Haberler

Microsoft,Patch Tuesday’i Yayınladı 9 Zero-Day 117 Zafiyeti Kapattı

Microsoft, gelenekselleşen her ayın ikinci salısı yayınladığı güvenlik güncelleştirmelerini kapsayan Patch Tuesday’i yayınladı. Microsoft, bu ay yayınladığı güncellemeler ile 9 zero-day ve 117 zafiyeti kapattı. Microsoft, 13’ü Kritik, 1’i Orta ve 103’ü Önemli olarak sınıflandırılan 117 güvenlik açığını yamaladı. Zafiyetlere baktığımızda 117 güvenlik açığından 44’ü remote code execution , 32’si ayrıcalık yükseltme, 14’ü bilgi ifşası, 12’si Denial of Service, 8’i güvenlik atlama ve 7’si kimlik sahtekarlığı güvenlik açıklarıdır.

9 Zero-Day Kapatıldı, 4 Tanesi İstismar Edildiği Tespit Edildi

Aşağıdaki 5 Zafiyet Kamuya Açıklandı Ancak İstismar Edilmediği Belirtildi

  • CVE-2021-34492 – Windows Certificate Spoofing Vulnerability
  • CVE-2021-34523 – Microsoft Exchange Server Elevation of Privilege Vulnerability
  • CVE-2021-34473 – Microsoft Exchange Server Remote Code Execution Vulnerability
  • CVE-2021-33779 – Windows ADFS Security Feature Bypass Vulnerability
  • CVE-2021-33781 – Active Directory Security Feature Bypass Vulnerability

PrintNightmare Olarak Bilinen Zafiyet İstismar Edilmiş Durumda

  • CVE-2021-34527 – Windows Print Spooler Remote Code Execution Vulnerability

Kamuya Açıklanmayan Ancak İstismar Edilen Zafiyetler Aşağıdaki Gibidir

  • CVE-2021-33771 – Windows Kernel Elevation of Privilege Vulnerability
  • CVE-2021-34448 – Scripting Engine Memory Corruption Vulnerability
  • CVE-2021-31979 – Windows Kernel Elevation of Privilege Vulnerability

Windows Hello Authentication Bypass Zafiyeti Giderildi

Bu zafiyet saldırganların yüz tanıma sistemini atlayarak sistemleri ele geçirmelerini sağlıyordu. CVE-2021-34466 kodu ile takip edilebilen zafiyet bu yayınlanan toplu güncellemeler ile kapatılmış durumda. Konu ile ilgili daha fazla bilgiye buradan ulaşabilirsiniz.

Diğer Güncelleştirmer Şöyle:

  • Adobe released security updates for five products.
  • Android’s July security updates were released last week.
  • Cisco released security updates for numerous products this month.
  • SAP released its July 2021 security updates.
  • VMware released security updates for ESXi and ThinApp.

Tüm Yayınlanan Güncelleme Listesi Şöyle:

TagCVE IDCVE TitleSeverity
Active Directory Federation ServicesCVE-2021-33779Windows ADFS Security Feature Bypass VulnerabilityImportant
Common Internet File SystemCVE-2021-34476Bowser.sys Denial of Service VulnerabilityImportant
Dynamics Business Central ControlCVE-2021-34474Dynamics Business Central Remote Code Execution VulnerabilityCritical
Microsoft BingCVE-2021-33753Microsoft Bing Search Spoofing VulnerabilityImportant
Microsoft Exchange ServerCVE-2021-31206Microsoft Exchange Server Remote Code Execution VulnerabilityImportant
Microsoft Exchange ServerCVE-2021-34473Microsoft Exchange Server Remote Code Execution VulnerabilityCritical
Microsoft Exchange ServerCVE-2021-33766Microsoft Exchange Information Disclosure VulnerabilityImportant
Microsoft Exchange ServerCVE-2021-34523Microsoft Exchange Server Elevation of Privilege VulnerabilityImportant
Microsoft Exchange ServerCVE-2021-31196Microsoft Exchange Server Remote Code Execution VulnerabilityImportant
Microsoft Exchange ServerCVE-2021-33768Microsoft Exchange Server Elevation of Privilege VulnerabilityImportant
Microsoft Exchange ServerCVE-2021-34470Microsoft Exchange Server Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2021-34440GDI+ Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2021-34489DirectWrite Remote Code Execution VulnerabilityImportant
Microsoft Graphics ComponentCVE-2021-34496Windows GDI Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2021-34498Windows GDI Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2021-34438Windows Font Driver Host Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2021-34469Microsoft Office Security Feature Bypass VulnerabilityImportant
Microsoft OfficeCVE-2021-34451Microsoft Office Online Server Spoofing VulnerabilityImportant
Microsoft OfficeCVE-2021-34452Microsoft Word Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2021-34501Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2021-34518Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2021-34468Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2021-34519Microsoft SharePoint Server Information Disclosure VulnerabilityModerate
Microsoft Office SharePointCVE-2021-34520Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2021-34517Microsoft SharePoint Server Spoofing VulnerabilityImportant
Microsoft Office SharePointCVE-2021-34467Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
Microsoft Scripting EngineCVE-2021-34448Scripting Engine Memory Corruption VulnerabilityCritical
Microsoft Windows Codecs LibraryCVE-2021-33778HEVC Video Extensions Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2021-31947HEVC Video Extensions Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2021-33740Windows Media Remote Code Execution VulnerabilityCritical
Microsoft Windows Codecs LibraryCVE-2021-33760Media Foundation Information Disclosure VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2021-33775HEVC Video Extensions Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2021-33776HEVC Video Extensions Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2021-33777HEVC Video Extensions Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2021-34521Raw Image Extension Remote Code Execution VulnerabilityImportant
Microsoft Windows DNSCVE-2021-34499Windows DNS Server Denial of Service VulnerabilityImportant
Microsoft Windows DNSCVE-2021-33746Windows DNS Server Remote Code Execution VulnerabilityImportant
Microsoft Windows DNSCVE-2021-33754Windows DNS Server Remote Code Execution VulnerabilityImportant
Microsoft Windows Media FoundationCVE-2021-34441Microsoft Windows Media Foundation Remote Code Execution VulnerabilityImportant
Microsoft Windows Media FoundationCVE-2021-34439Microsoft Windows Media Foundation Remote Code Execution VulnerabilityCritical
Microsoft Windows Media FoundationCVE-2021-34503Microsoft Windows Media Foundation Remote Code Execution VulnerabilityCritical
OpenEnclaveCVE-2021-33767Open Enclave SDK Elevation of Privilege VulnerabilityImportant
Power BICVE-2021-31984Power BI Remote Code Execution VulnerabilityImportant
Role: DNS ServerCVE-2021-33749Windows DNS Snap-in Remote Code Execution VulnerabilityImportant
Role: DNS ServerCVE-2021-33745Windows DNS Server Denial of Service VulnerabilityImportant
Role: DNS ServerCVE-2021-34442Windows DNS Server Denial of Service VulnerabilityImportant
Role: DNS ServerCVE-2021-34444Windows DNS Server Denial of Service VulnerabilityImportant
Role: DNS ServerCVE-2021-34525Windows DNS Server Remote Code Execution VulnerabilityImportant
Role: DNS ServerCVE-2021-33780Windows DNS Server Remote Code Execution VulnerabilityImportant
Role: DNS ServerCVE-2021-34494Windows DNS Server Remote Code Execution VulnerabilityCritical
Role: DNS ServerCVE-2021-33750Windows DNS Snap-in Remote Code Execution VulnerabilityImportant
Role: DNS ServerCVE-2021-33752Windows DNS Snap-in Remote Code Execution VulnerabilityImportant
Role: DNS ServerCVE-2021-33756Windows DNS Snap-in Remote Code Execution VulnerabilityImportant
Role: Hyper-VCVE-2021-33758Windows Hyper-V Denial of Service VulnerabilityImportant
Role: Hyper-VCVE-2021-33755Windows Hyper-V Denial of Service VulnerabilityImportant
Role: Hyper-VCVE-2021-34450Windows Hyper-V Remote Code Execution VulnerabilityCritical
Visual Studio CodeCVE-2021-34529Visual Studio Code Remote Code Execution VulnerabilityImportant
Visual Studio CodeCVE-2021-34528Visual Studio Code Remote Code Execution VulnerabilityImportant
Visual Studio CodeCVE-2021-34479Microsoft Visual Studio Spoofing VulnerabilityImportant
Visual Studio Code – .NET RuntimeCVE-2021-34477Visual Studio Code .NET Runtime Elevation of Privilege VulnerabilityImportant
Windows Active DirectoryCVE-2021-33781Active Directory Security Feature Bypass VulnerabilityImportant
Windows Address BookCVE-2021-34504Windows Address Book Remote Code Execution VulnerabilityImportant
Windows AF_UNIX Socket ProviderCVE-2021-33785Windows AF_UNIX Socket Provider Denial of Service VulnerabilityImportant
Windows AppContainerCVE-2021-34459Windows AppContainer Elevation Of Privilege VulnerabilityImportant
Windows AppX Deployment ExtensionsCVE-2021-34462Windows AppX Deployment Extensions Elevation of Privilege VulnerabilityImportant
Windows AuthenticodeCVE-2021-33782Windows Authenticode Spoofing VulnerabilityImportant
Windows Cloud Files Mini Filter DriverCVE-2021-33784Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityImportant
Windows Console DriverCVE-2021-34488Windows Console Driver Elevation of Privilege VulnerabilityImportant
Windows DefenderCVE-2021-34522Microsoft Defender Remote Code Execution VulnerabilityCritical
Windows DefenderCVE-2021-34464Microsoft Defender Remote Code Execution VulnerabilityCritical
Windows Desktop BridgeCVE-2021-33759Windows Desktop Bridge Elevation of Privilege VulnerabilityImportant
Windows Event TracingCVE-2021-33774Windows Event Tracing Elevation of Privilege VulnerabilityImportant
Windows File History ServiceCVE-2021-34455Windows File History Service Elevation of Privilege VulnerabilityImportant
Windows HelloCVE-2021-34466Windows Hello Security Feature Bypass VulnerabilityImportant
Windows HTML PlatformCVE-2021-34446Windows HTML Platforms Security Feature Bypass VulnerabilityImportant
Windows InstallerCVE-2021-33765Windows Installer Spoofing VulnerabilityImportant
Windows InstallerCVE-2021-34511Windows Installer Elevation of Privilege VulnerabilityImportant
Windows InstallerCVE-2021-31961Windows InstallService Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2021-34461Windows Container Isolation FS Filter Driver Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2021-34508Windows Kernel Remote Code Execution VulnerabilityImportant
Windows KernelCVE-2021-34458Windows Kernel Remote Code Execution VulnerabilityCritical
Windows KernelCVE-2021-33771Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2021-31979Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2021-34514Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2021-34500Windows Kernel Memory Information Disclosure VulnerabilityImportant
Windows Key Distribution CenterCVE-2021-33764Windows Key Distribution Center Information Disclosure VulnerabilityImportant
Windows Local Security Authority Subsystem ServiceCVE-2021-33788Windows LSA Denial of Service VulnerabilityImportant
Windows Local Security Authority Subsystem ServiceCVE-2021-33786Windows LSA Security Feature Bypass VulnerabilityImportant
Windows MSHTML PlatformCVE-2021-34497Windows MSHTML Platform Remote Code Execution VulnerabilityCritical
Windows MSHTML PlatformCVE-2021-34447Windows MSHTML Platform Remote Code Execution VulnerabilityImportant
Windows Partition Management DriverCVE-2021-34493Windows Partition Management Driver Elevation of Privilege VulnerabilityImportant
Windows PFX EncryptionCVE-2021-34492Windows Certificate Spoofing VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2021-34527Windows Print Spooler Remote Code Execution VulnerabilityCritical
Windows Projected File SystemCVE-2021-33743Windows Projected File System Elevation of Privilege VulnerabilityImportant
Windows Remote Access Connection ManagerCVE-2021-34457Windows Remote Access Connection Manager Information Disclosure VulnerabilityImportant
Windows Remote Access Connection ManagerCVE-2021-33761Windows Remote Access Connection Manager Elevation of Privilege VulnerabilityImportant
Windows Remote Access Connection ManagerCVE-2021-33773Windows Remote Access Connection Manager Elevation of Privilege VulnerabilityImportant
Windows Remote Access Connection ManagerCVE-2021-33763Windows Remote Access Connection Manager Information Disclosure VulnerabilityImportant
Windows Remote Access Connection ManagerCVE-2021-34445Windows Remote Access Connection Manager Elevation of Privilege VulnerabilityImportant
Windows Remote Access Connection ManagerCVE-2021-34456Windows Remote Access Connection Manager Elevation of Privilege VulnerabilityImportant
Windows Remote AssistanceCVE-2021-34507Windows Remote Assistance Information Disclosure VulnerabilityImportant
Windows Secure Kernel ModeCVE-2021-33744Windows Secure Kernel Mode Security Feature Bypass VulnerabilityImportant
Windows Security Account ManagerCVE-2021-33757Windows Security Account Manager Remote Protocol Security Feature Bypass VulnerabilityImportant
Windows ShellCVE-2021-34454Windows Remote Access Connection Manager Information Disclosure VulnerabilityImportant
Windows SMBCVE-2021-33783Windows SMB Information Disclosure VulnerabilityImportant
Windows Storage Spaces ControllerCVE-2021-33751Storage Spaces Controller Elevation of Privilege VulnerabilityImportant
Windows Storage Spaces ControllerCVE-2021-34460Storage Spaces Controller Elevation of Privilege VulnerabilityImportant
Windows Storage Spaces ControllerCVE-2021-34509Storage Spaces Controller Information Disclosure VulnerabilityImportant
Windows Storage Spaces ControllerCVE-2021-34510Storage Spaces Controller Elevation of Privilege VulnerabilityImportant
Windows Storage Spaces ControllerCVE-2021-34512Storage Spaces Controller Elevation of Privilege VulnerabilityImportant
Windows Storage Spaces ControllerCVE-2021-34513Storage Spaces Controller Elevation of Privilege VulnerabilityImportant
Windows TCP/IPCVE-2021-31183Windows TCP/IP Driver Denial of Service VulnerabilityImportant
Windows TCP/IPCVE-2021-33772Windows TCP/IP Driver Denial of Service VulnerabilityImportant
Windows TCP/IPCVE-2021-34490Windows TCP/IP Driver Denial of Service VulnerabilityImportant
Windows Win32KCVE-2021-34449Win32k Elevation of Privilege VulnerabilityImportant
Windows Win32KCVE-2021-34516Win32k Elevation of Privilege VulnerabilityImportant
Windows Win32KCVE-2021-34491Win32k Information Disclosure VulnerabilityImportan

Kaynak: bleepingcomputer.com

İlgili Makaleler

Bir yanıt yazın

E-posta adresiniz yayınlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir

Başa dön tuşu