Haberler

Microsoft Patch Thursday Yayınlandı Ortalık Karıştı Exchange Server İçin Acil Yama Vakti!

Microsoft’un Ekim 2021 salı yamasını yayınladı. Yayınlanan güncellemeler ile dört sıfırıncı gün güvenlik açığı ve toplam 74 zafiyet kapatıldı.

Microsoft, bugünkü güncellemeyle, üçü kritik, 70’i önemli ve biri düşük olarak sınıflandırılan 74 güvenlik açığını (Microsoft Edge dahil 81) kapattı.

Bugün yayınlanan güncellemelerin listesi aşağıdaki gibi:

  • 21 Elevation of Privilege Vulnerabilities
  • 6 Security Feature Bypass Vulnerabilities
  • 20 Remote Code Execution Vulnerabilities
  • 13 Information Disclosure Vulnerabilities
  • 5 Denial of Service Vulnerabilities
  • 9 Spoofing Vulnerabilities

Biri aktif olarak istismar edilen dört sıfır gün düzeltildi

  • İlk zero-day “Win32k Elevation of Privilege” saldırganların Windows cihazında yüksek ayrıcalıklar elde etmesine olanak tanıyor.
  • CVE-2021-40469 – Windows DNS Server Remote Code Execution Vulnerability
  • CVE-2021-41335 – Windows Kernel Elevation of Privilege Vulnerability
  • CVE-2021-41338 – Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability

Windows 11 KB5006674 güncelleştirmesi yayınlandı

Microsoft, Windows 11 KB5006674 toplu güncelleştirmesini yayımladı.Bunu yeni işletim sistemi için genel kanala yayınlandığından bu yana ilk güncelleştirme.

KB5006674 toplu güncelleştirmesi, ilk 5 Ekim’de yayımlandığından bu yana Windows 11 21H2 için güvenlik güncelleştirmeleri, performans iyileştirmeleri ve hata düzeltmeleri içeriyor. Bu güncellemeyi Başlat >  Ayarlar  >  Windows Update’e  gidip ‘Güncellemeleri Kontrol Et’i tıklayarak  yükleyebilirsiniz . 

Windows 10 güncellemeleri KB5006670 ve KB5006667 yayınlandı

Microsoft, Windows 10’un son sürümleri için toplu güncelleştirmeler KB5006670 ve KB5006667 yayımladı.

Bu ayın toplu güncellemeleri, Mayıs 2021 Güncellemesi (sürüm 21H1), Ekim 2020 Güncellemesi (sürüm 20H2) ve Mayıs 2020 Güncellemesi (sürüm 2004) bulunan bilgisayarlar için güvenlik düzeltmelerini içeriyor. Güncelleme şimdi çok sayıda hata düzeltmesi ve performans geliştirmesiyle Windows Update, WSUS ve Microsoft Update Kataloğu aracılığıyla dağıtılıyor.

Bugün yayınlanan yeni güncellemelerin listesi:

Ayarlar’a gidip Windows Update’e tıklayarak  ve güncellemeleri yüklemek için ‘ Güncellemeleri Kontrol  Et’i seçerek  yeni güncellemeleri kontrol edebilir ve yükleyebilirsiniz  .

Aşağıda, Ekim 2021 Yaması Salı güncellemelerinde çözülen güvenlik açıklarının ve yayınlanan önerilerin tam listesi bulunmaktadır.

TagCVE IDCVE TitleSeverity
.NET Core & Visual StudioCVE-2021-41355.NET Core and Visual Studio Information Disclosure VulnerabilityImportant
Active Directory Federation ServicesCVE-2021-41361Active Directory Federation Server Spoofing VulnerabilityImportant
Console Window HostCVE-2021-41346Console Window Host Security Feature Bypass VulnerabilityImportant
HTTP.sysCVE-2021-26442Windows HTTP.sys Elevation of Privilege VulnerabilityImportant
Microsoft DWM Core LibraryCVE-2021-41339Microsoft DWM Core Library Elevation of Privilege VulnerabilityImportant
Microsoft DynamicsCVE-2021-40457Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting VulnerabilityImportant
Microsoft DynamicsCVE-2021-41353Microsoft Dynamics 365 (on-premises) Spoofing VulnerabilityImportant
Microsoft DynamicsCVE-2021-41354Microsoft Dynamics 365 (on-premises) Cross-site Scripting VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2021-37978Chromium: CVE-2021-37978 Heap buffer overflow in BlinkUnknown
Microsoft Edge (Chromium-based)CVE-2021-37979Chromium: CVE-2021-37979 Heap buffer overflow in WebRTCUnknown
Microsoft Edge (Chromium-based)CVE-2021-37980Chromium: CVE-2021-37980 Inappropriate implementation in SandboxUnknown
Microsoft Edge (Chromium-based)CVE-2021-37977Chromium: CVE-2021-37977 Use after free in Garbage CollectionUnknown
Microsoft Edge (Chromium-based)CVE-2021-37974Chromium: CVE-2021-37974 Use after free in Safe BrowsingUnknown
Microsoft Edge (Chromium-based)CVE-2021-37975Chromium: CVE-2021-37975 Use after free in V8Unknown
Microsoft Edge (Chromium-based)CVE-2021-37976Chromium: CVE-2021-37976 Information leak in coreUnknown
Microsoft Exchange ServerCVE-2021-26427Microsoft Exchange Server Remote Code Execution VulnerabilityImportant
Microsoft Exchange ServerCVE-2021-34453Microsoft Exchange Server Denial of Service VulnerabilityImportant
Microsoft Exchange ServerCVE-2021-41348Microsoft Exchange Server Elevation of Privilege VulnerabilityImportant
Microsoft Exchange ServerCVE-2021-41350Microsoft Exchange Server Spoofing VulnerabilityImportant
Microsoft Graphics ComponentCVE-2021-41340Windows Graphics Component Remote Code Execution VulnerabilityImportant
Microsoft IntuneCVE-2021-41363Intune Management Extension Security Feature Bypass VulnerabilityImportant
Microsoft Office ExcelCVE-2021-40473Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2021-40472Microsoft Excel Information Disclosure VulnerabilityImportant
Microsoft Office ExcelCVE-2021-40471Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2021-40474Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2021-40485Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2021-40479Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2021-40487Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2021-40483Microsoft SharePoint Server Spoofing VulnerabilityLow
Microsoft Office SharePointCVE-2021-40484Microsoft SharePoint Server Spoofing VulnerabilityImportant
Microsoft Office SharePointCVE-2021-40482Microsoft SharePoint Server Information Disclosure VulnerabilityImportant
Microsoft Office SharePointCVE-2021-41344Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
Microsoft Office VisioCVE-2021-40480Microsoft Office Visio Remote Code Execution VulnerabilityImportant
Microsoft Office VisioCVE-2021-40481Microsoft Office Visio Remote Code Execution VulnerabilityImportant
Microsoft Office WordCVE-2021-40486Microsoft Word Remote Code Execution VulnerabilityCritical
Microsoft Windows Codecs LibraryCVE-2021-40462Windows Media Foundation Dolby Digital Atmos Decoders Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2021-41330Microsoft Windows Media Foundation Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2021-41331Windows Media Audio Decoder Remote Code Execution VulnerabilityImportant
Rich Text Edit ControlCVE-2021-40454Rich Text Edit Control Information Disclosure VulnerabilityImportant
Role: DNS ServerCVE-2021-40469Windows DNS Server Remote Code Execution VulnerabilityImportant
Role: Windows Active Directory ServerCVE-2021-41337Active Directory Security Feature Bypass VulnerabilityImportant
Role: Windows AD FS ServerCVE-2021-40456Windows AD FS Security Feature Bypass VulnerabilityImportant
Role: Windows Hyper-VCVE-2021-40461Windows Hyper-V Remote Code Execution VulnerabilityCritical
Role: Windows Hyper-VCVE-2021-38672Windows Hyper-V Remote Code Execution VulnerabilityCritical
System CenterCVE-2021-41352SCOM Information Disclosure VulnerabilityImportant
Visual StudioCVE-2020-1971OpenSSL: CVE-2020-1971 EDIPARTYNAME NULL pointer de-referenceImportant
Visual StudioCVE-2021-3450OpenSSL: CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICTImportant
Visual StudioCVE-2021-3449OpenSSL: CVE-2021-3449 NULL pointer deref in signature_algorithms processingImportant
Windows AppContainerCVE-2021-41338Windows AppContainer Firewall Rules Security Feature Bypass VulnerabilityImportant
Windows AppContainerCVE-2021-40476Windows AppContainer Elevation Of Privilege VulnerabilityImportant
Windows AppX Deployment ServiceCVE-2021-41347Windows AppX Deployment Service Elevation of Privilege VulnerabilityImportant
Windows Bind Filter DriverCVE-2021-40468Windows Bind Filter Driver Information Disclosure VulnerabilityImportant
Windows Cloud Files Mini Filter DriverCVE-2021-40475Windows Cloud Files Mini Filter Driver Information Disclosure VulnerabilityImportant
Windows Common Log File System DriverCVE-2021-40443Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
Windows Common Log File System DriverCVE-2021-40467Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
Windows Common Log File System DriverCVE-2021-40466Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
Windows Desktop BridgeCVE-2021-41334Windows Desktop Bridge Elevation of Privilege VulnerabilityImportant
Windows DirectXCVE-2021-40470DirectX Graphics Kernel Elevation of Privilege VulnerabilityImportant
Windows Event TracingCVE-2021-40477Windows Event Tracing Elevation of Privilege VulnerabilityImportant
Windows exFAT File SystemCVE-2021-38663Windows exFAT File System Information Disclosure VulnerabilityImportant
Windows Fastfat DriverCVE-2021-41343Windows Fast FAT File System Driver Information Disclosure VulnerabilityImportant
Windows Fastfat DriverCVE-2021-38662Windows Fast FAT File System Driver Information Disclosure VulnerabilityImportant
Windows InstallerCVE-2021-40455Windows Installer Spoofing VulnerabilityImportant
Windows KernelCVE-2021-41336Windows Kernel Information Disclosure VulnerabilityImportant
Windows KernelCVE-2021-41335Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows MSHTML PlatformCVE-2021-41342Windows MSHTML Platform Remote Code Execution VulnerabilityImportant
Windows Nearby SharingCVE-2021-40464Windows Nearby Sharing Elevation of Privilege VulnerabilityImportant
Windows Network Address Translation (NAT)CVE-2021-40463Windows NAT Denial of Service VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2021-41332Windows Print Spooler Information Disclosure VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2021-36970Windows Print Spooler Spoofing VulnerabilityImportant
Windows Remote Procedure Call RuntimeCVE-2021-40460Windows Remote Procedure Call Runtime Security Feature Bypass VulnerabilityImportant
Windows Storage Spaces ControllerCVE-2021-40489Storage Spaces Controller Elevation of Privilege VulnerabilityImportant
Windows Storage Spaces ControllerCVE-2021-41345Storage Spaces Controller Elevation of Privilege VulnerabilityImportant
Windows Storage Spaces ControllerCVE-2021-26441Storage Spaces Controller Elevation of Privilege VulnerabilityImportant
Windows Storage Spaces ControllerCVE-2021-40478Storage Spaces Controller Elevation of Privilege VulnerabilityImportant
Windows Storage Spaces ControllerCVE-2021-40488Storage Spaces Controller Elevation of Privilege VulnerabilityImportant
Windows TCP/IPCVE-2021-36953Windows TCP/IP Denial of Service VulnerabilityImportant
Windows Text ShapingCVE-2021-40465Windows Text Shaping Remote Code Execution VulnerabilityImportant
Windows Win32KCVE-2021-40449Win32k Elevation of Privilege VulnerabilityImportant
Windows Win32KCVE-2021-41357Win32k Elevation of Privilege VulnerabilityImportant
Windows Win32KCVE-2021-40450Win32k Elevation of Privilege VulnerabilityImportant

Kaynak: bleepingcomputer.com

İlgili Makaleler

Bir yanıt yazın

E-posta adresiniz yayınlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir

Başa dön tuşu