Haberler

Microsoft Şubat 2023 Patch Tuesday: 3 Zero-Day, 77 Zafiyet Kapatıldı

Microsoft bu ay yayınladığı Patch Tuesday güncellemeleri ile 3 adet zero-day güvenlik açığı ve toplam 77 zafiyeti kapattı.

Bu ay yayınlanan güncellemerde düzeltilen 77 güvenlik açığından 9 tanesi kritik olarak olarak sınıflandırıdı.

Kapatılan zafiyetler aşağıdaki gibidir:

  • 12 Elevation of Privilege Vulnerabilities
  • 2 Security Feature Bypass Vulnerabilities
  • 38 Remote Code Execution Vulnerabilities
  • 8 Information Disclosure Vulnerabilities
  • 10 Denial of Service Vulnerabilities
  • 8 Spoofing Vulnerabilities

Üç adet zero-day kapatıldı

CVE-2023-21823 – Windows Graphics Component Remote Code Execution Vulnerability 

CVE-2023-21715 – Microsoft Publisher Security Features Bypass Vulnerability 

CVE-2023-23376 – Windows Common Log File System Driver Elevation of Privilege Vulnerability

Şubat 2023 Patch Tuesday Güvenlik Güncellemelerinin Tam Listesi

TagCVE IDCVE TitleSeverity
.NET CoreCVE-2023-21538.NET Denial of Service VulnerabilityImportant
3D BuilderCVE-2023-217823D Builder Remote Code Execution VulnerabilityImportant
3D BuilderCVE-2023-217813D Builder Remote Code Execution VulnerabilityImportant
3D BuilderCVE-2023-217833D Builder Remote Code Execution VulnerabilityImportant
3D BuilderCVE-2023-217843D Builder Remote Code Execution VulnerabilityImportant
3D BuilderCVE-2023-217913D Builder Remote Code Execution VulnerabilityImportant
3D BuilderCVE-2023-217933D Builder Remote Code Execution VulnerabilityImportant
3D BuilderCVE-2023-217863D Builder Remote Code Execution VulnerabilityImportant
3D BuilderCVE-2023-217903D Builder Remote Code Execution VulnerabilityImportant
3D BuilderCVE-2023-217803D Builder Remote Code Execution VulnerabilityImportant
3D BuilderCVE-2023-217923D Builder Remote Code Execution VulnerabilityImportant
3D BuilderCVE-2023-217893D Builder Remote Code Execution VulnerabilityImportant
3D BuilderCVE-2023-217853D Builder Remote Code Execution VulnerabilityImportant
3D BuilderCVE-2023-217873D Builder Remote Code Execution VulnerabilityImportant
3D BuilderCVE-2023-217883D Builder Remote Code Execution VulnerabilityImportant
Azure Service Fabric ContainerCVE-2023-21531Azure Service Fabric Container Elevation of Privilege VulnerabilityImportant
Microsoft Bluetooth DriverCVE-2023-21739Windows Bluetooth Driver Elevation of Privilege VulnerabilityImportant
Microsoft Exchange ServerCVE-2023-21764Microsoft Exchange Server Elevation of Privilege VulnerabilityImportant
Microsoft Exchange ServerCVE-2023-21763Microsoft Exchange Server Elevation of Privilege VulnerabilityImportant
Microsoft Exchange ServerCVE-2023-21762Microsoft Exchange Server Spoofing VulnerabilityImportant
Microsoft Exchange ServerCVE-2023-21761Microsoft Exchange Server Information Disclosure VulnerabilityImportant
Microsoft Exchange ServerCVE-2023-21745Microsoft Exchange Server Spoofing VulnerabilityImportant
Microsoft Graphics ComponentCVE-2023-21680Windows Win32k Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2023-21532Windows GDI Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2023-21552Windows GDI Elevation of Privilege VulnerabilityImportant
Microsoft Local Security Authority Server (lsasrv)CVE-2023-21728Windows Netlogon Denial of Service VulnerabilityImportant
Microsoft Message QueuingCVE-2023-21537Microsoft Message Queuing (MSMQ) Elevation of Privilege VulnerabilityImportant
Microsoft OfficeCVE-2023-21734Microsoft Office Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2023-21735Microsoft Office Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2023-21742Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2023-21743Microsoft SharePoint Server Security Feature Bypass VulnerabilityCritical
Microsoft Office SharePointCVE-2023-21744Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
Microsoft Office VisioCVE-2023-21741Microsoft Office Visio Information Disclosure VulnerabilityImportant
Microsoft Office VisioCVE-2023-21736Microsoft Office Visio Remote Code Execution VulnerabilityImportant
Microsoft Office VisioCVE-2023-21737Microsoft Office Visio Remote Code Execution VulnerabilityImportant
Microsoft Office VisioCVE-2023-21738Microsoft Office Visio Remote Code Execution VulnerabilityImportant
Microsoft WDAC OLE DB provider for SQLCVE-2023-21681Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution VulnerabilityImportant
Visual Studio CodeCVE-2023-21779Visual Studio Code Remote Code ExecutionImportant
Windows ALPCCVE-2023-21674Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege VulnerabilityImportant
Windows Ancillary Function Driver for WinSockCVE-2023-21768Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityImportant
Windows Authentication MethodsCVE-2023-21539Windows Authentication Remote Code Execution VulnerabilityImportant
Windows Backup EngineCVE-2023-21752Windows Backup Service Elevation of Privilege VulnerabilityImportant
Windows Bind Filter DriverCVE-2023-21733Windows Bind Filter Driver Elevation of Privilege VulnerabilityImportant
Windows BitLockerCVE-2023-21563BitLocker Security Feature Bypass VulnerabilityImportant
Windows Boot ManagerCVE-2023-21560Windows Boot Manager Security Feature Bypass VulnerabilityImportant
Windows Credential ManagerCVE-2023-21726Windows Credential Manager User Interface Elevation of Privilege VulnerabilityImportant
Windows Cryptographic ServicesCVE-2023-21559Windows Cryptographic Information Disclosure VulnerabilityImportant
Windows Cryptographic ServicesCVE-2023-21551Microsoft Cryptographic Services Elevation of Privilege VulnerabilityCritical
Windows Cryptographic ServicesCVE-2023-21561Microsoft Cryptographic Services Elevation of Privilege VulnerabilityCritical
Windows Cryptographic ServicesCVE-2023-21540Windows Cryptographic Information Disclosure VulnerabilityImportant
Windows Cryptographic ServicesCVE-2023-21730Microsoft Cryptographic Services Elevation of Privilege VulnerabilityCritical
Windows Cryptographic ServicesCVE-2023-21550Windows Cryptographic Information Disclosure VulnerabilityImportant
Windows DWM Core LibraryCVE-2023-21724Microsoft DWM Core Library Elevation of Privilege VulnerabilityImportant
Windows Error ReportingCVE-2023-21558Windows Error Reporting Service Elevation of Privilege VulnerabilityImportant
Windows Event TracingCVE-2023-21536Event Tracing for Windows Information Disclosure VulnerabilityImportant
Windows IKE ExtensionCVE-2023-21758Windows Internet Key Exchange (IKE) Extension Denial of Service VulnerabilityImportant
Windows IKE ExtensionCVE-2023-21683Windows Internet Key Exchange (IKE) Extension Denial of Service VulnerabilityImportant
Windows IKE ExtensionCVE-2023-21677Windows Internet Key Exchange (IKE) Extension Denial of Service VulnerabilityImportant
Windows InstallerCVE-2023-21542Windows Installer Elevation of Privilege VulnerabilityImportant
Windows Internet Key Exchange (IKE) ProtocolCVE-2023-21547Internet Key Exchange (IKE) Protocol Denial of Service VulnerabilityImportant
Windows iSCSICVE-2023-21527Windows iSCSI Service Denial of Service VulnerabilityImportant
Windows KernelCVE-2023-21755Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2023-21753Event Tracing for Windows Information Disclosure VulnerabilityImportant
Windows Layer 2 Tunneling ProtocolCVE-2023-21556Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution VulnerabilityCritical
Windows Layer 2 Tunneling ProtocolCVE-2023-21555Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution VulnerabilityCritical
Windows Layer 2 Tunneling ProtocolCVE-2023-21543Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution VulnerabilityCritical
Windows Layer 2 Tunneling ProtocolCVE-2023-21546Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution VulnerabilityCritical
Windows Layer 2 Tunneling ProtocolCVE-2023-21679Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution VulnerabilityCritical
Windows LDAP – Lightweight Directory Access ProtocolCVE-2023-21676Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution VulnerabilityImportant
Windows LDAP – Lightweight Directory Access ProtocolCVE-2023-21557Windows Lightweight Directory Access Protocol (LDAP) Denial of Service VulnerabilityImportant
Windows Local Security Authority (LSA)CVE-2023-21524Windows Local Security Authority (LSA) Elevation of Privilege VulnerabilityImportant
Windows Local Session Manager (LSM)CVE-2023-21771Windows Local Session Manager (LSM) Elevation of Privilege VulnerabilityImportant
Windows Malicious Software Removal ToolCVE-2023-21725Windows Malicious Software Removal Tool Elevation of Privilege VulnerabilityImportant
Windows Management InstrumentationCVE-2023-21754Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows NTLMCVE-2023-21746Windows NTLM Elevation of Privilege VulnerabilityImportant
Windows ODBC DriverCVE-2023-21732Microsoft ODBC Driver Remote Code Execution VulnerabilityImportant
Windows Overlay FilterCVE-2023-21766Windows Overlay Filter Information Disclosure VulnerabilityImportant
Windows Overlay FilterCVE-2023-21767Windows Overlay Filter Elevation of Privilege VulnerabilityImportant
Windows Point-to-Point Tunneling ProtocolCVE-2023-21682Windows Point-to-Point Protocol (PPP) Information Disclosure VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2023-21760Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2023-21765Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2023-21678Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Remote Access Service L2TP DriverCVE-2023-21757Windows Layer 2 Tunneling Protocol (L2TP) Denial of Service VulnerabilityImportant
Windows RPC APICVE-2023-21525Remote Procedure Call Runtime Denial of Service VulnerabilityImportant
Windows Secure Socket Tunneling Protocol (SSTP)CVE-2023-21548Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution VulnerabilityCritical
Windows Secure Socket Tunneling Protocol (SSTP)CVE-2023-21535Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution VulnerabilityCritical
Windows Smart CardCVE-2023-21759Windows Smart Card Resource Management Server Security Feature Bypass VulnerabilityImportant
Windows Task SchedulerCVE-2023-21541Windows Task Scheduler Elevation of Privilege VulnerabilityImportant
Windows Virtual Registry ProviderCVE-2023-21772Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows Virtual Registry ProviderCVE-2023-21748Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows Virtual Registry ProviderCVE-2023-21773Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows Virtual Registry ProviderCVE-2023-21747Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows Virtual Registry ProviderCVE-2023-21776Windows Kernel Information Disclosure VulnerabilityImportant
Windows Virtual Registry ProviderCVE-2023-21774Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows Virtual Registry ProviderCVE-2023-21750Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows Virtual Registry ProviderCVE-2023-21675Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows Virtual Registry ProviderCVE-2023-21749Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows Workstation ServiceCVE-2023-21549Windows SMB Witness Service Elevation of Privilege VulnerabilityImportant

Kaynak: bleepingcomputer.com

İlgili Makaleler

Bir yanıt yazın

E-posta adresiniz yayınlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir

Başa dön tuşu