Haberler
Microsoft Şubat 2024 Patch Tuesday: 2 Zero-Day, 73 Zafiyet Kapatıldı
Microsoft bu ay yayınladığı Patch Tuesday güncellemeleri ile 2 adet zero-day güvenlik açığı ve toplam 73 zafiyeti kapattı.
Bu ay iki adet zero day zafiyeti kapatıldı.
CVE-2024-21351 – Windows SmartScreen Security Feature Bypass Vulnerability
CVE-2024-21412 – Internet Shortcut Files Security Feature Bypass Vulnerability
Kapatılan zafiyetler aşağıdaki gibi:
- 16 Elevation of Privilege Vulnerabilities
- 3 Security Feature Bypass Vulnerabilities
- 30 Remote Code Execution Vulnerabilities
- 5 Information Disclosure Vulnerabilities
- 9 Denial of Service Vulnerabilities
- 10 Spoofing Vulnerabilities
Şubat 2024 Patch Tuesday Güvenlik Güncellemelerinin Tam Listesi
Tag | CVE ID | CVE Title | Severity |
---|---|---|---|
.NET | CVE-2024-21386 | .NET Denial of Service Vulnerability | Important |
.NET | CVE-2024-21404 | .NET Denial of Service Vulnerability | Important |
Azure Active Directory | CVE-2024-21401 | Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability | Important |
Azure Active Directory | CVE-2024-21381 | Microsoft Azure Active Directory B2C Spoofing Vulnerability | Important |
Azure Connected Machine Agent | CVE-2024-21329 | Azure Connected Machine Agent Elevation of Privilege Vulnerability | Important |
Azure DevOps | CVE-2024-20667 | Azure DevOps Server Remote Code Execution Vulnerability | Important |
Azure File Sync | CVE-2024-21397 | Microsoft Azure File Sync Elevation of Privilege Vulnerability | Important |
Azure Site Recovery | CVE-2024-21364 | Microsoft Azure Site Recovery Elevation of Privilege Vulnerability | Moderate |
Azure Stack | CVE-2024-20679 | Azure Stack Hub Spoofing Vulnerability | Important |
Internet Shortcut Files | CVE-2024-21412 | Internet Shortcut Files Security Feature Bypass Vulnerability | Important |
Mariner | CVE-2024-21626 | Unknown | Unknown |
Microsoft ActiveX | CVE-2024-21349 | Microsoft ActiveX Data Objects Remote Code Execution Vulnerability | Important |
Microsoft Azure Kubernetes Service | CVE-2024-21403 | Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability | Important |
Microsoft Azure Kubernetes Service | CVE-2024-21376 | Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution Vulnerability | Important |
Microsoft Defender for Endpoint | CVE-2024-21315 | Microsoft Defender for Endpoint Protection Elevation of Privilege Vulnerability | Important |
Microsoft Dynamics | CVE-2024-21393 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important |
Microsoft Dynamics | CVE-2024-21389 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important |
Microsoft Dynamics | CVE-2024-21395 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important |
Microsoft Dynamics | CVE-2024-21380 | Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability | Critical |
Microsoft Dynamics | CVE-2024-21328 | Dynamics 365 Sales Spoofing Vulnerability | Important |
Microsoft Dynamics | CVE-2024-21394 | Dynamics 365 Field Service Spoofing Vulnerability | Important |
Microsoft Dynamics | CVE-2024-21396 | Dynamics 365 Sales Spoofing Vulnerability | Important |
Microsoft Dynamics | CVE-2024-21327 | Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability | Important |
Microsoft Edge (Chromium-based) | CVE-2024-1284 | Chromium: CVE-2024-1284 Use after free in Mojo | Unknown |
Microsoft Edge (Chromium-based) | CVE-2024-21399 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | Moderate |
Microsoft Edge (Chromium-based) | CVE-2024-1060 | Chromium: CVE-2024-1060 Use after free in Canvas | Unknown |
Microsoft Edge (Chromium-based) | CVE-2024-1077 | Chromium: CVE-2024-1077 Use after free in Network | Unknown |
Microsoft Edge (Chromium-based) | CVE-2024-1283 | Chromium: CVE-2024-1283 Heap buffer overflow in Skia | Unknown |
Microsoft Edge (Chromium-based) | CVE-2024-1059 | Chromium: CVE-2024-1059 Use after free in WebRTC | Unknown |
Microsoft Exchange Server | CVE-2024-21410 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Critical |
Microsoft Office | CVE-2024-21413 | Microsoft Outlook Remote Code Execution Vulnerability | Critical |
Microsoft Office | CVE-2024-20673 | Microsoft Office Remote Code Execution Vulnerability | Important |
Microsoft Office OneNote | CVE-2024-21384 | Microsoft Office OneNote Remote Code Execution Vulnerability | Important |
Microsoft Office Outlook | CVE-2024-21378 | Microsoft Outlook Remote Code Execution Vulnerability | Important |
Microsoft Office Outlook | CVE-2024-21402 | Microsoft Outlook Elevation of Privilege Vulnerability | Important |
Microsoft Office Word | CVE-2024-21379 | Microsoft Word Remote Code Execution Vulnerability | Important |
Microsoft Teams for Android | CVE-2024-21374 | Microsoft Teams for Android Information Disclosure | Important |
Microsoft WDAC ODBC Driver | CVE-2024-21353 | Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability | Important |
Microsoft WDAC OLE DB provider for SQL | CVE-2024-21370 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
Microsoft WDAC OLE DB provider for SQL | CVE-2024-21350 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
Microsoft WDAC OLE DB provider for SQL | CVE-2024-21368 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
Microsoft WDAC OLE DB provider for SQL | CVE-2024-21359 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
Microsoft WDAC OLE DB provider for SQL | CVE-2024-21365 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
Microsoft WDAC OLE DB provider for SQL | CVE-2024-21367 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
Microsoft WDAC OLE DB provider for SQL | CVE-2024-21420 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
Microsoft WDAC OLE DB provider for SQL | CVE-2024-21366 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
Microsoft WDAC OLE DB provider for SQL | CVE-2024-21369 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
Microsoft WDAC OLE DB provider for SQL | CVE-2024-21375 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
Microsoft WDAC OLE DB provider for SQL | CVE-2024-21361 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
Microsoft WDAC OLE DB provider for SQL | CVE-2024-21358 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
Microsoft WDAC OLE DB provider for SQL | CVE-2024-21391 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
Microsoft WDAC OLE DB provider for SQL | CVE-2024-21360 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
Microsoft WDAC OLE DB provider for SQL | CVE-2024-21352 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
Microsoft Windows | CVE-2024-21406 | Windows Printing Service Spoofing Vulnerability | Important |
Microsoft Windows DNS | CVE-2024-21377 | Windows DNS Information Disclosure Vulnerability | Important |
Role: DNS Server | CVE-2023-50387 | MITRE: CVE-2023-50387 DNSSEC verification complexity can be exploited to exhaust CPU resources and stall DNS resolvers | Important |
Role: DNS Server | CVE-2024-21342 | Windows DNS Client Denial of Service Vulnerability | Important |
Skype for Business | CVE-2024-20695 | Skype for Business Information Disclosure Vulnerability | Important |
SQL Server | CVE-2024-21347 | Microsoft ODBC Driver Remote Code Execution Vulnerability | Important |
Trusted Compute Base | CVE-2024-21304 | Trusted Compute Base Elevation of Privilege Vulnerability | Important |
Windows Hyper-V | CVE-2024-20684 | Windows Hyper-V Denial of Service Vulnerability | Critical |
Windows Internet Connection Sharing (ICS) | CVE-2024-21343 | Windows Network Address Translation (NAT) Denial of Service Vulnerability | Important |
Windows Internet Connection Sharing (ICS) | CVE-2024-21348 | Internet Connection Sharing (ICS) Denial of Service Vulnerability | Important |
Windows Internet Connection Sharing (ICS) | CVE-2024-21357 | Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | Critical |
Windows Internet Connection Sharing (ICS) | CVE-2024-21344 | Windows Network Address Translation (NAT) Denial of Service Vulnerability | Important |
Windows Kernel | CVE-2024-21371 | Windows Kernel Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2024-21338 | Windows Kernel Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2024-21341 | Windows Kernel Remote Code Execution Vulnerability | Important |
Windows Kernel | CVE-2024-21345 | Windows Kernel Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2024-21362 | Windows Kernel Security Feature Bypass Vulnerability | Important |
Windows Kernel | CVE-2024-21340 | Windows Kernel Information Disclosure Vulnerability | Important |
Windows LDAP – Lightweight Directory Access Protocol | CVE-2024-21356 | Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability | Important |
Windows Message Queuing | CVE-2024-21363 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | Important |
Windows Message Queuing | CVE-2024-21355 | Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability | Important |
Windows Message Queuing | CVE-2024-21405 | Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability | Important |
Windows Message Queuing | CVE-2024-21354 | Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability | Important |
Windows OLE | CVE-2024-21372 | Windows OLE Remote Code Execution Vulnerability | Important |
Windows SmartScreen | CVE-2024-21351 | Windows SmartScreen Security Feature Bypass Vulnerability | Moderate |
Windows USB Serial Driver | CVE-2024-21339 | Windows USB Generic Parent Driver Remote Code Execution Vulnerability | Important |
Windows Win32K – ICOMP | CVE-2024-21346 | Win32k Elevation of Privilege Vulnerability | Important |