Microsoft bu ay yayınladığı Patch Tuesday güncellemeleri ile 12 RCE güvenlik açığı ve toplam 49 zafiyeti kapattı.
Yalnızca iki güvenlik açığı kritik olarak sınıflandırıldı; bunlardan biri Windows Kerberos zafiyeti, diğeri ise Hyper-V RCE.
Kapatılan zafiyetler aşağıdaki gibidir
- 10 Elevation of Privilege Vulnerabilities
- 7 Security Feature Bypass Vulnerabilities
- 12 Remote Code Execution Vulnerabilities
- 11 Information Disclosure Vulnerabilities
- 6 Denial of Service Vulnerabilities
- 3 Spoofing Vulnerabilities
Ocak 2024 Patch Tuesday Güvenlik Güncellemelerinin Tam Listesi
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| .NET and Visual Studio | CVE-2024-0057 | NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability | Important |
| .NET Core & Visual Studio | CVE-2024-20672 | .NET Core and Visual Studio Denial of Service Vulnerability | Important |
| .NET Framework | CVE-2024-21312 | .NET Framework Denial of Service Vulnerability | Important |
| Azure Storage Mover | CVE-2024-20676 | Azure Storage Mover Remote Code Execution Vulnerability | Important |
| Microsoft Bluetooth Driver | CVE-2024-21306 | Microsoft Bluetooth Driver Spoofing Vulnerability | Important |
| Microsoft Devices | CVE-2024-21325 | Microsoft Printer Metadata Troubleshooter Tool Remote Code Execution Vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2024-0222 | Chromium: CVE-2024-0222 Use after free in ANGLE | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2024-0223 | Chromium: CVE-2024-0223 Heap buffer overflow in ANGLE | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2024-0224 | Chromium: CVE-2024-0224 Use after free in WebAudio | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2024-0225 | Chromium: CVE-2024-0225 Use after free in WebGPU | Unknown |
| Microsoft Identity Services | CVE-2024-21319 | Microsoft Identity Denial of service vulnerability | Important |
| Microsoft Office | CVE-2024-20677 | Microsoft Office Remote Code Execution Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2024-21318 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
| Microsoft Virtual Hard Drive | CVE-2024-20658 | Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability | Important |
| Remote Desktop Client | CVE-2024-21307 | Remote Desktop Client Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-0056 | Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability | Important |
| SQLite | CVE-2022-35737 | MITRE: CVE-2022-35737 SQLite allows an array-bounds overflow | Important |
| Unified Extensible Firmware Interface | CVE-2024-21305 | Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability | Important |
| Visual Studio | CVE-2024-20656 | Visual Studio Elevation of Privilege Vulnerability | Important |
| Windows AllJoyn API | CVE-2024-20687 | Microsoft AllJoyn API Denial of Service Vulnerability | Important |
| Windows Authentication Methods | CVE-2024-20674 | Windows Kerberos Security Feature Bypass Vulnerability | Critical |
| Windows BitLocker | CVE-2024-20666 | BitLocker Security Feature Bypass Vulnerability | Important |
| Windows Cloud Files Mini Filter Driver | CVE-2024-21310 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | Important |
| Windows Collaborative Translation Framework | CVE-2024-20694 | Windows CoreMessaging Information Disclosure Vulnerability | Important |
| Windows Common Log File System Driver | CVE-2024-20653 | Microsoft Common Log File System Elevation of Privilege Vulnerability | Important |
| Windows Cryptographic Services | CVE-2024-20682 | Windows Cryptographic Services Remote Code Execution Vulnerability | Important |
| Windows Cryptographic Services | CVE-2024-21311 | Windows Cryptographic Services Information Disclosure Vulnerability | Important |
| Windows Group Policy | CVE-2024-20657 | Windows Group Policy Elevation of Privilege Vulnerability | Important |
| Windows Hyper-V | CVE-2024-20699 | Windows Hyper-V Denial of Service Vulnerability | Important |
| Windows Hyper-V | CVE-2024-20700 | Windows Hyper-V Remote Code Execution Vulnerability | Critical |
| Windows Kernel | CVE-2024-20698 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel-Mode Drivers | CVE-2024-21309 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | Important |
| Windows Libarchive | CVE-2024-20697 | Windows Libarchive Remote Code Execution Vulnerability | Important |
| Windows Libarchive | CVE-2024-20696 | Windows Libarchive Remote Code Execution Vulnerability | Important |
| Windows Local Security Authority Subsystem Service (LSASS) | CVE-2024-20692 | Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability | Important |
| Windows Message Queuing | CVE-2024-20660 | Microsoft Message Queuing Information Disclosure Vulnerability | Important |
| Windows Message Queuing | CVE-2024-20664 | Microsoft Message Queuing Information Disclosure Vulnerability | Important |
| Windows Message Queuing | CVE-2024-20680 | Windows Message Queuing Client (MSMQC) Information Disclosure | Important |
| Windows Message Queuing | CVE-2024-20663 | Windows Message Queuing Client (MSMQC) Information Disclosure | Important |
| Windows Message Queuing | CVE-2024-21314 | Microsoft Message Queuing Information Disclosure Vulnerability | Important |
| Windows Message Queuing | CVE-2024-20661 | Microsoft Message Queuing Denial of Service Vulnerability | Important |
| Windows Nearby Sharing | CVE-2024-20690 | Windows Nearby Sharing Spoofing Vulnerability | Important |
| Windows ODBC Driver | CVE-2024-20654 | Microsoft ODBC Driver Remote Code Execution Vulnerability | Important |
| Windows Online Certificate Status Protocol (OCSP) SnapIn | CVE-2024-20662 | Windows Online Certificate Status Protocol (OCSP) Information Disclosure Vulnerability | Important |
| Windows Online Certificate Status Protocol (OCSP) SnapIn | CVE-2024-20655 | Microsoft Online Certificate Status Protocol (OCSP) Remote Code Execution Vulnerability | Important |
| Windows Scripting | CVE-2024-20652 | Windows HTML Platforms Security Feature Bypass Vulnerability | Important |
| Windows Server Key Distribution Service | CVE-2024-21316 | Windows Server Key Distribution Service Security Feature Bypass | Important |
| Windows Subsystem for Linux | CVE-2024-20681 | Windows Subsystem for Linux Elevation of Privilege Vulnerability | Important |
| Windows TCP/IP | CVE-2024-21313 | Windows TCP/IP Information Disclosure Vulnerability | Important |
| Windows Themes | CVE-2024-20691 | Windows Themes Information Disclosure Vulnerability | Important |
| Windows Themes | CVE-2024-21320 | Windows Themes Spoofing Vulnerability | Important |
| Windows Win32 Kernel Subsystem | CVE-2024-20686 | Win32k Elevation of Privilege Vulnerability | Important |
| Windows Win32K | CVE-2024-20683 | Win32k Elevation of Privilege Vulnerability | Important |
