Microsoft’un Ekim 2021 salı yamasını yayınladı. Yayınlanan güncellemeler ile dört sıfırıncı gün güvenlik açığı ve toplam 74 zafiyet kapatıldı.
Microsoft, bugünkü güncellemeyle, üçü kritik, 70’i önemli ve biri düşük olarak sınıflandırılan 74 güvenlik açığını (Microsoft Edge dahil 81) kapattı.
Bugün yayınlanan güncellemelerin listesi aşağıdaki gibi:
- 21 Elevation of Privilege Vulnerabilities
- 6 Security Feature Bypass Vulnerabilities
- 20 Remote Code Execution Vulnerabilities
- 13 Information Disclosure Vulnerabilities
- 5 Denial of Service Vulnerabilities
- 9 Spoofing Vulnerabilities
Biri aktif olarak istismar edilen dört sıfır gün düzeltildi
- İlk zero-day “Win32k Elevation of Privilege” saldırganların Windows cihazında yüksek ayrıcalıklar elde etmesine olanak tanıyor.
- CVE-2021-40469 – Windows DNS Server Remote Code Execution Vulnerability
- CVE-2021-41335 – Windows Kernel Elevation of Privilege Vulnerability
- CVE-2021-41338 – Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability
Windows 11 KB5006674 güncelleştirmesi yayınlandı
Microsoft, Windows 11 KB5006674 toplu güncelleştirmesini yayımladı.Bunu yeni işletim sistemi için genel kanala yayınlandığından bu yana ilk güncelleştirme.
KB5006674 toplu güncelleştirmesi, ilk 5 Ekim’de yayımlandığından bu yana Windows 11 21H2 için güvenlik güncelleştirmeleri, performans iyileştirmeleri ve hata düzeltmeleri içeriyor. Bu güncellemeyi Başlat > Ayarlar > Windows Update’e gidip ‘Güncellemeleri Kontrol Et’i tıklayarak yükleyebilirsiniz .
Windows 10 güncellemeleri KB5006670 ve KB5006667 yayınlandı
Microsoft, Windows 10’un son sürümleri için toplu güncelleştirmeler KB5006670 ve KB5006667 yayımladı.
Bu ayın toplu güncellemeleri, Mayıs 2021 Güncellemesi (sürüm 21H1), Ekim 2020 Güncellemesi (sürüm 20H2) ve Mayıs 2020 Güncellemesi (sürüm 2004) bulunan bilgisayarlar için güvenlik düzeltmelerini içeriyor. Güncelleme şimdi çok sayıda hata düzeltmesi ve performans geliştirmesiyle Windows Update, WSUS ve Microsoft Update Kataloğu aracılığıyla dağıtılıyor.
Bugün yayınlanan yeni güncellemelerin listesi:
- Windows 10 version 1507 — (OS Build 10240.19086)
- Windows 10 version 1607 — (will be up shortly)
- Windows 10 version 1703 — EOS
- Windows 10 version 1709 — EOS
- Windows 10 version 1803 — EOS
- Windows 10 version 1809 — KB5006672 (OS Build 17763.2237)
- Windows 10 version 1903 — EOS
- Windows 10 version 1909 — (OS Build 18363.1854)
- Windows 10 version 2004, 20H2 and 21H1 — KB5006670 (OS Builds 19041.1288, 19042.1288, and 19043.1288)
Ayarlar’a gidip Windows Update’e tıklayarak ve güncellemeleri yüklemek için ‘ Güncellemeleri Kontrol Et’i seçerek yeni güncellemeleri kontrol edebilir ve yükleyebilirsiniz .
Aşağıda, Ekim 2021 Yaması Salı güncellemelerinde çözülen güvenlik açıklarının ve yayınlanan önerilerin tam listesi bulunmaktadır.
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| .NET Core & Visual Studio | CVE-2021-41355 | .NET Core and Visual Studio Information Disclosure Vulnerability | Important |
| Active Directory Federation Services | CVE-2021-41361 | Active Directory Federation Server Spoofing Vulnerability | Important |
| Console Window Host | CVE-2021-41346 | Console Window Host Security Feature Bypass Vulnerability | Important |
| HTTP.sys | CVE-2021-26442 | Windows HTTP.sys Elevation of Privilege Vulnerability | Important |
| Microsoft DWM Core Library | CVE-2021-41339 | Microsoft DWM Core Library Elevation of Privilege Vulnerability | Important |
| Microsoft Dynamics | CVE-2021-40457 | Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability | Important |
| Microsoft Dynamics | CVE-2021-41353 | Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability | Important |
| Microsoft Dynamics | CVE-2021-41354 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2021-37978 | Chromium: CVE-2021-37978 Heap buffer overflow in Blink | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2021-37979 | Chromium: CVE-2021-37979 Heap buffer overflow in WebRTC | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2021-37980 | Chromium: CVE-2021-37980 Inappropriate implementation in Sandbox | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2021-37977 | Chromium: CVE-2021-37977 Use after free in Garbage Collection | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2021-37974 | Chromium: CVE-2021-37974 Use after free in Safe Browsing | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2021-37975 | Chromium: CVE-2021-37975 Use after free in V8 | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2021-37976 | Chromium: CVE-2021-37976 Information leak in core | Unknown |
| Microsoft Exchange Server | CVE-2021-26427 | Microsoft Exchange Server Remote Code Execution Vulnerability | Important |
| Microsoft Exchange Server | CVE-2021-34453 | Microsoft Exchange Server Denial of Service Vulnerability | Important |
| Microsoft Exchange Server | CVE-2021-41348 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Important |
| Microsoft Exchange Server | CVE-2021-41350 | Microsoft Exchange Server Spoofing Vulnerability | Important |
| Microsoft Graphics Component | CVE-2021-41340 | Windows Graphics Component Remote Code Execution Vulnerability | Important |
| Microsoft Intune | CVE-2021-41363 | Intune Management Extension Security Feature Bypass Vulnerability | Important |
| Microsoft Office Excel | CVE-2021-40473 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2021-40472 | Microsoft Excel Information Disclosure Vulnerability | Important |
| Microsoft Office Excel | CVE-2021-40471 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2021-40474 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2021-40485 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2021-40479 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2021-40487 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2021-40483 | Microsoft SharePoint Server Spoofing Vulnerability | Low |
| Microsoft Office SharePoint | CVE-2021-40484 | Microsoft SharePoint Server Spoofing Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2021-40482 | Microsoft SharePoint Server Information Disclosure Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2021-41344 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
| Microsoft Office Visio | CVE-2021-40480 | Microsoft Office Visio Remote Code Execution Vulnerability | Important |
| Microsoft Office Visio | CVE-2021-40481 | Microsoft Office Visio Remote Code Execution Vulnerability | Important |
| Microsoft Office Word | CVE-2021-40486 | Microsoft Word Remote Code Execution Vulnerability | Critical |
| Microsoft Windows Codecs Library | CVE-2021-40462 | Windows Media Foundation Dolby Digital Atmos Decoders Remote Code Execution Vulnerability | Important |
| Microsoft Windows Codecs Library | CVE-2021-41330 | Microsoft Windows Media Foundation Remote Code Execution Vulnerability | Important |
| Microsoft Windows Codecs Library | CVE-2021-41331 | Windows Media Audio Decoder Remote Code Execution Vulnerability | Important |
| Rich Text Edit Control | CVE-2021-40454 | Rich Text Edit Control Information Disclosure Vulnerability | Important |
| Role: DNS Server | CVE-2021-40469 | Windows DNS Server Remote Code Execution Vulnerability | Important |
| Role: Windows Active Directory Server | CVE-2021-41337 | Active Directory Security Feature Bypass Vulnerability | Important |
| Role: Windows AD FS Server | CVE-2021-40456 | Windows AD FS Security Feature Bypass Vulnerability | Important |
| Role: Windows Hyper-V | CVE-2021-40461 | Windows Hyper-V Remote Code Execution Vulnerability | Critical |
| Role: Windows Hyper-V | CVE-2021-38672 | Windows Hyper-V Remote Code Execution Vulnerability | Critical |
| System Center | CVE-2021-41352 | SCOM Information Disclosure Vulnerability | Important |
| Visual Studio | CVE-2020-1971 | OpenSSL: CVE-2020-1971 EDIPARTYNAME NULL pointer de-reference | Important |
| Visual Studio | CVE-2021-3450 | OpenSSL: CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT | Important |
| Visual Studio | CVE-2021-3449 | OpenSSL: CVE-2021-3449 NULL pointer deref in signature_algorithms processing | Important |
| Windows AppContainer | CVE-2021-41338 | Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability | Important |
| Windows AppContainer | CVE-2021-40476 | Windows AppContainer Elevation Of Privilege Vulnerability | Important |
| Windows AppX Deployment Service | CVE-2021-41347 | Windows AppX Deployment Service Elevation of Privilege Vulnerability | Important |
| Windows Bind Filter Driver | CVE-2021-40468 | Windows Bind Filter Driver Information Disclosure Vulnerability | Important |
| Windows Cloud Files Mini Filter Driver | CVE-2021-40475 | Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability | Important |
| Windows Common Log File System Driver | CVE-2021-40443 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important |
| Windows Common Log File System Driver | CVE-2021-40467 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important |
| Windows Common Log File System Driver | CVE-2021-40466 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important |
| Windows Desktop Bridge | CVE-2021-41334 | Windows Desktop Bridge Elevation of Privilege Vulnerability | Important |
| Windows DirectX | CVE-2021-40470 | DirectX Graphics Kernel Elevation of Privilege Vulnerability | Important |
| Windows Event Tracing | CVE-2021-40477 | Windows Event Tracing Elevation of Privilege Vulnerability | Important |
| Windows exFAT File System | CVE-2021-38663 | Windows exFAT File System Information Disclosure Vulnerability | Important |
| Windows Fastfat Driver | CVE-2021-41343 | Windows Fast FAT File System Driver Information Disclosure Vulnerability | Important |
| Windows Fastfat Driver | CVE-2021-38662 | Windows Fast FAT File System Driver Information Disclosure Vulnerability | Important |
| Windows Installer | CVE-2021-40455 | Windows Installer Spoofing Vulnerability | Important |
| Windows Kernel | CVE-2021-41336 | Windows Kernel Information Disclosure Vulnerability | Important |
| Windows Kernel | CVE-2021-41335 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows MSHTML Platform | CVE-2021-41342 | Windows MSHTML Platform Remote Code Execution Vulnerability | Important |
| Windows Nearby Sharing | CVE-2021-40464 | Windows Nearby Sharing Elevation of Privilege Vulnerability | Important |
| Windows Network Address Translation (NAT) | CVE-2021-40463 | Windows NAT Denial of Service Vulnerability | Important |
| Windows Print Spooler Components | CVE-2021-41332 | Windows Print Spooler Information Disclosure Vulnerability | Important |
| Windows Print Spooler Components | CVE-2021-36970 | Windows Print Spooler Spoofing Vulnerability | Important |
| Windows Remote Procedure Call Runtime | CVE-2021-40460 | Windows Remote Procedure Call Runtime Security Feature Bypass Vulnerability | Important |
| Windows Storage Spaces Controller | CVE-2021-40489 | Storage Spaces Controller Elevation of Privilege Vulnerability | Important |
| Windows Storage Spaces Controller | CVE-2021-41345 | Storage Spaces Controller Elevation of Privilege Vulnerability | Important |
| Windows Storage Spaces Controller | CVE-2021-26441 | Storage Spaces Controller Elevation of Privilege Vulnerability | Important |
| Windows Storage Spaces Controller | CVE-2021-40478 | Storage Spaces Controller Elevation of Privilege Vulnerability | Important |
| Windows Storage Spaces Controller | CVE-2021-40488 | Storage Spaces Controller Elevation of Privilege Vulnerability | Important |
| Windows TCP/IP | CVE-2021-36953 | Windows TCP/IP Denial of Service Vulnerability | Important |
| Windows Text Shaping | CVE-2021-40465 | Windows Text Shaping Remote Code Execution Vulnerability | Important |
| Windows Win32K | CVE-2021-40449 | Win32k Elevation of Privilege Vulnerability | Important |
| Windows Win32K | CVE-2021-41357 | Win32k Elevation of Privilege Vulnerability | Important |
| Windows Win32K | CVE-2021-40450 | Win32k Elevation of Privilege Vulnerability | Important |
Kaynak: bleepingcomputer.com