Haberler

Microsoft Nisan 2023 Patch Tuesday: 1 Zero-Day, 97 Zafiyet Kapatıldı

Microsoft bu ay yayınladığı Patch Tuesday güncellemeleri ile 1 adet zero-day güvenlik açığı ve toplam 97 zafiyeti kapattı.

Bu ay yayınlanan güncellemerde düzeltilen 97 güvenlik açığından 7 tanesi kritik olarak olarak sınıflandırıdı.

Kapatılan zafiyetler aşağıdaki gibidir:

  • 20 Elevation of Privilege Vulnerabilities
  • 8 Security Feature Bypass Vulnerabilities
  • 45 Remote Code Execution Vulnerabilities
  • 10 Information Disclosure Vulnerabilities
  • 9 Denial of Service Vulnerabilities
  • 6 Spoofing Vulnerabilities

Bir adet zero-day kapatıldı

CVE-2023-28252 – Windows Common Log File System Driver Elevation of Privilege Vulnerability

Nisan 2023 Patch Tuesday Güvenlik Güncellemelerinin Tam Listesi

TagCVE IDCVE TitleSeverity
.NET CoreCVE-2023-28260.NET DLL Hijacking Remote Code Execution VulnerabilityImportant
Azure Machine LearningCVE-2023-28312Azure Machine Learning Information Disclosure VulnerabilityImportant
Azure Service ConnectorCVE-2023-28300Azure Service Connector Security Feature Bypass VulnerabilityImportant
Microsoft Bluetooth DriverCVE-2023-28227Windows Bluetooth Driver Remote Code Execution VulnerabilityImportant
Microsoft Defender for EndpointCVE-2023-24860Microsoft Defender Denial of Service VulnerabilityImportant
Microsoft DynamicsCVE-2023-28314Microsoft Dynamics 365 (on-premises) Cross-site Scripting VulnerabilityImportant
Microsoft DynamicsCVE-2023-28309Microsoft Dynamics 365 (on-premises) Cross-site Scripting VulnerabilityImportant
Microsoft Dynamics 365 Customer VoiceCVE-2023-28313Microsoft Dynamics 365 Customer Voice Cross-Site Scripting VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2023-28284Microsoft Edge (Chromium-based) Security Feature Bypass VulnerabilityModerate
Microsoft Edge (Chromium-based)CVE-2023-1823Chromium: CVE-2023-1823 Inappropriate implementation in FedCMUnknown
Microsoft Edge (Chromium-based)CVE-2023-28301Microsoft Edge (Chromium-based) Tampering VulnerabilityLow
Microsoft Edge (Chromium-based)CVE-2023-1810Chromium: CVE-2023-1810 Heap buffer overflow in VisualsUnknown
Microsoft Edge (Chromium-based)CVE-2023-24935Microsoft Edge (Chromium-based) Spoofing VulnerabilityLow
Microsoft Edge (Chromium-based)CVE-2023-1819Chromium: CVE-2023-1819 Out of bounds read in AccessibilityUnknown
Microsoft Edge (Chromium-based)CVE-2023-1818Chromium: CVE-2023-1818 Use after free in VulkanUnknown
Microsoft Edge (Chromium-based)CVE-2023-1814Chromium: CVE-2023-1814 Insufficient validation of untrusted input in Safe BrowsingUnknown
Microsoft Edge (Chromium-based)CVE-2023-1821Chromium: CVE-2023-1821 Inappropriate implementation in WebShareUnknown
Microsoft Edge (Chromium-based)CVE-2023-1811Chromium: CVE-2023-1811 Use after free in FramesUnknown
Microsoft Edge (Chromium-based)CVE-2023-1820Chromium: CVE-2023-1820 Heap buffer overflow in Browser HistoryUnknown
Microsoft Edge (Chromium-based)CVE-2023-1816Chromium: CVE-2023-1816 Incorrect security UI in Picture In PictureUnknown
Microsoft Edge (Chromium-based)CVE-2023-1815Chromium: CVE-2023-1815 Use after free in Networking APIsUnknown
Microsoft Edge (Chromium-based)CVE-2023-1822Chromium: CVE-2023-1822 Incorrect security UI in NavigationUnknown
Microsoft Edge (Chromium-based)CVE-2023-1813Chromium: CVE-2023-1813 Inappropriate implementation in ExtensionsUnknown
Microsoft Edge (Chromium-based)CVE-2023-1812Chromium: CVE-2023-1812 Out of bounds memory access in DOM BindingsUnknown
Microsoft Edge (Chromium-based)CVE-2023-1817Chromium: CVE-2023-1817 Insufficient policy enforcement in IntentsUnknown
Microsoft Graphics ComponentCVE-2023-24912Windows Graphics Component Elevation of Privilege VulnerabilityImportant
Microsoft Message QueuingCVE-2023-21769Microsoft Message Queuing Denial of Service VulnerabilityImportant
Microsoft Message QueuingCVE-2023-21554Microsoft Message Queuing Remote Code Execution VulnerabilityCritical
Microsoft OfficeCVE-2023-28285Microsoft Office Graphics Remote Code Execution VulnerabilityImportant
Microsoft Office PublisherCVE-2023-28295Microsoft Publisher Remote Code Execution VulnerabilityImportant
Microsoft Office PublisherCVE-2023-28287Microsoft Publisher Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2023-28288Microsoft SharePoint Server Spoofing VulnerabilityImportant
Microsoft Office WordCVE-2023-28311Microsoft Word Remote Code Execution VulnerabilityImportant
Microsoft PostScript Printer DriverCVE-2023-28243Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution VulnerabilityImportant
Microsoft Printer DriversCVE-2023-24883Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure VulnerabilityImportant
Microsoft Printer DriversCVE-2023-24927Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution VulnerabilityImportant
Microsoft Printer DriversCVE-2023-24925Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution VulnerabilityImportant
Microsoft Printer DriversCVE-2023-24924Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution VulnerabilityImportant
Microsoft Printer DriversCVE-2023-24885Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution VulnerabilityImportant
Microsoft Printer DriversCVE-2023-24928Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution VulnerabilityImportant
Microsoft Printer DriversCVE-2023-24884Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution VulnerabilityImportant
Microsoft Printer DriversCVE-2023-24926Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution VulnerabilityImportant
Microsoft Printer DriversCVE-2023-24929Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution VulnerabilityImportant
Microsoft Printer DriversCVE-2023-24887Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution VulnerabilityImportant
Microsoft Printer DriversCVE-2023-24886Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution VulnerabilityImportant
Microsoft WDAC OLE DB provider for SQLCVE-2023-28275Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution VulnerabilityImportant
Microsoft Windows DNSCVE-2023-28256Windows DNS Server Remote Code Execution VulnerabilityImportant
Microsoft Windows DNSCVE-2023-28278Windows DNS Server Remote Code Execution VulnerabilityImportant
Microsoft Windows DNSCVE-2023-28307Windows DNS Server Remote Code Execution VulnerabilityImportant
Microsoft Windows DNSCVE-2023-28306Windows DNS Server Remote Code Execution VulnerabilityImportant
Microsoft Windows DNSCVE-2023-28223Windows Domain Name Service Remote Code Execution VulnerabilityImportant
Microsoft Windows DNSCVE-2023-28254Windows DNS Server Remote Code Execution VulnerabilityImportant
Microsoft Windows DNSCVE-2023-28305Windows DNS Server Remote Code Execution VulnerabilityImportant
Microsoft Windows DNSCVE-2023-28308Windows DNS Server Remote Code Execution VulnerabilityImportant
Microsoft Windows DNSCVE-2023-28255Windows DNS Server Remote Code Execution VulnerabilityImportant
Microsoft Windows DNSCVE-2023-28277Windows DNS Server Information Disclosure VulnerabilityImportant
SQL ServerCVE-2023-23384Microsoft SQL Server Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2023-23375Microsoft ODBC and OLE DB Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2023-28304Microsoft ODBC and OLE DB Remote Code Execution VulnerabilityImportant
Visual StudioCVE-2023-28299Visual Studio Spoofing VulnerabilityImportant
Visual StudioCVE-2023-28262Visual Studio Elevation of Privilege VulnerabilityImportant
Visual StudioCVE-2023-28263Visual Studio Information Disclosure VulnerabilityImportant
Visual StudioCVE-2023-28296Visual Studio Remote Code Execution VulnerabilityImportant
Visual Studio CodeCVE-2023-24893Visual Studio Code Remote Code Execution VulnerabilityImportant
Windows Active DirectoryCVE-2023-28302Microsoft Message Queuing Denial of Service VulnerabilityImportant
Windows ALPCCVE-2023-28236Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows ALPCCVE-2023-28216Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege VulnerabilityImportant
Windows Ancillary Function Driver for WinSockCVE-2023-28218Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityImportant
Windows Boot ManagerCVE-2023-28269Windows Boot Manager Security Feature Bypass VulnerabilityImportant
Windows Boot ManagerCVE-2023-28249Windows Boot Manager Security Feature Bypass VulnerabilityImportant
Windows Clip ServiceCVE-2023-28273Windows Clip Service Elevation of Privilege VulnerabilityImportant
Windows CNG Key Isolation ServiceCVE-2023-28229Windows CNG Key Isolation Service Elevation of Privilege VulnerabilityImportant
Windows Common Log File System DriverCVE-2023-28266Windows Common Log File System Driver Information Disclosure VulnerabilityImportant
Windows Common Log File System DriverCVE-2023-28252Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
Windows DHCP ServerCVE-2023-28231DHCP Server Service Remote Code Execution VulnerabilityCritical
Windows Enroll EngineCVE-2023-28226Windows Enroll Engine Security Feature Bypass VulnerabilityImportant
Windows Error ReportingCVE-2023-28221Windows Error Reporting Service Elevation of Privilege VulnerabilityImportant
Windows Group PolicyCVE-2023-28276Windows Group Policy Security Feature Bypass VulnerabilityImportant
Windows Internet Key Exchange (IKE) ProtocolCVE-2023-28238Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution VulnerabilityImportant
Windows KerberosCVE-2023-28244Windows Kerberos Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2023-28271Windows Kernel Memory Information Disclosure VulnerabilityImportant
Windows KernelCVE-2023-28248Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2023-28222Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2023-28272Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2023-28293Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2023-28253Windows Kernel Information Disclosure VulnerabilityImportant
Windows KernelCVE-2023-28237Windows Kernel Remote Code Execution VulnerabilityImportant
Windows KernelCVE-2023-28298Windows Kernel Denial of Service VulnerabilityImportant
Windows Layer 2 Tunneling ProtocolCVE-2023-28219Layer 2 Tunneling Protocol Remote Code Execution VulnerabilityCritical
Windows Layer 2 Tunneling ProtocolCVE-2023-28220Layer 2 Tunneling Protocol Remote Code Execution VulnerabilityCritical
Windows Lock ScreenCVE-2023-28270Windows Lock Screen Security Feature Bypass VulnerabilityImportant
Windows Lock ScreenCVE-2023-28235Windows Lock Screen Security Feature Bypass VulnerabilityImportant
Windows NetlogonCVE-2023-28268Netlogon RPC Elevation of Privilege VulnerabilityImportant
Windows Network Address Translation (NAT)CVE-2023-28217Windows Network Address Translation (NAT) Denial of Service VulnerabilityImportant
Windows Network File SystemCVE-2023-28247Windows Network File System Information Disclosure VulnerabilityImportant
Windows Network Load BalancingCVE-2023-28240Windows Network Load Balancing Remote Code Execution VulnerabilityImportant
Windows NTLMCVE-2023-28225Windows NTLM Elevation of Privilege VulnerabilityImportant
Windows PGMCVE-2023-28250Windows Pragmatic General Multicast (PGM) Remote Code Execution VulnerabilityCritical
Windows Point-to-Point Protocol over Ethernet (PPPoE)CVE-2023-28224Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution VulnerabilityImportant
Windows Point-to-Point Tunneling ProtocolCVE-2023-28232Windows Point-to-Point Tunneling Protocol Remote Code Execution VulnerabilityCritical
Windows Raw Image ExtensionCVE-2023-28291Raw Image Extension Remote Code Execution VulnerabilityCritical
Windows Raw Image ExtensionCVE-2023-28292Raw Image Extension Remote Code Execution VulnerabilityImportant
Windows RDP ClientCVE-2023-28228Windows Spoofing VulnerabilityImportant
Windows RDP ClientCVE-2023-28267Remote Desktop Protocol Client Information Disclosure VulnerabilityImportant
Windows RegistryCVE-2023-28246Windows Registry Elevation of Privilege VulnerabilityImportant
Windows RPC APICVE-2023-21729Remote Procedure Call Runtime Information Disclosure VulnerabilityImportant
Windows RPC APICVE-2023-21727Remote Procedure Call Runtime Remote Code Execution VulnerabilityImportant
Windows RPC APICVE-2023-28297Windows Remote Procedure Call Service (RPCSS) Elevation of Privilege VulnerabilityImportant
Windows Secure ChannelCVE-2023-24931Windows Secure Channel Denial of Service VulnerabilityImportant
Windows Secure ChannelCVE-2023-28233Windows Secure Channel Denial of Service VulnerabilityImportant
Windows Secure Socket Tunneling Protocol (SSTP)CVE-2023-28241Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service VulnerabilityImportant
Windows Transport Security Layer (TLS)CVE-2023-28234Windows Secure Channel Denial of Service VulnerabilityImportant
Windows Win32KCVE-2023-28274Windows Win32k Elevation of Privilege VulnerabilityImportant
Windows Win32KCVE-2023-24914Win32k Elevation of Privilege VulnerabilityImportant

Kaynak: bleepingcomputer.com

İlgili Makaleler

Bir yanıt yazın

E-posta adresiniz yayınlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir

Başa dön tuşu