Haberler

Microsoft Ocak 2022 Patch Tuesday: 6 Zero-day 97 Zafiyet Kapatıldı

Microsoft bu ay yayınladığı Patch Tuesday yamaları ile 6 sıfırıncı gün güvenlik açığı ve toplam 97 zafiyeti kapattı. Microsoft, dokuzu Kritik ve 88’i Önemli olarak sınıflandırılan 97 güvenlik açığını (29 Microsoft Edge güvenlik açığı hariç) için güncelleme yayınladı.

Kapatılan zafiyetler aşağıdaki gibidir

  • 41 Elevation of Privilege Vulnerabilities
  • 9 Security Feature Bypass Vulnerabilities
  • 29 Remote Code Execution Vulnerabilities
  • 6 Information Disclosure Vulnerabilities
  • 9 Denial of Service Vulnerabilities
  • 3 Spoofing Vulnerabilities

6 zero-day kapatıldı

  • CVE-2021-22947 – Open Source Curl Remote Code Execution Vulnerability
  • CVE-2021-36976 – Libarchive Remote Code Execution Vulnerability
  • CVE-2022-21919 – Windows User Profile Service Elevation of Privilege Vulnerability
  • CVE-2022-21836 – Windows Certificate Spoofing Vulnerability
  • CVE-2022-21839 – Windows Event Tracing Discretionary Access Control List Denial of Service Vulnerability
  • CVE-2022-21874 – Windows Security Center API Remote Code Execution Vulnerability

Yayınlanan tüm liste aşağıdaki gibi:

TagCVE IDCVE TitleSeverity
.NET FrameworkCVE-2022-21911.NET Framework Denial of Service VulnerabilityImportant
Microsoft DynamicsCVE-2022-21932Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting VulnerabilityImportant
Microsoft DynamicsCVE-2022-21891Microsoft Dynamics 365 (on-premises) Spoofing VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2022-0105Chromium: CVE-2022-0105 Use after free in PDFUnknown
Microsoft Edge (Chromium-based)CVE-2022-0102Chromium: CVE-2022-0102 Type Confusion in V8Unknown
Microsoft Edge (Chromium-based)CVE-2022-0104Chromium: CVE-2022-0104 Heap buffer overflow in ANGLEUnknown
Microsoft Edge (Chromium-based)CVE-2022-0101Chromium: CVE-2022-0101 Heap buffer overflow in BookmarksUnknown
Microsoft Edge (Chromium-based)CVE-2022-0103Chromium: CVE-2022-0103 Use after free in SwiftShaderUnknown
Microsoft Edge (Chromium-based)CVE-2022-0109Chromium: CVE-2022-0109 Inappropriate implementation in AutofillUnknown
Microsoft Edge (Chromium-based)CVE-2022-0110Chromium: CVE-2022-0110 Incorrect security UI in AutofillUnknown
Microsoft Edge (Chromium-based)CVE-2022-0108Chromium: CVE-2022-0108 Inappropriate implementation in NavigationUnknown
Microsoft Edge (Chromium-based)CVE-2022-0106Chromium: CVE-2022-0106 Use after free in AutofillUnknown
Microsoft Edge (Chromium-based)CVE-2022-0107Chromium: CVE-2022-0107 Use after free in File Manager APIUnknown
Microsoft Edge (Chromium-based)CVE-2022-21954Microsoft Edge (Chromium-based) Elevation of Privilege VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2022-21970Microsoft Edge (Chromium-based) Elevation of Privilege VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2022-21931Microsoft Edge (Chromium-based) Remote Code Execution VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2022-21929Microsoft Edge (Chromium-based) Remote Code Execution VulnerabilityModerate
Microsoft Edge (Chromium-based)CVE-2022-21930Microsoft Edge (Chromium-based) Remote Code Execution VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2022-0099Chromium: CVE-2022-0099 Use after free in Sign-inUnknown
Microsoft Edge (Chromium-based)CVE-2022-0100Chromium: CVE-2022-0100 Heap buffer overflow in Media streams APIUnknown
Microsoft Edge (Chromium-based)CVE-2022-0098Chromium: CVE-2022-0098 Use after free in Screen CaptureUnknown
Microsoft Edge (Chromium-based)CVE-2022-0096Chromium: CVE-2022-0096 Use after free in StorageUnknown
Microsoft Edge (Chromium-based)CVE-2022-0097Chromium: CVE-2022-0097 Inappropriate implementation in DevToolsUnknown
Microsoft Edge (Chromium-based)CVE-2022-0116Chromium: CVE-2022-0116 Inappropriate implementation in CompositingUnknown
Microsoft Edge (Chromium-based)CVE-2022-0117Chromium: CVE-2022-0117 Policy bypass in Service WorkersUnknown
Microsoft Edge (Chromium-based)CVE-2022-0115Chromium: CVE-2022-0115 Uninitialized Use in File APIUnknown
Microsoft Edge (Chromium-based)CVE-2022-0113Chromium: CVE-2022-0113 Inappropriate implementation in BlinkUnknown
Microsoft Edge (Chromium-based)CVE-2022-0114Chromium: CVE-2022-0114 Out of bounds memory access in Web SerialUnknown
Microsoft Edge (Chromium-based)CVE-2022-0118Chromium: CVE-2022-0118 Inappropriate implementation in WebShareUnknown
Microsoft Edge (Chromium-based)CVE-2022-0111Chromium: CVE-2022-0111 Inappropriate implementation in NavigationUnknown
Microsoft Edge (Chromium-based)CVE-2022-0112Chromium: CVE-2022-0112 Incorrect security UI in Browser UIUnknown
Microsoft Edge (Chromium-based)CVE-2022-0120Chromium: CVE-2022-0120 Inappropriate implementation in PasswordsUnknown
Microsoft Exchange ServerCVE-2022-21969Microsoft Exchange Server Remote Code Execution VulnerabilityImportant
Microsoft Exchange ServerCVE-2022-21846Microsoft Exchange Server Remote Code Execution VulnerabilityCritical
Microsoft Exchange ServerCVE-2022-21855Microsoft Exchange Server Remote Code Execution VulnerabilityImportant
Microsoft Graphics ComponentCVE-2022-21904Windows GDI Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2022-21903Windows GDI Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2022-21915Windows GDI+ Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2022-21880Windows GDI+ Information Disclosure VulnerabilityImportant
Microsoft OfficeCVE-2022-21840Microsoft Office Remote Code Execution VulnerabilityCritical
Microsoft Office ExcelCVE-2022-21841Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2022-21837Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
Microsoft Office WordCVE-2022-21842Microsoft Word Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2022-21917HEVC Video Extensions Remote Code Execution VulnerabilityCritical
Open Source SoftwareCVE-2021-22947Open Source Curl Remote Code Execution VulnerabilityCritical
Role: Windows Hyper-VCVE-2022-21901Windows Hyper-V Elevation of Privilege VulnerabilityImportant
Role: Windows Hyper-VCVE-2022-21900Windows Hyper-V Security Feature Bypass VulnerabilityImportant
Role: Windows Hyper-VCVE-2022-21905Windows Hyper-V Security Feature Bypass VulnerabilityImportant
Role: Windows Hyper-VCVE-2022-21847Windows Hyper-V Denial of Service VulnerabilityImportant
Tablet Windows User InterfaceCVE-2022-21870Tablet Windows User Interface Application Core Elevation of Privilege VulnerabilityImportant
Windows Account ControlCVE-2022-21859Windows Accounts Control Elevation of Privilege VulnerabilityImportant
Windows Active DirectoryCVE-2022-21857Active Directory Domain Services Elevation of Privilege VulnerabilityCritical
Windows AppContracts API ServerCVE-2022-21860Windows AppContracts API Server Elevation of Privilege VulnerabilityImportant
Windows Application ModelCVE-2022-21862Windows Application Model Core API Elevation of Privilege VulnerabilityImportant
Windows BackupKey Remote ProtocolCVE-2022-21925Windows BackupKey Remote Protocol Security Feature Bypass VulnerabilityImportant
Windows Bind Filter DriverCVE-2022-21858Windows Bind Filter Driver Elevation of Privilege VulnerabilityImportant
Windows CertificatesCVE-2022-21836Windows Certificate Spoofing VulnerabilityImportant
Windows Cleanup ManagerCVE-2022-21838Windows Cleanup Manager Elevation of Privilege VulnerabilityImportant
Windows Clipboard User ServiceCVE-2022-21869Clipboard User Service Elevation of Privilege VulnerabilityImportant
Windows Cluster Port DriverCVE-2022-21910Microsoft Cluster Port Driver Elevation of Privilege VulnerabilityImportant
Windows Common Log File System DriverCVE-2022-21897Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
Windows Common Log File System DriverCVE-2022-21916Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
Windows Connected Devices Platform ServiceCVE-2022-21865Connected Devices Platform Service Elevation of Privilege VulnerabilityImportant
Windows Cryptographic ServicesCVE-2022-21835Microsoft Cryptographic Services Elevation of Privilege VulnerabilityImportant
Windows DefenderCVE-2022-21921Windows Defender Credential Guard Security Feature Bypass VulnerabilityImportant
Windows DefenderCVE-2022-21906Windows Defender Application Control Security Feature Bypass VulnerabilityImportant
Windows Devices Human InterfaceCVE-2022-21868Windows Devices Human Interface Elevation of Privilege VulnerabilityImportant
Windows Diagnostic HubCVE-2022-21871Microsoft Diagnostics Hub Standard Collector Runtime Elevation of Privilege VulnerabilityImportant
Windows DirectXCVE-2022-21898DirectX Graphics Kernel Remote Code Execution VulnerabilityCritical
Windows DirectXCVE-2022-21918DirectX Graphics Kernel File Denial of Service VulnerabilityImportant
Windows DirectXCVE-2022-21912DirectX Graphics Kernel Remote Code Execution VulnerabilityCritical
Windows DWM Core LibraryCVE-2022-21852Windows DWM Core Library Elevation of Privilege VulnerabilityImportant
Windows DWM Core LibraryCVE-2022-21902Windows DWM Core Library Elevation of Privilege VulnerabilityImportant
Windows DWM Core LibraryCVE-2022-21896Windows DWM Core Library Elevation of Privilege VulnerabilityImportant
Windows Event TracingCVE-2022-21872Windows Event Tracing Elevation of Privilege VulnerabilityImportant
Windows Event TracingCVE-2022-21839Windows Event Tracing Discretionary Access Control List Denial of Service VulnerabilityImportant
Windows Geolocation ServiceCVE-2022-21878Windows Geolocation Service Remote Code Execution VulnerabilityImportant
Windows HTTP Protocol StackCVE-2022-21907HTTP Protocol Stack Remote Code Execution VulnerabilityCritical
Windows IKE ExtensionCVE-2022-21843Windows IKE Extension Denial of Service VulnerabilityImportant
Windows IKE ExtensionCVE-2022-21890Windows IKE Extension Denial of Service VulnerabilityImportant
Windows IKE ExtensionCVE-2022-21883Windows IKE Extension Denial of Service VulnerabilityImportant
Windows IKE ExtensionCVE-2022-21889Windows IKE Extension Denial of Service VulnerabilityImportant
Windows IKE ExtensionCVE-2022-21848Windows IKE Extension Denial of Service VulnerabilityImportant
Windows IKE ExtensionCVE-2022-21849Windows IKE Extension Remote Code Execution VulnerabilityImportant
Windows InstallerCVE-2022-21908Windows Installer Elevation of Privilege VulnerabilityImportant
Windows KerberosCVE-2022-21920Windows Kerberos Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2022-21881Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2022-21879Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows LibarchiveCVE-2021-36976Libarchive Remote Code Execution VulnerabilityImportant
Windows Local Security AuthorityCVE-2022-21913Local Security Authority (Domain Policy) Remote Protocol Security Feature BypassImportant
Windows Local Security Authority Subsystem ServiceCVE-2022-21884Local Security Authority Subsystem Service Elevation of Privilege VulnerabilityImportant
Windows Modern Execution ServerCVE-2022-21888Windows Modern Execution Server Remote Code Execution VulnerabilityImportant
Windows Push NotificationsCVE-2022-21867Windows Push Notifications Apps Elevation Of Privilege VulnerabilityImportant
Windows RDPCVE-2022-21851Remote Desktop Client Remote Code Execution VulnerabilityImportant
Windows RDPCVE-2022-21850Remote Desktop Client Remote Code Execution VulnerabilityImportant
Windows RDPCVE-2022-21893Remote Desktop Protocol Remote Code Execution VulnerabilityImportant
Windows Remote Access Connection ManagerCVE-2022-21914Windows Remote Access Connection Manager Elevation of Privilege VulnerabilityImportant
Windows Remote Access Connection ManagerCVE-2022-21885Windows Remote Access Connection Manager Elevation of Privilege VulnerabilityImportant
Windows Remote DesktopCVE-2022-21964Remote Desktop Licensing Diagnoser Information Disclosure VulnerabilityImportant
Windows Remote Procedure Call RuntimeCVE-2022-21922Remote Procedure Call Runtime Remote Code Execution VulnerabilityImportant
Windows Resilient File System (ReFS)CVE-2022-21961Windows Resilient File System (ReFS) Remote Code Execution VulnerabilityImportant
Windows Resilient File System (ReFS)CVE-2022-21959Windows Resilient File System (ReFS) Remote Code Execution VulnerabilityImportant
Windows Resilient File System (ReFS)CVE-2022-21958Windows Resilient File System (ReFS) Remote Code Execution VulnerabilityImportant
Windows Resilient File System (ReFS)CVE-2022-21960Windows Resilient File System (ReFS) Remote Code Execution VulnerabilityImportant
Windows Resilient File System (ReFS)CVE-2022-21963Windows Resilient File System (ReFS) Remote Code Execution VulnerabilityImportant
Windows Resilient File System (ReFS)CVE-2022-21892Windows Resilient File System (ReFS) Remote Code Execution VulnerabilityImportant
Windows Resilient File System (ReFS)CVE-2022-21962Windows Resilient File System (ReFS) Remote Code Execution VulnerabilityImportant
Windows Resilient File System (ReFS)CVE-2022-21928Windows Resilient File System (ReFS) Remote Code Execution VulnerabilityImportant
Windows Secure BootCVE-2022-21894Secure Boot Security Feature Bypass VulnerabilityImportant
Windows Security CenterCVE-2022-21874Windows Security Center API Remote Code Execution VulnerabilityImportant
Windows StateRepository APICVE-2022-21863Windows StateRepository API Server file Elevation of Privilege VulnerabilityImportant
Windows StorageCVE-2022-21875Windows Storage Elevation of Privilege VulnerabilityImportant
Windows Storage Spaces ControllerCVE-2022-21877Storage Spaces Controller Information Disclosure VulnerabilityImportant
Windows System LauncherCVE-2022-21866Windows System Launcher Elevation of Privilege VulnerabilityImportant
Windows Task Flow Data EngineCVE-2022-21861Task Flow Data Engine Elevation of Privilege VulnerabilityImportant
Windows Tile Data RepositoryCVE-2022-21873Tile Data Repository Elevation of Privilege VulnerabilityImportant
Windows UEFICVE-2022-21899Windows Extensible Firmware Interface Security Feature Bypass VulnerabilityImportant
Windows UI Immersive ServerCVE-2022-21864Windows UI Immersive Server API Elevation of Privilege VulnerabilityImportant
Windows User Profile ServiceCVE-2022-21895Windows User Profile Service Elevation of Privilege VulnerabilityImportant
Windows User Profile ServiceCVE-2022-21919Windows User Profile Service Elevation of Privilege VulnerabilityImportant
Windows User-mode Driver FrameworkCVE-2022-21834Windows User-mode Driver Framework Reflector Driver Elevation of Privilege VulnerabilityImportant
Windows Virtual Machine IDE DriveCVE-2022-21833Virtual Machine IDE Drive Elevation of Privilege VulnerabilityCritical
Windows Win32KCVE-2022-21882Win32k Elevation of Privilege VulnerabilityImportant
Windows Win32KCVE-2022-21876Win32k Information Disclosure VulnerabilityImportant
Windows Win32KCVE-2022-21887Win32k Elevation of Privilege VulnerabilityImportant
Windows Workstation Service Remote ProtocolCVE-2022-21924Workstation Service Remote Protocol Security Feature Bypass VulnerabilityImportant

Kaynak: bleepingcomputer.com

İlgili Makaleler

Bir yanıt yazın

E-posta adresiniz yayınlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir

Başa dön tuşu