Microsoft, gelenekselleşen her ayın ikinci salısı yayınladığı güvenlik güncelleştirmelerini kapsayan Patch Tuesday’i yayınladı. Microsoft, bu ay yayınladığı güncellemeler ile 9 zero-day ve 117 zafiyeti kapattı. Microsoft, 13’ü Kritik, 1’i Orta ve 103’ü Önemli olarak sınıflandırılan 117 güvenlik açığını yamaladı. Zafiyetlere baktığımızda 117 güvenlik açığından 44’ü remote code execution , 32’si ayrıcalık yükseltme, 14’ü bilgi ifşası, 12’si Denial of Service, 8’i güvenlik atlama ve 7’si kimlik sahtekarlığı güvenlik açıklarıdır.
9 Zero-Day Kapatıldı, 4 Tanesi İstismar Edildiği Tespit Edildi
Aşağıdaki 5 Zafiyet Kamuya Açıklandı Ancak İstismar Edilmediği Belirtildi
- CVE-2021-34492 – Windows Certificate Spoofing Vulnerability
- CVE-2021-34523 – Microsoft Exchange Server Elevation of Privilege Vulnerability
- CVE-2021-34473 – Microsoft Exchange Server Remote Code Execution Vulnerability
- CVE-2021-33779 – Windows ADFS Security Feature Bypass Vulnerability
- CVE-2021-33781 – Active Directory Security Feature Bypass Vulnerability
PrintNightmare Olarak Bilinen Zafiyet İstismar Edilmiş Durumda
- CVE-2021-34527 – Windows Print Spooler Remote Code Execution Vulnerability
Kamuya Açıklanmayan Ancak İstismar Edilen Zafiyetler Aşağıdaki Gibidir
- CVE-2021-33771 – Windows Kernel Elevation of Privilege Vulnerability
- CVE-2021-34448 – Scripting Engine Memory Corruption Vulnerability
- CVE-2021-31979 – Windows Kernel Elevation of Privilege Vulnerability
Windows Hello Authentication Bypass Zafiyeti Giderildi
Bu zafiyet saldırganların yüz tanıma sistemini atlayarak sistemleri ele geçirmelerini sağlıyordu. CVE-2021-34466 kodu ile takip edilebilen zafiyet bu yayınlanan toplu güncellemeler ile kapatılmış durumda. Konu ile ilgili daha fazla bilgiye buradan ulaşabilirsiniz.
Diğer Güncelleştirmer Şöyle:
- Adobe released security updates for five products.
- Android’s July security updates were released last week.
- Cisco released security updates for numerous products this month.
- SAP released its July 2021 security updates.
- VMware released security updates for ESXi and ThinApp.
Tüm Yayınlanan Güncelleme Listesi Şöyle:
Tag | CVE ID | CVE Title | Severity |
---|---|---|---|
Active Directory Federation Services | CVE-2021-33779 | Windows ADFS Security Feature Bypass Vulnerability | Important |
Common Internet File System | CVE-2021-34476 | Bowser.sys Denial of Service Vulnerability | Important |
Dynamics Business Central Control | CVE-2021-34474 | Dynamics Business Central Remote Code Execution Vulnerability | Critical |
Microsoft Bing | CVE-2021-33753 | Microsoft Bing Search Spoofing Vulnerability | Important |
Microsoft Exchange Server | CVE-2021-31206 | Microsoft Exchange Server Remote Code Execution Vulnerability | Important |
Microsoft Exchange Server | CVE-2021-34473 | Microsoft Exchange Server Remote Code Execution Vulnerability | Critical |
Microsoft Exchange Server | CVE-2021-33766 | Microsoft Exchange Information Disclosure Vulnerability | Important |
Microsoft Exchange Server | CVE-2021-34523 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Important |
Microsoft Exchange Server | CVE-2021-31196 | Microsoft Exchange Server Remote Code Execution Vulnerability | Important |
Microsoft Exchange Server | CVE-2021-33768 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Important |
Microsoft Exchange Server | CVE-2021-34470 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Important |
Microsoft Graphics Component | CVE-2021-34440 | GDI+ Information Disclosure Vulnerability | Important |
Microsoft Graphics Component | CVE-2021-34489 | DirectWrite Remote Code Execution Vulnerability | Important |
Microsoft Graphics Component | CVE-2021-34496 | Windows GDI Information Disclosure Vulnerability | Important |
Microsoft Graphics Component | CVE-2021-34498 | Windows GDI Elevation of Privilege Vulnerability | Important |
Microsoft Graphics Component | CVE-2021-34438 | Windows Font Driver Host Remote Code Execution Vulnerability | Important |
Microsoft Office | CVE-2021-34469 | Microsoft Office Security Feature Bypass Vulnerability | Important |
Microsoft Office | CVE-2021-34451 | Microsoft Office Online Server Spoofing Vulnerability | Important |
Microsoft Office | CVE-2021-34452 | Microsoft Word Remote Code Execution Vulnerability | Important |
Microsoft Office Excel | CVE-2021-34501 | Microsoft Excel Remote Code Execution Vulnerability | Important |
Microsoft Office Excel | CVE-2021-34518 | Microsoft Excel Remote Code Execution Vulnerability | Important |
Microsoft Office SharePoint | CVE-2021-34468 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
Microsoft Office SharePoint | CVE-2021-34519 | Microsoft SharePoint Server Information Disclosure Vulnerability | Moderate |
Microsoft Office SharePoint | CVE-2021-34520 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
Microsoft Office SharePoint | CVE-2021-34517 | Microsoft SharePoint Server Spoofing Vulnerability | Important |
Microsoft Office SharePoint | CVE-2021-34467 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
Microsoft Scripting Engine | CVE-2021-34448 | Scripting Engine Memory Corruption Vulnerability | Critical |
Microsoft Windows Codecs Library | CVE-2021-33778 | HEVC Video Extensions Remote Code Execution Vulnerability | Important |
Microsoft Windows Codecs Library | CVE-2021-31947 | HEVC Video Extensions Remote Code Execution Vulnerability | Important |
Microsoft Windows Codecs Library | CVE-2021-33740 | Windows Media Remote Code Execution Vulnerability | Critical |
Microsoft Windows Codecs Library | CVE-2021-33760 | Media Foundation Information Disclosure Vulnerability | Important |
Microsoft Windows Codecs Library | CVE-2021-33775 | HEVC Video Extensions Remote Code Execution Vulnerability | Important |
Microsoft Windows Codecs Library | CVE-2021-33776 | HEVC Video Extensions Remote Code Execution Vulnerability | Important |
Microsoft Windows Codecs Library | CVE-2021-33777 | HEVC Video Extensions Remote Code Execution Vulnerability | Important |
Microsoft Windows Codecs Library | CVE-2021-34521 | Raw Image Extension Remote Code Execution Vulnerability | Important |
Microsoft Windows DNS | CVE-2021-34499 | Windows DNS Server Denial of Service Vulnerability | Important |
Microsoft Windows DNS | CVE-2021-33746 | Windows DNS Server Remote Code Execution Vulnerability | Important |
Microsoft Windows DNS | CVE-2021-33754 | Windows DNS Server Remote Code Execution Vulnerability | Important |
Microsoft Windows Media Foundation | CVE-2021-34441 | Microsoft Windows Media Foundation Remote Code Execution Vulnerability | Important |
Microsoft Windows Media Foundation | CVE-2021-34439 | Microsoft Windows Media Foundation Remote Code Execution Vulnerability | Critical |
Microsoft Windows Media Foundation | CVE-2021-34503 | Microsoft Windows Media Foundation Remote Code Execution Vulnerability | Critical |
OpenEnclave | CVE-2021-33767 | Open Enclave SDK Elevation of Privilege Vulnerability | Important |
Power BI | CVE-2021-31984 | Power BI Remote Code Execution Vulnerability | Important |
Role: DNS Server | CVE-2021-33749 | Windows DNS Snap-in Remote Code Execution Vulnerability | Important |
Role: DNS Server | CVE-2021-33745 | Windows DNS Server Denial of Service Vulnerability | Important |
Role: DNS Server | CVE-2021-34442 | Windows DNS Server Denial of Service Vulnerability | Important |
Role: DNS Server | CVE-2021-34444 | Windows DNS Server Denial of Service Vulnerability | Important |
Role: DNS Server | CVE-2021-34525 | Windows DNS Server Remote Code Execution Vulnerability | Important |
Role: DNS Server | CVE-2021-33780 | Windows DNS Server Remote Code Execution Vulnerability | Important |
Role: DNS Server | CVE-2021-34494 | Windows DNS Server Remote Code Execution Vulnerability | Critical |
Role: DNS Server | CVE-2021-33750 | Windows DNS Snap-in Remote Code Execution Vulnerability | Important |
Role: DNS Server | CVE-2021-33752 | Windows DNS Snap-in Remote Code Execution Vulnerability | Important |
Role: DNS Server | CVE-2021-33756 | Windows DNS Snap-in Remote Code Execution Vulnerability | Important |
Role: Hyper-V | CVE-2021-33758 | Windows Hyper-V Denial of Service Vulnerability | Important |
Role: Hyper-V | CVE-2021-33755 | Windows Hyper-V Denial of Service Vulnerability | Important |
Role: Hyper-V | CVE-2021-34450 | Windows Hyper-V Remote Code Execution Vulnerability | Critical |
Visual Studio Code | CVE-2021-34529 | Visual Studio Code Remote Code Execution Vulnerability | Important |
Visual Studio Code | CVE-2021-34528 | Visual Studio Code Remote Code Execution Vulnerability | Important |
Visual Studio Code | CVE-2021-34479 | Microsoft Visual Studio Spoofing Vulnerability | Important |
Visual Studio Code – .NET Runtime | CVE-2021-34477 | Visual Studio Code .NET Runtime Elevation of Privilege Vulnerability | Important |
Windows Active Directory | CVE-2021-33781 | Active Directory Security Feature Bypass Vulnerability | Important |
Windows Address Book | CVE-2021-34504 | Windows Address Book Remote Code Execution Vulnerability | Important |
Windows AF_UNIX Socket Provider | CVE-2021-33785 | Windows AF_UNIX Socket Provider Denial of Service Vulnerability | Important |
Windows AppContainer | CVE-2021-34459 | Windows AppContainer Elevation Of Privilege Vulnerability | Important |
Windows AppX Deployment Extensions | CVE-2021-34462 | Windows AppX Deployment Extensions Elevation of Privilege Vulnerability | Important |
Windows Authenticode | CVE-2021-33782 | Windows Authenticode Spoofing Vulnerability | Important |
Windows Cloud Files Mini Filter Driver | CVE-2021-33784 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | Important |
Windows Console Driver | CVE-2021-34488 | Windows Console Driver Elevation of Privilege Vulnerability | Important |
Windows Defender | CVE-2021-34522 | Microsoft Defender Remote Code Execution Vulnerability | Critical |
Windows Defender | CVE-2021-34464 | Microsoft Defender Remote Code Execution Vulnerability | Critical |
Windows Desktop Bridge | CVE-2021-33759 | Windows Desktop Bridge Elevation of Privilege Vulnerability | Important |
Windows Event Tracing | CVE-2021-33774 | Windows Event Tracing Elevation of Privilege Vulnerability | Important |
Windows File History Service | CVE-2021-34455 | Windows File History Service Elevation of Privilege Vulnerability | Important |
Windows Hello | CVE-2021-34466 | Windows Hello Security Feature Bypass Vulnerability | Important |
Windows HTML Platform | CVE-2021-34446 | Windows HTML Platforms Security Feature Bypass Vulnerability | Important |
Windows Installer | CVE-2021-33765 | Windows Installer Spoofing Vulnerability | Important |
Windows Installer | CVE-2021-34511 | Windows Installer Elevation of Privilege Vulnerability | Important |
Windows Installer | CVE-2021-31961 | Windows InstallService Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2021-34461 | Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2021-34508 | Windows Kernel Remote Code Execution Vulnerability | Important |
Windows Kernel | CVE-2021-34458 | Windows Kernel Remote Code Execution Vulnerability | Critical |
Windows Kernel | CVE-2021-33771 | Windows Kernel Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2021-31979 | Windows Kernel Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2021-34514 | Windows Kernel Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2021-34500 | Windows Kernel Memory Information Disclosure Vulnerability | Important |
Windows Key Distribution Center | CVE-2021-33764 | Windows Key Distribution Center Information Disclosure Vulnerability | Important |
Windows Local Security Authority Subsystem Service | CVE-2021-33788 | Windows LSA Denial of Service Vulnerability | Important |
Windows Local Security Authority Subsystem Service | CVE-2021-33786 | Windows LSA Security Feature Bypass Vulnerability | Important |
Windows MSHTML Platform | CVE-2021-34497 | Windows MSHTML Platform Remote Code Execution Vulnerability | Critical |
Windows MSHTML Platform | CVE-2021-34447 | Windows MSHTML Platform Remote Code Execution Vulnerability | Important |
Windows Partition Management Driver | CVE-2021-34493 | Windows Partition Management Driver Elevation of Privilege Vulnerability | Important |
Windows PFX Encryption | CVE-2021-34492 | Windows Certificate Spoofing Vulnerability | Important |
Windows Print Spooler Components | CVE-2021-34527 | Windows Print Spooler Remote Code Execution Vulnerability | Critical |
Windows Projected File System | CVE-2021-33743 | Windows Projected File System Elevation of Privilege Vulnerability | Important |
Windows Remote Access Connection Manager | CVE-2021-34457 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | Important |
Windows Remote Access Connection Manager | CVE-2021-33761 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | Important |
Windows Remote Access Connection Manager | CVE-2021-33773 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | Important |
Windows Remote Access Connection Manager | CVE-2021-33763 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | Important |
Windows Remote Access Connection Manager | CVE-2021-34445 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | Important |
Windows Remote Access Connection Manager | CVE-2021-34456 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | Important |
Windows Remote Assistance | CVE-2021-34507 | Windows Remote Assistance Information Disclosure Vulnerability | Important |
Windows Secure Kernel Mode | CVE-2021-33744 | Windows Secure Kernel Mode Security Feature Bypass Vulnerability | Important |
Windows Security Account Manager | CVE-2021-33757 | Windows Security Account Manager Remote Protocol Security Feature Bypass Vulnerability | Important |
Windows Shell | CVE-2021-34454 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | Important |
Windows SMB | CVE-2021-33783 | Windows SMB Information Disclosure Vulnerability | Important |
Windows Storage Spaces Controller | CVE-2021-33751 | Storage Spaces Controller Elevation of Privilege Vulnerability | Important |
Windows Storage Spaces Controller | CVE-2021-34460 | Storage Spaces Controller Elevation of Privilege Vulnerability | Important |
Windows Storage Spaces Controller | CVE-2021-34509 | Storage Spaces Controller Information Disclosure Vulnerability | Important |
Windows Storage Spaces Controller | CVE-2021-34510 | Storage Spaces Controller Elevation of Privilege Vulnerability | Important |
Windows Storage Spaces Controller | CVE-2021-34512 | Storage Spaces Controller Elevation of Privilege Vulnerability | Important |
Windows Storage Spaces Controller | CVE-2021-34513 | Storage Spaces Controller Elevation of Privilege Vulnerability | Important |
Windows TCP/IP | CVE-2021-31183 | Windows TCP/IP Driver Denial of Service Vulnerability | Important |
Windows TCP/IP | CVE-2021-33772 | Windows TCP/IP Driver Denial of Service Vulnerability | Important |
Windows TCP/IP | CVE-2021-34490 | Windows TCP/IP Driver Denial of Service Vulnerability | Important |
Windows Win32K | CVE-2021-34449 | Win32k Elevation of Privilege Vulnerability | Important |
Windows Win32K | CVE-2021-34516 | Win32k Elevation of Privilege Vulnerability | Important |
Windows Win32K | CVE-2021-34491 | Win32k Information Disclosure Vulnerability | Importan |
Kaynak: bleepingcomputer.com