Microsoft bu ay yayınladığı Patch Tuesday güncellemeleri ile 4 adet zero-day güvenlik açığı ve toplam 142 zafiyeti kapattı.
Kapatılan zafiyetler aşağıdaki gibi:
- 26 Elevation of Privilege Vulnerabilities
- 24 Security Feature Bypass Vulnerabilities
- 59 Remote Code Execution Vulnerabilities
- 9 Information Disclosure Vulnerabilities
- 17 Denial of Service Vulnerabilities
- 7 Spoofing Vulnerabilities
Dört adet zero-day kapatıldı!
CVE-2024-38080 – Windows Hyper-V Elevation of Privilege Vulnerability
CVE-2024-38112 – Windows MSHTML Platform Spoofing Vulnerability
CVE-2024-35264 – .NET and Visual Studio Remote Code Execution Vulnerability
CVE-2024-37985 – Arm: CVE-2024-37985 Systematic Identification and Characterization of Proprietary Prefetchers
Temmuz 2024 Patch Tuesday Güvenlik Güncellemelerinin Tam Listesi
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| .NET and Visual Studio | CVE-2024-30105 | .NET Core and Visual Studio Denial of Service Vulnerability | Important |
| .NET and Visual Studio | CVE-2024-38081 | .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability | Important |
| .NET and Visual Studio | CVE-2024-35264 | .NET and Visual Studio Remote Code Execution Vulnerability | Important |
| .NET and Visual Studio | CVE-2024-38095 | .NET and Visual Studio Denial of Service Vulnerability | Important |
| Active Directory Rights Management Services | CVE-2024-39684 | Github: CVE-2024-39684 TenCent RapidJSON Elevation of Privilege Vulnerability | Moderate |
| Active Directory Rights Management Services | CVE-2024-38517 | Github: CVE-2024-38517 TenCent RapidJSON Elevation of Privilege Vulnerability | Moderate |
| Azure CycleCloud | CVE-2024-38092 | Azure CycleCloud Elevation of Privilege Vulnerability | Important |
| Azure DevOps | CVE-2024-35266 | Azure DevOps Server Spoofing Vulnerability | Important |
| Azure DevOps | CVE-2024-35267 | Azure DevOps Server Spoofing Vulnerability | Important |
| Azure Kinect SDK | CVE-2024-38086 | Azure Kinect SDK Remote Code Execution Vulnerability | Important |
| Azure Network Watcher | CVE-2024-35261 | Azure Network Watcher VM Extension Elevation of Privilege Vulnerability | Important |
| Intel | CVE-2024-37985 | Arm: CVE-2024-37985 Systematic Identification and Characterization of Proprietary Prefetchers | Important |
| Line Printer Daemon Service (LPD) | CVE-2024-38027 | Windows Line Printer Daemon Service Denial of Service Vulnerability | Important |
| Microsoft Defender for IoT | CVE-2024-38089 | Microsoft Defender for IoT Elevation of Privilege Vulnerability | Important |
| Microsoft Dynamics | CVE-2024-30061 | Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability | Important |
| Microsoft Graphics Component | CVE-2024-38079 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
| Microsoft Graphics Component | CVE-2024-38051 | Windows Graphics Component Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2024-38021 | Microsoft Office Remote Code Execution Vulnerability | Important |
| Microsoft Office Outlook | CVE-2024-38020 | Microsoft Outlook Spoofing Vulnerability | Moderate |
| Microsoft Office SharePoint | CVE-2024-38024 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2024-38023 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Critical |
| Microsoft Office SharePoint | CVE-2024-32987 | Microsoft SharePoint Server Information Disclosure Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2024-38094 | Microsoft SharePoint Remote Code Execution Vulnerability | Important |
| Microsoft Streaming Service | CVE-2024-38057 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | Important |
| Microsoft Streaming Service | CVE-2024-38054 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | Important |
| Microsoft Streaming Service | CVE-2024-38052 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | Important |
| Microsoft Windows Codecs Library | CVE-2024-38055 | Microsoft Windows Codecs Library Information Disclosure Vulnerability | Important |
| Microsoft Windows Codecs Library | CVE-2024-38056 | Microsoft Windows Codecs Library Information Disclosure Vulnerability | Important |
| Microsoft WS-Discovery | CVE-2024-38091 | Microsoft WS-Discovery Denial of Service Vulnerability | Important |
| NDIS | CVE-2024-38048 | Windows Network Driver Interface Specification (NDIS) Denial of Service Vulnerability | Important |
| NPS RADIUS Server | CVE-2024-3596 | CERT/CC: CVE-2024-3596 RADIUS Protocol Spoofing Vulnerability | Important |
| Role: Active Directory Certificate Services; Active Directory Domain Services | CVE-2024-38061 | DCOM Remote Cross-Session Activation Elevation of Privilege Vulnerability | Important |
| Role: Windows Hyper-V | CVE-2024-38080 | Windows Hyper-V Elevation of Privilege Vulnerability | Important |
| SQL Server | CVE-2024-28928 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-38088 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-20701 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-21317 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-21331 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-21308 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-21333 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-35256 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-21303 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-21335 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-35271 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-35272 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-21332 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-38087 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-21425 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-21449 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-37324 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-37330 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-37326 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-37329 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-37328 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-37327 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-37334 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-37321 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-37320 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-37319 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-37322 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-37333 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-37336 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-37323 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-37331 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-21398 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-21373 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-37318 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-21428 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-21415 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-37332 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-21414 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
| Windows BitLocker | CVE-2024-38058 | BitLocker Security Feature Bypass Vulnerability | Important |
| Windows COM Session | CVE-2024-38100 | Windows File Explorer Elevation of Privilege Vulnerability | Important |
| Windows CoreMessaging | CVE-2024-21417 | Windows Text Services Framework Elevation of Privilege Vulnerability | Important |
| Windows Cryptographic Services | CVE-2024-30098 | Windows Cryptographic Services Security Feature Bypass Vulnerability | Important |
| Windows DHCP Server | CVE-2024-38044 | DHCP Server Service Remote Code Execution Vulnerability | Important |
| Windows Distributed Transaction Coordinator | CVE-2024-38049 | Windows Distributed Transaction Coordinator Remote Code Execution Vulnerability | Important |
| Windows Enroll Engine | CVE-2024-38069 | Windows Enroll Engine Security Feature Bypass Vulnerability | Important |
| Windows Fax and Scan Service | CVE-2024-38104 | Windows Fax Service Remote Code Execution Vulnerability | Important |
| Windows Filtering | CVE-2024-38034 | Windows Filtering Platform Elevation of Privilege Vulnerability | Important |
| Windows Image Acquisition | CVE-2024-38022 | Windows Image Acquisition Elevation of Privilege Vulnerability | Important |
| Windows Imaging Component | CVE-2024-38060 | Windows Imaging Component Remote Code Execution Vulnerability | Critical |
| Windows Internet Connection Sharing (ICS) | CVE-2024-38105 | Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability | Important |
| Windows Internet Connection Sharing (ICS) | CVE-2024-38053 | Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability | Important |
| Windows Internet Connection Sharing (ICS) | CVE-2024-38102 | Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability | Important |
| Windows Internet Connection Sharing (ICS) | CVE-2024-38101 | Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability | Important |
| Windows iSCSI | CVE-2024-35270 | Windows iSCSI Service Denial of Service Vulnerability | Important |
| Windows Kernel | CVE-2024-38041 | Windows Kernel Information Disclosure Vulnerability | Important |
| Windows Kernel-Mode Drivers | CVE-2024-38062 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | Important |
| Windows LockDown Policy (WLDP) | CVE-2024-38070 | Windows LockDown Policy (WLDP) Security Feature Bypass Vulnerability | Important |
| Windows Message Queuing | CVE-2024-38017 | Microsoft Message Queuing Information Disclosure Vulnerability | Important |
| Windows MSHTML Platform | CVE-2024-38112 | Windows MSHTML Platform Spoofing Vulnerability | Important |
| Windows MultiPoint Services | CVE-2024-30013 | Windows MultiPoint Services Remote Code Execution Vulnerability | Important |
| Windows NTLM | CVE-2024-30081 | Windows NTLM Spoofing Vulnerability | Important |
| Windows Online Certificate Status Protocol (OCSP) | CVE-2024-38068 | Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability | Important |
| Windows Online Certificate Status Protocol (OCSP) | CVE-2024-38067 | Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability | Important |
| Windows Online Certificate Status Protocol (OCSP) | CVE-2024-38031 | Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability | Important |
| Windows Performance Monitor | CVE-2024-38028 | Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability | Important |
| Windows Performance Monitor | CVE-2024-38019 | Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability | Important |
| Windows Performance Monitor | CVE-2024-38025 | Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability | Important |
| Windows PowerShell | CVE-2024-38043 | PowerShell Elevation of Privilege Vulnerability | Important |
| Windows PowerShell | CVE-2024-38047 | PowerShell Elevation of Privilege Vulnerability | Important |
| Windows PowerShell | CVE-2024-38033 | PowerShell Elevation of Privilege Vulnerability | Important |
| Windows Remote Access Connection Manager | CVE-2024-30071 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | Important |
| Windows Remote Access Connection Manager | CVE-2024-30079 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | Important |
| Windows Remote Desktop | CVE-2024-38076 | Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | Critical |
| Windows Remote Desktop | CVE-2024-38015 | Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability | Important |
| Windows Remote Desktop Licensing Service | CVE-2024-38071 | Windows Remote Desktop Licensing Service Denial of Service Vulnerability | Important |
| Windows Remote Desktop Licensing Service | CVE-2024-38073 | Windows Remote Desktop Licensing Service Denial of Service Vulnerability | Important |
| Windows Remote Desktop Licensing Service | CVE-2024-38074 | Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | Critical |
| Windows Remote Desktop Licensing Service | CVE-2024-38072 | Windows Remote Desktop Licensing Service Denial of Service Vulnerability | Important |
| Windows Remote Desktop Licensing Service | CVE-2024-38077 | Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | Critical |
| Windows Remote Desktop Licensing Service | CVE-2024-38099 | Windows Remote Desktop Licensing Service Denial of Service Vulnerability | Important |
| Windows Secure Boot | CVE-2024-38065 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-37986 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-37981 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-37987 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-28899 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-26184 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-38011 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-37984 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-37988 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-37977 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-37978 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-37974 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-38010 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-37989 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-37970 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-37975 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-37972 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-37973 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-37971 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-37969 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Server Backup | CVE-2024-38013 | Microsoft Windows Server Backup Elevation of Privilege Vulnerability | Important |
| Windows TCP/IP | CVE-2024-38064 | Windows TCP/IP Information Disclosure Vulnerability | Important |
| Windows Themes | CVE-2024-38030 | Windows Themes Spoofing Vulnerability | Important |
| Windows Win32 Kernel Subsystem | CVE-2024-38085 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
| Windows Win32K – GRFX | CVE-2024-38066 | Windows Win32k Elevation of Privilege Vulnerability | Important |
| Windows Win32K – ICOMP | CVE-2024-38059 | Win32k Elevation of Privilege Vulnerability | Important |
| Windows Workstation Service | CVE-2024-38050 | Windows Workstation Service Elevation of Privilege Vulnerability | Important |
| XBox Crypto Graphic Services | CVE-2024-38032 | Microsoft Xbox Remote Code Execution Vulnerability | Important |
| XBox Crypto Graphic Services | CVE-2024-38078 | Xbox Wireless Adapter Remote Code Execution Vulnerability | Important |
