Microsoft, Sıfır Günlük ( Zero-Day ) Zafiyeti İçin Güncelleme Yayınladı

Mehmet Sait YILMAZ

Microsoft, güvenlik ekosisteminde standart haline gelen Aralık ” Patch Thursday ” güvenlik güncelleştirmelerini yayınladı.

Toplamda 36 adet zafiyet için güncelleme yayınladı. Bunlarda 7’si Kritik 27’si Önemli ve 1 adette düşük olarak sınıflandırıldı.

Zafiyetlerden 1 tanesi sıfır günlük ( zero-day ) olarak sınıflandırılırken, zafiyete yol açan win32k kompenantı olarak açıkladı.

Zafiyet CVE-2019-1458 kodu ile takip edilebilirken,zafiyetin istitmar edilmesi durumunda sistemler üzerinde tam kontrol sağlanılabiliyor.

Zafiyet Listesi Şu şekilde

 ADV190026Microsoft Guidance for cleaning up orphaned keys generated on vulnerable TPMs and used for Windows Hello for BusinessUnknown
End of Life SoftwareCVE-2019-1489Remote Desktop Protocol Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2019-1465Windows GDI Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2019-1468Win32k Graphics Remote Code Execution VulnerabilityCritical
Microsoft Graphics ComponentCVE-2019-1466Windows GDI Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2019-1467Windows GDI Information Disclosure VulnerabilityImportant
Microsoft OfficeCVE-2019-1400Microsoft Access Information Disclosure VulnerabilityImportant
Microsoft OfficeCVE-2019-1464Microsoft Excel Information Disclosure VulnerabilityImportant
Microsoft OfficeCVE-2019-1461Microsoft Word Denial of Service VulnerabilityImportant
Microsoft OfficeCVE-2019-1462Microsoft PowerPoint Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2019-1463Microsoft Access Information Disclosure VulnerabilityImportant
Microsoft Scripting EngineCVE-2019-1485VBScript Remote Code Execution VulnerabilityLow
Microsoft WindowsCVE-2019-1453Windows Remote Desktop Protocol (RDP) Denial of Service VulnerabilityImportant
Microsoft WindowsCVE-2019-1476Windows Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2019-1477Windows Printer Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2019-1474Windows Kernel Information Disclosure VulnerabilityImportant
Microsoft WindowsCVE-2019-1478Windows COM Server Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2019-1483Windows Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2019-1488Microsoft Defender Security Feature Bypass VulnerabilityImportant
Open Source SoftwareCVE-2019-1487Microsoft Authentication Library for Android Information Disclosure VulnerabilityImportant
Servicing Stack UpdatesADV990001Latest Servicing Stack UpdatesCritical
Skype for BusinessCVE-2019-1490Skype for Business Server Spoofing VulnerabilityImportant
SQL ServerCVE-2019-1332Microsoft SQL Server Reporting Services XSS VulnerabilityImportant
Visual StudioCVE-2019-1350Git for Visual Studio Remote Code Execution VulnerabilityCritical
Visual StudioCVE-2019-1349Git for Visual Studio Remote Code Execution VulnerabilityCritical
Visual StudioCVE-2019-1486Visual Studio Live Share Spoofing VulnerabilityImportant
Visual StudioCVE-2019-1387Git for Visual Studio Remote Code Execution VulnerabilityCritical
Visual StudioCVE-2019-1354Git for Visual Studio Remote Code Execution VulnerabilityCritical
Visual StudioCVE-2019-1351Git for Visual Studio Tampering VulnerabilityModerate
Visual StudioCVE-2019-1352Git for Visual Studio Remote Code Execution VulnerabilityCritical
Windows Hyper-VCVE-2019-1471Windows Hyper-V Remote Code Execution VulnerabilityCritical
Windows Hyper-VCVE-2019-1470Windows Hyper-V Information Disclosure VulnerabilityImportant
Windows KernelCVE-2019-1472Windows Kernel Information Disclosure VulnerabilityImportant
Windows KernelCVE-2019-1458Win32k Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2019-1469Win32k Information Disclosure VulnerabilityImportant
Windows Media PlayerCVE-2019-1480Windows Media Player Information Disclosure VulnerabilityImportant
Windows Media PlayerCVE-2019-1481Windows Media Player Information Disclosure VulnerabilityImportant
Windows OLECVE-2019-1484Windows OLE Remote Code Execution VulnerabilityImportant

Kaynak

Link

Exit mobile version