Microsoft bu ay yayınladığı Patch Tuesday güncellemeleri ile 1 adet zero-day güvenlik açığı ve toplam 98 zafiyeti kapattı.
Bu ay yayınlanan güncellemerde düzeltilen 98 güvenlik açığından 11 tanesi kritik olarak olarak sınıflandırıdı.
Kapatılan zafiyetler aşağıdaki gibidir:
- 39 Elevation of Privilege Vulnerabilities
- 4 Security Feature Bypass Vulnerabilities
- 33 Remote Code Execution Vulnerabilities
- 10 Information Disclosure Vulnerabilities
- 10 Denial of Service Vulnerabilities
- 2 Spoofing Vulnerabilities
Bir adet zero-day kapatıldı
CVE-2023-21674 – Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability
CVE-2023-21549 – Windows SMB Witness Service Elevation of Privilege Vulnerability – Yüsek önem derecesine sahip
Ocak 2023 Patch Tuesday Güvenlik Güncellemelerinin Tam Listesi
Tag | CVE ID | CVE Title | Severity |
---|---|---|---|
.NET Core | CVE-2023-21538 | .NET Denial of Service Vulnerability | Important |
3D Builder | CVE-2023-21782 | 3D Builder Remote Code Execution Vulnerability | Important |
3D Builder | CVE-2023-21781 | 3D Builder Remote Code Execution Vulnerability | Important |
3D Builder | CVE-2023-21783 | 3D Builder Remote Code Execution Vulnerability | Important |
3D Builder | CVE-2023-21784 | 3D Builder Remote Code Execution Vulnerability | Important |
3D Builder | CVE-2023-21791 | 3D Builder Remote Code Execution Vulnerability | Important |
3D Builder | CVE-2023-21793 | 3D Builder Remote Code Execution Vulnerability | Important |
3D Builder | CVE-2023-21786 | 3D Builder Remote Code Execution Vulnerability | Important |
3D Builder | CVE-2023-21790 | 3D Builder Remote Code Execution Vulnerability | Important |
3D Builder | CVE-2023-21780 | 3D Builder Remote Code Execution Vulnerability | Important |
3D Builder | CVE-2023-21792 | 3D Builder Remote Code Execution Vulnerability | Important |
3D Builder | CVE-2023-21789 | 3D Builder Remote Code Execution Vulnerability | Important |
3D Builder | CVE-2023-21785 | 3D Builder Remote Code Execution Vulnerability | Important |
3D Builder | CVE-2023-21787 | 3D Builder Remote Code Execution Vulnerability | Important |
3D Builder | CVE-2023-21788 | 3D Builder Remote Code Execution Vulnerability | Important |
Azure Service Fabric Container | CVE-2023-21531 | Azure Service Fabric Container Elevation of Privilege Vulnerability | Important |
Microsoft Bluetooth Driver | CVE-2023-21739 | Windows Bluetooth Driver Elevation of Privilege Vulnerability | Important |
Microsoft Exchange Server | CVE-2023-21764 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Important |
Microsoft Exchange Server | CVE-2023-21763 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Important |
Microsoft Exchange Server | CVE-2023-21762 | Microsoft Exchange Server Spoofing Vulnerability | Important |
Microsoft Exchange Server | CVE-2023-21761 | Microsoft Exchange Server Information Disclosure Vulnerability | Important |
Microsoft Exchange Server | CVE-2023-21745 | Microsoft Exchange Server Spoofing Vulnerability | Important |
Microsoft Graphics Component | CVE-2023-21680 | Windows Win32k Elevation of Privilege Vulnerability | Important |
Microsoft Graphics Component | CVE-2023-21532 | Windows GDI Elevation of Privilege Vulnerability | Important |
Microsoft Graphics Component | CVE-2023-21552 | Windows GDI Elevation of Privilege Vulnerability | Important |
Microsoft Local Security Authority Server (lsasrv) | CVE-2023-21728 | Windows Netlogon Denial of Service Vulnerability | Important |
Microsoft Message Queuing | CVE-2023-21537 | Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability | Important |
Microsoft Office | CVE-2023-21734 | Microsoft Office Remote Code Execution Vulnerability | Important |
Microsoft Office | CVE-2023-21735 | Microsoft Office Remote Code Execution Vulnerability | Important |
Microsoft Office SharePoint | CVE-2023-21742 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
Microsoft Office SharePoint | CVE-2023-21743 | Microsoft SharePoint Server Security Feature Bypass Vulnerability | Critical |
Microsoft Office SharePoint | CVE-2023-21744 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
Microsoft Office Visio | CVE-2023-21741 | Microsoft Office Visio Information Disclosure Vulnerability | Important |
Microsoft Office Visio | CVE-2023-21736 | Microsoft Office Visio Remote Code Execution Vulnerability | Important |
Microsoft Office Visio | CVE-2023-21737 | Microsoft Office Visio Remote Code Execution Vulnerability | Important |
Microsoft Office Visio | CVE-2023-21738 | Microsoft Office Visio Remote Code Execution Vulnerability | Important |
Microsoft WDAC OLE DB provider for SQL | CVE-2023-21681 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
Visual Studio Code | CVE-2023-21779 | Visual Studio Code Remote Code Execution | Important |
Windows ALPC | CVE-2023-21674 | Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability | Important |
Windows Ancillary Function Driver for WinSock | CVE-2023-21768 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important |
Windows Authentication Methods | CVE-2023-21539 | Windows Authentication Remote Code Execution Vulnerability | Important |
Windows Backup Engine | CVE-2023-21752 | Windows Backup Service Elevation of Privilege Vulnerability | Important |
Windows Bind Filter Driver | CVE-2023-21733 | Windows Bind Filter Driver Elevation of Privilege Vulnerability | Important |
Windows BitLocker | CVE-2023-21563 | BitLocker Security Feature Bypass Vulnerability | Important |
Windows Boot Manager | CVE-2023-21560 | Windows Boot Manager Security Feature Bypass Vulnerability | Important |
Windows Credential Manager | CVE-2023-21726 | Windows Credential Manager User Interface Elevation of Privilege Vulnerability | Important |
Windows Cryptographic Services | CVE-2023-21559 | Windows Cryptographic Information Disclosure Vulnerability | Important |
Windows Cryptographic Services | CVE-2023-21551 | Microsoft Cryptographic Services Elevation of Privilege Vulnerability | Critical |
Windows Cryptographic Services | CVE-2023-21561 | Microsoft Cryptographic Services Elevation of Privilege Vulnerability | Critical |
Windows Cryptographic Services | CVE-2023-21540 | Windows Cryptographic Information Disclosure Vulnerability | Important |
Windows Cryptographic Services | CVE-2023-21730 | Microsoft Cryptographic Services Elevation of Privilege Vulnerability | Critical |
Windows Cryptographic Services | CVE-2023-21550 | Windows Cryptographic Information Disclosure Vulnerability | Important |
Windows DWM Core Library | CVE-2023-21724 | Microsoft DWM Core Library Elevation of Privilege Vulnerability | Important |
Windows Error Reporting | CVE-2023-21558 | Windows Error Reporting Service Elevation of Privilege Vulnerability | Important |
Windows Event Tracing | CVE-2023-21536 | Event Tracing for Windows Information Disclosure Vulnerability | Important |
Windows IKE Extension | CVE-2023-21758 | Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | Important |
Windows IKE Extension | CVE-2023-21683 | Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | Important |
Windows IKE Extension | CVE-2023-21677 | Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | Important |
Windows Installer | CVE-2023-21542 | Windows Installer Elevation of Privilege Vulnerability | Important |
Windows Internet Key Exchange (IKE) Protocol | CVE-2023-21547 | Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability | Important |
Windows iSCSI | CVE-2023-21527 | Windows iSCSI Service Denial of Service Vulnerability | Important |
Windows Kernel | CVE-2023-21755 | Windows Kernel Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2023-21753 | Event Tracing for Windows Information Disclosure Vulnerability | Important |
Windows Layer 2 Tunneling Protocol | CVE-2023-21556 | Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability | Critical |
Windows Layer 2 Tunneling Protocol | CVE-2023-21555 | Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability | Critical |
Windows Layer 2 Tunneling Protocol | CVE-2023-21543 | Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability | Critical |
Windows Layer 2 Tunneling Protocol | CVE-2023-21546 | Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability | Critical |
Windows Layer 2 Tunneling Protocol | CVE-2023-21679 | Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability | Critical |
Windows LDAP – Lightweight Directory Access Protocol | CVE-2023-21676 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | Important |
Windows LDAP – Lightweight Directory Access Protocol | CVE-2023-21557 | Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability | Important |
Windows Local Security Authority (LSA) | CVE-2023-21524 | Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability | Important |
Windows Local Session Manager (LSM) | CVE-2023-21771 | Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability | Important |
Windows Malicious Software Removal Tool | CVE-2023-21725 | Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability | Important |
Windows Management Instrumentation | CVE-2023-21754 | Windows Kernel Elevation of Privilege Vulnerability | Important |
Windows NTLM | CVE-2023-21746 | Windows NTLM Elevation of Privilege Vulnerability | Important |
Windows ODBC Driver | CVE-2023-21732 | Microsoft ODBC Driver Remote Code Execution Vulnerability | Important |
Windows Overlay Filter | CVE-2023-21766 | Windows Overlay Filter Information Disclosure Vulnerability | Important |
Windows Overlay Filter | CVE-2023-21767 | Windows Overlay Filter Elevation of Privilege Vulnerability | Important |
Windows Point-to-Point Tunneling Protocol | CVE-2023-21682 | Windows Point-to-Point Protocol (PPP) Information Disclosure Vulnerability | Important |
Windows Print Spooler Components | CVE-2023-21760 | Windows Print Spooler Elevation of Privilege Vulnerability | Important |
Windows Print Spooler Components | CVE-2023-21765 | Windows Print Spooler Elevation of Privilege Vulnerability | Important |
Windows Print Spooler Components | CVE-2023-21678 | Windows Print Spooler Elevation of Privilege Vulnerability | Important |
Windows Remote Access Service L2TP Driver | CVE-2023-21757 | Windows Layer 2 Tunneling Protocol (L2TP) Denial of Service Vulnerability | Important |
Windows RPC API | CVE-2023-21525 | Remote Procedure Call Runtime Denial of Service Vulnerability | Important |
Windows Secure Socket Tunneling Protocol (SSTP) | CVE-2023-21548 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | Critical |
Windows Secure Socket Tunneling Protocol (SSTP) | CVE-2023-21535 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | Critical |
Windows Smart Card | CVE-2023-21759 | Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability | Important |
Windows Task Scheduler | CVE-2023-21541 | Windows Task Scheduler Elevation of Privilege Vulnerability | Important |
Windows Virtual Registry Provider | CVE-2023-21772 | Windows Kernel Elevation of Privilege Vulnerability | Important |
Windows Virtual Registry Provider | CVE-2023-21748 | Windows Kernel Elevation of Privilege Vulnerability | Important |
Windows Virtual Registry Provider | CVE-2023-21773 | Windows Kernel Elevation of Privilege Vulnerability | Important |
Windows Virtual Registry Provider | CVE-2023-21747 | Windows Kernel Elevation of Privilege Vulnerability | Important |
Windows Virtual Registry Provider | CVE-2023-21776 | Windows Kernel Information Disclosure Vulnerability | Important |
Windows Virtual Registry Provider | CVE-2023-21774 | Windows Kernel Elevation of Privilege Vulnerability | Important |
Windows Virtual Registry Provider | CVE-2023-21750 | Windows Kernel Elevation of Privilege Vulnerability | Important |
Windows Virtual Registry Provider | CVE-2023-21675 | Windows Kernel Elevation of Privilege Vulnerability | Important |
Windows Virtual Registry Provider | CVE-2023-21749 | Windows Kernel Elevation of Privilege Vulnerability | Important |
Windows Workstation Service | CVE-2023-21549 | Windows SMB Witness Service Elevation of Privilege Vulnerability | Important |
Kaynak: bleepingcomputer.com