Haberler

Microsoft Şubat 2024 Patch Tuesday: 2 Zero-Day, 73 Zafiyet Kapatıldı

Microsoft bu ay yayınladığı Patch Tuesday güncellemeleri ile 2 adet zero-day güvenlik açığı ve toplam 73 zafiyeti kapattı.

Bu ay iki adet zero day zafiyeti kapatıldı.

CVE-2024-21351 – Windows SmartScreen Security Feature Bypass Vulnerability

CVE-2024-21412 – Internet Shortcut Files Security Feature Bypass Vulnerability

Kapatılan zafiyetler aşağıdaki gibi:

  • 16 Elevation of Privilege Vulnerabilities
  • 3 Security Feature Bypass Vulnerabilities
  • 30 Remote Code Execution Vulnerabilities
  • 5 Information Disclosure Vulnerabilities
  • 9 Denial of Service Vulnerabilities
  • 10 Spoofing Vulnerabilities

Şubat 2024 Patch Tuesday Güvenlik Güncellemelerinin Tam Listesi

TagCVE IDCVE TitleSeverity
.NETCVE-2024-21386.NET Denial of Service VulnerabilityImportant
.NETCVE-2024-21404.NET Denial of Service VulnerabilityImportant
Azure Active DirectoryCVE-2024-21401Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege VulnerabilityImportant
Azure Active DirectoryCVE-2024-21381Microsoft Azure Active Directory B2C Spoofing VulnerabilityImportant
Azure Connected Machine AgentCVE-2024-21329Azure Connected Machine Agent Elevation of Privilege VulnerabilityImportant
Azure DevOpsCVE-2024-20667Azure DevOps Server Remote Code Execution VulnerabilityImportant
Azure File SyncCVE-2024-21397Microsoft Azure File Sync Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2024-21364Microsoft Azure Site Recovery Elevation of Privilege VulnerabilityModerate
Azure StackCVE-2024-20679Azure Stack Hub Spoofing VulnerabilityImportant
Internet Shortcut FilesCVE-2024-21412Internet Shortcut Files Security Feature Bypass VulnerabilityImportant
MarinerCVE-2024-21626UnknownUnknown
Microsoft ActiveXCVE-2024-21349Microsoft ActiveX Data Objects Remote Code Execution VulnerabilityImportant
Microsoft Azure Kubernetes ServiceCVE-2024-21403Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege VulnerabilityImportant
Microsoft Azure Kubernetes ServiceCVE-2024-21376Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution VulnerabilityImportant
Microsoft Defender for EndpointCVE-2024-21315Microsoft Defender for Endpoint Protection Elevation of Privilege VulnerabilityImportant
Microsoft DynamicsCVE-2024-21393Microsoft Dynamics 365 (on-premises) Cross-site Scripting VulnerabilityImportant
Microsoft DynamicsCVE-2024-21389Microsoft Dynamics 365 (on-premises) Cross-site Scripting VulnerabilityImportant
Microsoft DynamicsCVE-2024-21395Microsoft Dynamics 365 (on-premises) Cross-site Scripting VulnerabilityImportant
Microsoft DynamicsCVE-2024-21380Microsoft Dynamics Business Central/NAV Information Disclosure VulnerabilityCritical
Microsoft DynamicsCVE-2024-21328Dynamics 365 Sales Spoofing VulnerabilityImportant
Microsoft DynamicsCVE-2024-21394Dynamics 365 Field Service Spoofing VulnerabilityImportant
Microsoft DynamicsCVE-2024-21396Dynamics 365 Sales Spoofing VulnerabilityImportant
Microsoft DynamicsCVE-2024-21327Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2024-1284Chromium: CVE-2024-1284 Use after free in MojoUnknown
Microsoft Edge (Chromium-based)CVE-2024-21399Microsoft Edge (Chromium-based) Remote Code Execution VulnerabilityModerate
Microsoft Edge (Chromium-based)CVE-2024-1060Chromium: CVE-2024-1060 Use after free in CanvasUnknown
Microsoft Edge (Chromium-based)CVE-2024-1077Chromium: CVE-2024-1077 Use after free in NetworkUnknown
Microsoft Edge (Chromium-based)CVE-2024-1283Chromium: CVE-2024-1283 Heap buffer overflow in SkiaUnknown
Microsoft Edge (Chromium-based)CVE-2024-1059Chromium: CVE-2024-1059 Use after free in WebRTCUnknown
Microsoft Exchange ServerCVE-2024-21410Microsoft Exchange Server Elevation of Privilege VulnerabilityCritical
Microsoft OfficeCVE-2024-21413Microsoft Outlook Remote Code Execution VulnerabilityCritical
Microsoft OfficeCVE-2024-20673Microsoft Office Remote Code Execution VulnerabilityImportant
Microsoft Office OneNoteCVE-2024-21384Microsoft Office OneNote Remote Code Execution VulnerabilityImportant
Microsoft Office OutlookCVE-2024-21378Microsoft Outlook Remote Code Execution VulnerabilityImportant
Microsoft Office OutlookCVE-2024-21402Microsoft Outlook Elevation of Privilege VulnerabilityImportant
Microsoft Office WordCVE-2024-21379Microsoft Word Remote Code Execution VulnerabilityImportant
Microsoft Teams for AndroidCVE-2024-21374Microsoft Teams for Android Information DisclosureImportant
Microsoft WDAC ODBC DriverCVE-2024-21353Microsoft WDAC ODBC Driver Remote Code Execution VulnerabilityImportant
Microsoft WDAC OLE DB provider for SQLCVE-2024-21370Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution VulnerabilityImportant
Microsoft WDAC OLE DB provider for SQLCVE-2024-21350Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution VulnerabilityImportant
Microsoft WDAC OLE DB provider for SQLCVE-2024-21368Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution VulnerabilityImportant
Microsoft WDAC OLE DB provider for SQLCVE-2024-21359Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution VulnerabilityImportant
Microsoft WDAC OLE DB provider for SQLCVE-2024-21365Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution VulnerabilityImportant
Microsoft WDAC OLE DB provider for SQLCVE-2024-21367Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution VulnerabilityImportant
Microsoft WDAC OLE DB provider for SQLCVE-2024-21420Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution VulnerabilityImportant
Microsoft WDAC OLE DB provider for SQLCVE-2024-21366Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution VulnerabilityImportant
Microsoft WDAC OLE DB provider for SQLCVE-2024-21369Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution VulnerabilityImportant
Microsoft WDAC OLE DB provider for SQLCVE-2024-21375Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution VulnerabilityImportant
Microsoft WDAC OLE DB provider for SQLCVE-2024-21361Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution VulnerabilityImportant
Microsoft WDAC OLE DB provider for SQLCVE-2024-21358Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution VulnerabilityImportant
Microsoft WDAC OLE DB provider for SQLCVE-2024-21391Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution VulnerabilityImportant
Microsoft WDAC OLE DB provider for SQLCVE-2024-21360Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution VulnerabilityImportant
Microsoft WDAC OLE DB provider for SQLCVE-2024-21352Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution VulnerabilityImportant
Microsoft WindowsCVE-2024-21406Windows Printing Service Spoofing VulnerabilityImportant
Microsoft Windows DNSCVE-2024-21377Windows DNS Information Disclosure VulnerabilityImportant
Role: DNS ServerCVE-2023-50387MITRE: CVE-2023-50387 DNSSEC verification complexity can be exploited to exhaust CPU resources and stall DNS resolversImportant
Role: DNS ServerCVE-2024-21342Windows DNS Client Denial of Service VulnerabilityImportant
Skype for BusinessCVE-2024-20695Skype for Business Information Disclosure VulnerabilityImportant
SQL ServerCVE-2024-21347Microsoft ODBC Driver Remote Code Execution VulnerabilityImportant
Trusted Compute BaseCVE-2024-21304Trusted Compute Base Elevation of Privilege VulnerabilityImportant
Windows Hyper-VCVE-2024-20684Windows Hyper-V Denial of Service VulnerabilityCritical
Windows Internet Connection Sharing (ICS)CVE-2024-21343Windows Network Address Translation (NAT) Denial of Service VulnerabilityImportant
Windows Internet Connection Sharing (ICS)CVE-2024-21348Internet Connection Sharing (ICS) Denial of Service VulnerabilityImportant
Windows Internet Connection Sharing (ICS)CVE-2024-21357Windows Pragmatic General Multicast (PGM) Remote Code Execution VulnerabilityCritical
Windows Internet Connection Sharing (ICS)CVE-2024-21344Windows Network Address Translation (NAT) Denial of Service VulnerabilityImportant
Windows KernelCVE-2024-21371Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2024-21338Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2024-21341Windows Kernel Remote Code Execution VulnerabilityImportant
Windows KernelCVE-2024-21345Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2024-21362Windows Kernel Security Feature Bypass VulnerabilityImportant
Windows KernelCVE-2024-21340Windows Kernel Information Disclosure VulnerabilityImportant
Windows LDAP – Lightweight Directory Access ProtocolCVE-2024-21356Windows Lightweight Directory Access Protocol (LDAP) Denial of Service VulnerabilityImportant
Windows Message QueuingCVE-2024-21363Microsoft Message Queuing (MSMQ) Remote Code Execution VulnerabilityImportant
Windows Message QueuingCVE-2024-21355Microsoft Message Queuing (MSMQ) Elevation of Privilege VulnerabilityImportant
Windows Message QueuingCVE-2024-21405Microsoft Message Queuing (MSMQ) Elevation of Privilege VulnerabilityImportant
Windows Message QueuingCVE-2024-21354Microsoft Message Queuing (MSMQ) Elevation of Privilege VulnerabilityImportant
Windows OLECVE-2024-21372Windows OLE Remote Code Execution VulnerabilityImportant
Windows SmartScreenCVE-2024-21351Windows SmartScreen Security Feature Bypass VulnerabilityModerate
Windows USB Serial DriverCVE-2024-21339Windows USB Generic Parent Driver Remote Code Execution VulnerabilityImportant
Windows Win32K – ICOMPCVE-2024-21346Win32k Elevation of Privilege VulnerabilityImportant

İlgili Makaleler

Bir yanıt yazın

E-posta adresiniz yayınlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir

Başa dön tuşu