyper-VCVE-2022-26783Windows Hyper-V Shared Virtual Hard Disks Information Disclosure VulnerabilityImportant
Role: Windows Hyper-VCVE-2022-24537Windows Hyper-V Remote Code Execution VulnerabilityCritical
Role: Windows Hyper-VCVE-2022-23268Windows Hyper-V Denial of Service VulnerabilityImportant
Role: Windows Hyper-VCVE-2022-23257Windows Hyper-V Remote Code Execution VulnerabilityCritical
Role: Windows Hyper-VCVE-2022-22009Windows Hyper-V Remote Code Execution VulnerabilityImportant
Skype for BusinessCVE-2022-26911Skype for Business Information Disclosure VulnerabilityImportant
Skype for BusinessCVE-2022-26910Skype for Business and Lync Spoofing VulnerabilityImportant
Visual StudioCVE-2022-24767GitHub: Git for Windows’ uninstaller vulnerable to DLL hijacking when run under the SYSTEM user accountImportant
Visual StudioCVE-2022-24765GitHub: Uncontrolled search for the Git directory in Git for WindowsImportant
Visual StudioCVE-2022-24513Visual Studio Elevation of Privilege VulnerabilityImportant
Visual Studio CodeCVE-2022-26921Visual Studio Code Elevation of Privilege VulnerabilityImportant
Windows Ancillary Function Driver for WinSockCVE-2022-24494Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityImportant
Windows App StoreCVE-2022-24488Windows Desktop Bridge Elevation of Privilege VulnerabilityImportant
Windows AppX Package ManagerCVE-2022-24549Windows AppX Package Manager Elevation of Privilege VulnerabilityImportant
Windows Cluster Client FailoverCVE-2022-24489Cluster Client Failover (CCF) Elevation of Privilege VulnerabilityImportant
Windows Cluster Shared Volume (CSV)CVE-2022-24538Windows Cluster Shared Volume (CSV) Denial of Service VulnerabilityImportant
Windows Cluster Shared Volume (CSV)CVE-2022-26784Windows Cluster Shared Volume (CSV) Denial of Service VulnerabilityImportant
Windows Cluster Shared Volume (CSV)CVE-2022-24484Windows Cluster Shared Volume (CSV) Denial of Service VulnerabilityImportant
Windows Common Log File System DriverCVE-2022-24521Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
Windows Common Log File System DriverCVE-2022-24481Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
Windows DefenderCVE-2022-24548Microsoft Defender Denial of Service VulnerabilityImportant
Windows DWM Core LibraryCVE-2022-24546Windows DWM Core Library Elevation of Privilege VulnerabilityImportant
Windows Endpoint Configuration ManagerCVE-2022-24527Windows Endpoint Configuration Manager Elevation of Privilege VulnerabilityImportant
Windows Fax Compose FormCVE-2022-26917Windows Fax Compose Form Remote Code Execution VulnerabilityImportant
Windows Fax Compose FormCVE-2022-26916Windows Fax Compose Form Remote Code Execution VulnerabilityImportant
Windows Fax Compose FormCVE-2022-26918Windows Fax Compose Form Remote Code Execution VulnerabilityImportant
Windows Feedback HubCVE-2022-24479Connected User Experiences and Telemetry Elevation of Privilege VulnerabilityImportant
Windows File ExplorerCVE-2022-26808Windows File Explorer Elevation of Privilege VulnerabilityImportant
Windows File ServerCVE-2022-26827Windows File Server Resource Management Service Elevation of Privilege VulnerabilityImportant
Windows File ServerCVE-2022-26810Windows File Server Resource Management Service Elevation of Privilege VulnerabilityImportant
Windows InstallerCVE-2022-24499Windows Installer Elevation of Privilege VulnerabilityImportant
Windows InstallerCVE-2022-24530Windows Installer Elevation of Privilege VulnerabilityImportant
Windows iSCSI Target ServiceCVE-2022-24498Windows iSCSI Target Service Information Disclosure VulnerabilityImportant
Windows KerberosCVE-2022-24545Windows Kerberos Remote Code Execution VulnerabilityImportant
Windows KerberosCVE-2022-24486Windows Kerberos Elevation of Privilege VulnerabilityImportant
Windows KerberosCVE-2022-24544Windows Kerberos Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2022-24483Windows Kernel Information Disclosure VulnerabilityImportant
Windows Local Security Authority Subsystem ServiceCVE-2022-24487Windows Local Security Authority (LSA) Remote Code Execution VulnerabilityImportant
Windows Local Security Authority Subsystem ServiceCVE-2022-24496Local Security Authority (LSA) Elevation of Privilege VulnerabilityImportant
Windows MediaCVE-2022-24547Windows Digital Media Receiver Elevation of Privilege VulnerabilityImportant
Windows Network File SystemCVE-2022-24491Windows Network File System Remote Code Execution VulnerabilityCritical
Windows Network File SystemCVE-2022-24497Windows Network File System Remote Code Execution VulnerabilityCritical
Windows PowerShellCVE-2022-26788PowerShell Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2022-26789Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2022-26787Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2022-26786Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2022-26796Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2022-26790Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2022-26803Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2022-26802Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2022-26794Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2022-26795Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2022-26797Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2022-26798Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2022-26791Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2022-26801Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2022-26793Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2022-26792Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows RDPCVE-2022-24533Remote Desktop Protocol Remote Code Execution VulnerabilityImportant
Windows Remote Procedure Call RuntimeCVE-2022-26809Remote Procedure Call Runtime Remote Code Execution VulnerabilityCritical
Windows Remote Procedure Call RuntimeCVE-2022-24528Remote Procedure Call Runtime Remote Code Execution VulnerabilityImportant
Windows Remote Procedure Call RuntimeCVE-2022-24492Remote Procedure Call Runtime Remote Code Execution VulnerabilityImportant
Windows schannelCVE-2022-26915Windows Secure Channel Denial of Service VulnerabilityImportant
Windows SMBCVE-2022-24485Win32 File Enumeration Remote Code Execution VulnerabilityImportant
Windows SMBCVE-2022-26830DiskUsage.exe Remote Code Execution VulnerabilityImportant
Windows SMBCVE-2022-21983Win32 Stream Enumeration Remote Code Execution VulnerabilityImportant
Windows SMBCVE-2022-24541Windows Server Service Remote Code Execution VulnerabilityCritical
Windows SMBCVE-2022-24500Windows SMB Remote Code Execution VulnerabilityCritical
Windows SMBCVE-2022-24534Win32 Stream Enumeration Remote Code Execution VulnerabilityImportant
Windows Telephony ServerCVE-2022-24550Windows Telephony Server Elevation of Privilege VulnerabilityImportant
Windows Upgrade AssistantCVE-2022-24543Windows Upgrade Assistant Remote Code Execution VulnerabilityImportant
Windows User Profile ServiceCVE-2022-26904Windows User Profile Service Elevation of Privilege VulnerabilityImportant
Windows Win32KCVE-2022-24474Windows Win32k Elevation of Privilege VulnerabilityImportant
Windows Win32KCVE-2022-26914Win32k Elevation of Privilege VulnerabilityImportant
Windows Win32KCVE-2022-24542Windows Win32k Elevation of Privilege VulnerabilityImportant
Windows Work Folder ServiceCVE-2022-26807Windows Work Folder Service Elevation of Privilege VulnerabilityImportant
YARP reverse proxyCVE-2022-26924YARP Denial of Service VulnerabilityImportant

Exit mobile version