Haberler

Microsoft Ocak 2024 Patch Tuesday: 12 RCE, 49 Zafiyet Kapatıldı

Microsoft bu ay yayınladığı Patch Tuesday güncellemeleri ile 12 RCE güvenlik açığı ve toplam 49 zafiyeti kapattı.

Yalnızca iki güvenlik açığı kritik olarak sınıflandırıldı; bunlardan biri Windows Kerberos zafiyeti, diğeri ise Hyper-V RCE.

Kapatılan zafiyetler aşağıdaki gibidir

  • 10 Elevation of Privilege Vulnerabilities
  • 7 Security Feature Bypass Vulnerabilities
  • 12 Remote Code Execution Vulnerabilities
  • 11 Information Disclosure Vulnerabilities
  • 6 Denial of Service Vulnerabilities
  • 3 Spoofing Vulnerabilities

Ocak 2024 Patch Tuesday Güvenlik Güncellemelerinin Tam Listesi

TagCVE IDCVE TitleSeverity
.NET and Visual StudioCVE-2024-0057NET, .NET Framework, and Visual Studio Security Feature Bypass VulnerabilityImportant
.NET Core & Visual StudioCVE-2024-20672.NET Core and Visual Studio Denial of Service VulnerabilityImportant
.NET FrameworkCVE-2024-21312.NET Framework Denial of Service VulnerabilityImportant
Azure Storage MoverCVE-2024-20676Azure Storage Mover Remote Code Execution VulnerabilityImportant
Microsoft Bluetooth DriverCVE-2024-21306Microsoft Bluetooth Driver Spoofing VulnerabilityImportant
Microsoft DevicesCVE-2024-21325Microsoft Printer Metadata Troubleshooter Tool Remote Code Execution VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2024-0222Chromium: CVE-2024-0222 Use after free in ANGLEUnknown
Microsoft Edge (Chromium-based)CVE-2024-0223Chromium: CVE-2024-0223 Heap buffer overflow in ANGLEUnknown
Microsoft Edge (Chromium-based)CVE-2024-0224Chromium: CVE-2024-0224 Use after free in WebAudioUnknown
Microsoft Edge (Chromium-based)CVE-2024-0225Chromium: CVE-2024-0225 Use after free in WebGPUUnknown
Microsoft Identity ServicesCVE-2024-21319Microsoft Identity Denial of service vulnerabilityImportant
Microsoft OfficeCVE-2024-20677Microsoft Office Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2024-21318Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
Microsoft Virtual Hard DriveCVE-2024-20658Microsoft Virtual Hard Disk Elevation of Privilege VulnerabilityImportant
Remote Desktop ClientCVE-2024-21307Remote Desktop Client Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-0056Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass VulnerabilityImportant
SQLiteCVE-2022-35737MITRE: CVE-2022-35737 SQLite allows an array-bounds overflowImportant
Unified Extensible Firmware InterfaceCVE-2024-21305Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass VulnerabilityImportant
Visual StudioCVE-2024-20656Visual Studio Elevation of Privilege VulnerabilityImportant
Windows AllJoyn APICVE-2024-20687Microsoft AllJoyn API Denial of Service VulnerabilityImportant
Windows Authentication MethodsCVE-2024-20674Windows Kerberos Security Feature Bypass VulnerabilityCritical
Windows BitLockerCVE-2024-20666BitLocker Security Feature Bypass VulnerabilityImportant
Windows Cloud Files Mini Filter DriverCVE-2024-21310Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityImportant
Windows Collaborative Translation FrameworkCVE-2024-20694Windows CoreMessaging Information Disclosure VulnerabilityImportant
Windows Common Log File System DriverCVE-2024-20653Microsoft Common Log File System Elevation of Privilege VulnerabilityImportant
Windows Cryptographic ServicesCVE-2024-20682Windows Cryptographic Services Remote Code Execution VulnerabilityImportant
Windows Cryptographic ServicesCVE-2024-21311Windows Cryptographic Services Information Disclosure VulnerabilityImportant
Windows Group PolicyCVE-2024-20657Windows Group Policy Elevation of Privilege VulnerabilityImportant
Windows Hyper-VCVE-2024-20699Windows Hyper-V Denial of Service VulnerabilityImportant
Windows Hyper-VCVE-2024-20700Windows Hyper-V Remote Code Execution VulnerabilityCritical
Windows KernelCVE-2024-20698Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows Kernel-Mode DriversCVE-2024-21309Windows Kernel-Mode Driver Elevation of Privilege VulnerabilityImportant
Windows LibarchiveCVE-2024-20697Windows Libarchive Remote Code Execution VulnerabilityImportant
Windows LibarchiveCVE-2024-20696Windows Libarchive Remote Code Execution VulnerabilityImportant
Windows Local Security Authority Subsystem Service (LSASS)CVE-2024-20692Microsoft Local Security Authority Subsystem Service Information Disclosure VulnerabilityImportant
Windows Message QueuingCVE-2024-20660Microsoft Message Queuing Information Disclosure VulnerabilityImportant
Windows Message QueuingCVE-2024-20664Microsoft Message Queuing Information Disclosure VulnerabilityImportant
Windows Message QueuingCVE-2024-20680Windows Message Queuing Client (MSMQC) Information DisclosureImportant
Windows Message QueuingCVE-2024-20663Windows Message Queuing Client (MSMQC) Information DisclosureImportant
Windows Message QueuingCVE-2024-21314Microsoft Message Queuing Information Disclosure VulnerabilityImportant
Windows Message QueuingCVE-2024-20661Microsoft Message Queuing Denial of Service VulnerabilityImportant
Windows Nearby SharingCVE-2024-20690Windows Nearby Sharing Spoofing VulnerabilityImportant
Windows ODBC DriverCVE-2024-20654Microsoft ODBC Driver Remote Code Execution VulnerabilityImportant
Windows Online Certificate Status Protocol (OCSP) SnapInCVE-2024-20662Windows Online Certificate Status Protocol (OCSP) Information Disclosure VulnerabilityImportant
Windows Online Certificate Status Protocol (OCSP) SnapInCVE-2024-20655Microsoft Online Certificate Status Protocol (OCSP) Remote Code Execution VulnerabilityImportant
Windows ScriptingCVE-2024-20652Windows HTML Platforms Security Feature Bypass VulnerabilityImportant
Windows Server Key Distribution ServiceCVE-2024-21316Windows Server Key Distribution Service Security Feature BypassImportant
Windows Subsystem for LinuxCVE-2024-20681Windows Subsystem for Linux Elevation of Privilege VulnerabilityImportant
Windows TCP/IPCVE-2024-21313Windows TCP/IP Information Disclosure VulnerabilityImportant
Windows ThemesCVE-2024-20691Windows Themes Information Disclosure VulnerabilityImportant
Windows ThemesCVE-2024-21320Windows Themes Spoofing VulnerabilityImportant
Windows Win32 Kernel SubsystemCVE-2024-20686Win32k Elevation of Privilege VulnerabilityImportant
Windows Win32KCVE-2024-20683Win32k Elevation of Privilege VulnerabilityImportant

İlgili Makaleler

Bir yanıt yazın

E-posta adresiniz yayınlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir

Başa dön tuşu