Microsoft bu ay yayınladığı Patch Tuesday güncellemeleri ile 67 adet RCE güvenlik açığı ve toplam 150 zafiyeti kapattı.
Kapatılan zafiyetler aşağıdaki gibi:
- 31 Elevation of Privilege Vulnerabilities
- 29 Security Feature Bypass Vulnerabilities
- 67 Remote Code Execution Vulnerabilities
- 13 Information Disclosure Vulnerabilities
- 7 Denial of Service Vulnerabilities
- 3 Spoofing Vulnerabilities
Bu ay Zero-Day yok!
Nisan 2024 Patch Tuesday Güvenlik Güncellemelerinin Tam Listesi
Tag | CVE ID | CVE Title | Severity |
---|---|---|---|
.NET and Visual Studio | CVE-2024-21409 | .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability | Important |
Azure | CVE-2024-29993 | Azure CycleCloud Elevation of Privilege Vulnerability | Important |
Azure AI Search | CVE-2024-29063 | Azure AI Search Information Disclosure Vulnerability | Important |
Azure Arc | CVE-2024-28917 | Azure Arc-enabled Kubernetes Extension Cluster-Scope Elevation of Privilege Vulnerability | Important |
Azure Compute Gallery | CVE-2024-21424 | Azure Compute Gallery Elevation of Privilege Vulnerability | Important |
Azure Migrate | CVE-2024-26193 | Azure Migrate Remote Code Execution Vulnerability | Important |
Azure Monitor | CVE-2024-29989 | Azure Monitor Agent Elevation of Privilege Vulnerability | Important |
Azure Private 5G Core | CVE-2024-20685 | Azure Private 5G Core Denial of Service Vulnerability | Moderate |
Azure SDK | CVE-2024-29992 | Azure Identity Library for .NET Information Disclosure Vulnerability | Moderate |
Intel | CVE-2024-2201 | Intel: CVE-2024-2201 Branch History Injection | Important |
Internet Shortcut Files | CVE-2024-29988 | SmartScreen Prompt Security Feature Bypass Vulnerability | Important |
Mariner | CVE-2019-3816 | Unknown | Unknown |
Mariner | CVE-2019-3833 | Unknown | Unknown |
Microsoft Azure Kubernetes Service | CVE-2024-29990 | Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability | Important |
Microsoft Brokering File System | CVE-2024-28905 | Microsoft Brokering File System Elevation of Privilege Vulnerability | Important |
Microsoft Brokering File System | CVE-2024-28907 | Microsoft Brokering File System Elevation of Privilege Vulnerability | Important |
Microsoft Brokering File System | CVE-2024-26213 | Microsoft Brokering File System Elevation of Privilege Vulnerability | Important |
Microsoft Brokering File System | CVE-2024-28904 | Microsoft Brokering File System Elevation of Privilege Vulnerability | Important |
Microsoft Defender for IoT | CVE-2024-29055 | Microsoft Defender for IoT Elevation of Privilege Vulnerability | Important |
Microsoft Defender for IoT | CVE-2024-29053 | Microsoft Defender for IoT Remote Code Execution Vulnerability | Critical |
Microsoft Defender for IoT | CVE-2024-29054 | Microsoft Defender for IoT Elevation of Privilege Vulnerability | Important |
Microsoft Defender for IoT | CVE-2024-21324 | Microsoft Defender for IoT Elevation of Privilege Vulnerability | Important |
Microsoft Defender for IoT | CVE-2024-21323 | Microsoft Defender for IoT Remote Code Execution Vulnerability | Critical |
Microsoft Defender for IoT | CVE-2024-21322 | Microsoft Defender for IoT Remote Code Execution Vulnerability | Critical |
Microsoft Edge (Chromium-based) | CVE-2024-3156 | Chromium: CVE-2024-3156 Inappropriate implementation in V8 | Unknown |
Microsoft Edge (Chromium-based) | CVE-2024-29049 | Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability | Moderate |
Microsoft Edge (Chromium-based) | CVE-2024-29981 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | Low |
Microsoft Edge (Chromium-based) | CVE-2024-3159 | Chromium: CVE-2024-3159 Out of bounds memory access in V8 | Unknown |
Microsoft Edge (Chromium-based) | CVE-2024-3158 | Chromium: CVE-2024-3158 Use after free in Bookmarks | Unknown |
Microsoft Install Service | CVE-2024-26158 | Microsoft Install Service Elevation of Privilege Vulnerability | Important |
Microsoft Office Excel | CVE-2024-26257 | Microsoft Excel Remote Code Execution Vulnerability | Important |
Microsoft Office Outlook | CVE-2024-20670 | Outlook for Windows Spoofing Vulnerability | Important |
Microsoft Office SharePoint | CVE-2024-26251 | Microsoft SharePoint Server Spoofing Vulnerability | Important |
Microsoft WDAC ODBC Driver | CVE-2024-26214 | Microsoft WDAC SQL Server ODBC Driver Remote Code Execution Vulnerability | Important |
Microsoft WDAC OLE DB provider for SQL | CVE-2024-26244 | Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution Vulnerability | Important |
Microsoft WDAC OLE DB provider for SQL | CVE-2024-26210 | Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution Vulnerability | Important |
Role: DNS Server | CVE-2024-26233 | Windows DNS Server Remote Code Execution Vulnerability | Important |
Role: DNS Server | CVE-2024-26231 | Windows DNS Server Remote Code Execution Vulnerability | Important |
Role: DNS Server | CVE-2024-26227 | Windows DNS Server Remote Code Execution Vulnerability | Important |
Role: DNS Server | CVE-2024-26223 | Windows DNS Server Remote Code Execution Vulnerability | Important |
Role: DNS Server | CVE-2024-26221 | Windows DNS Server Remote Code Execution Vulnerability | Important |
Role: DNS Server | CVE-2024-26224 | Windows DNS Server Remote Code Execution Vulnerability | Important |
Role: DNS Server | CVE-2024-26222 | Windows DNS Server Remote Code Execution Vulnerability | Important |
Role: Windows Hyper-V | CVE-2024-29064 | Windows Hyper-V Denial of Service Vulnerability | Important |
SQL Server | CVE-2024-28937 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-28938 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-29044 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-28935 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-28940 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-28943 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-28941 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-28910 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-28944 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-28908 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-28909 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-29985 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-28906 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-28926 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-28933 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-28934 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-28927 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-28930 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-29046 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-28932 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-29047 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-28931 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-29984 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-28929 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-28939 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-28942 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-29043 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-28936 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-29045 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-28915 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-28913 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-28945 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-29048 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-28912 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-28914 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-29983 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-28911 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-29982 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
Windows Authentication Methods | CVE-2024-29056 | Windows Authentication Elevation of Privilege Vulnerability | Important |
Windows Authentication Methods | CVE-2024-21447 | Windows Authentication Elevation of Privilege Vulnerability | Important |
Windows BitLocker | CVE-2024-20665 | BitLocker Security Feature Bypass Vulnerability | Important |
Windows Compressed Folder | CVE-2024-26256 | libarchive Remote Code Execution Vulnerability | Important |
Windows Cryptographic Services | CVE-2024-26228 | Windows Cryptographic Services Security Feature Bypass Vulnerability | Important |
Windows Cryptographic Services | CVE-2024-29050 | Windows Cryptographic Services Remote Code Execution Vulnerability | Important |
Windows Defender Credential Guard | CVE-2024-26237 | Windows Defender Credential Guard Elevation of Privilege Vulnerability | Important |
Windows DHCP Server | CVE-2024-26212 | DHCP Server Service Denial of Service Vulnerability | Important |
Windows DHCP Server | CVE-2024-26215 | DHCP Server Service Denial of Service Vulnerability | Important |
Windows DHCP Server | CVE-2024-26195 | DHCP Server Service Remote Code Execution Vulnerability | Important |
Windows DHCP Server | CVE-2024-26202 | DHCP Server Service Remote Code Execution Vulnerability | Important |
Windows Distributed File System (DFS) | CVE-2024-29066 | Windows Distributed File System (DFS) Remote Code Execution Vulnerability | Important |
Windows Distributed File System (DFS) | CVE-2024-26226 | Windows Distributed File System (DFS) Information Disclosure Vulnerability | Important |
Windows DWM Core Library | CVE-2024-26172 | Windows DWM Core Library Information Disclosure Vulnerability | Important |
Windows File Server Resource Management Service | CVE-2024-26216 | Windows File Server Resource Management Service Elevation of Privilege Vulnerability | Important |
Windows HTTP.sys | CVE-2024-26219 | HTTP.sys Denial of Service Vulnerability | Important |
Windows Internet Connection Sharing (ICS) | CVE-2024-26253 | Windows rndismp6.sys Remote Code Execution Vulnerability | Important |
Windows Internet Connection Sharing (ICS) | CVE-2024-26252 | Windows rndismp6.sys Remote Code Execution Vulnerability | Important |
Windows Kerberos | CVE-2024-26183 | Windows Kerberos Denial of Service Vulnerability | Important |
Windows Kerberos | CVE-2024-26248 | Windows Kerberos Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2024-20693 | Windows Kernel Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2024-26245 | Windows SMB Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2024-26229 | Windows CSC Service Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2024-26218 | Windows Kernel Elevation of Privilege Vulnerability | Important |
Windows Local Security Authority Subsystem Service (LSASS) | CVE-2024-26209 | Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability | Important |
Windows Message Queuing | CVE-2024-26232 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | Important |
Windows Message Queuing | CVE-2024-26208 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | Important |
Windows Mobile Hotspot | CVE-2024-26220 | Windows Mobile Hotspot Information Disclosure Vulnerability | Important |
Windows Proxy Driver | CVE-2024-26234 | Proxy Driver Spoofing Vulnerability | Important |
Windows Remote Access Connection Manager | CVE-2024-28902 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | Important |
Windows Remote Access Connection Manager | CVE-2024-28900 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | Important |
Windows Remote Access Connection Manager | CVE-2024-28901 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | Important |
Windows Remote Access Connection Manager | CVE-2024-26255 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | Important |
Windows Remote Access Connection Manager | CVE-2024-26230 | Windows Telephony Server Elevation of Privilege Vulnerability | Important |
Windows Remote Access Connection Manager | CVE-2024-26239 | Windows Telephony Server Elevation of Privilege Vulnerability | Important |
Windows Remote Access Connection Manager | CVE-2024-26207 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | Important |
Windows Remote Access Connection Manager | CVE-2024-26217 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | Important |
Windows Remote Access Connection Manager | CVE-2024-26211 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | Important |
Windows Remote Procedure Call | CVE-2024-20678 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important |
Windows Routing and Remote Access Service (RRAS) | CVE-2024-26200 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
Windows Routing and Remote Access Service (RRAS) | CVE-2024-26179 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
Windows Routing and Remote Access Service (RRAS) | CVE-2024-26205 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
Windows Secure Boot | CVE-2024-29061 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-28921 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-20689 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-26250 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-28922 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-29062 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-20669 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-28898 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-20688 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-23593 | Lenovo: CVE-2024-23593 Zero Out Boot Manager and drop to UEFI Shell | Important |
Windows Secure Boot | CVE-2024-28896 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-28919 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-23594 | Lenovo: CVE-2024-23594 Stack Buffer Overflow in LenovoBT.efi | Important |
Windows Secure Boot | CVE-2024-28923 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-28903 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-26189 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-26240 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-28924 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-28897 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-28925 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-26175 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-28920 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-26194 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-26180 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-26171 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-26168 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Storage | CVE-2024-29052 | Windows Storage Elevation of Privilege Vulnerability | Important |
Windows Telephony Server | CVE-2024-26242 | Windows Telephony Server Elevation of Privilege Vulnerability | Important |
Windows Update Stack | CVE-2024-26236 | Windows Update Stack Elevation of Privilege Vulnerability | Important |
Windows Update Stack | CVE-2024-26235 | Windows Update Stack Elevation of Privilege Vulnerability | Important |
Windows USB Print Driver | CVE-2024-26243 | Windows USB Print Driver Elevation of Privilege Vulnerability | Important |
Windows Virtual Machine Bus | CVE-2024-26254 | Microsoft Virtual Machine Bus (VMBus) Denial of Service Vulnerability | Important |
Windows Win32K – ICOMP | CVE-2024-26241 | Win32k Elevation of Privilege Vulnerability | Important |