Haberler

Microsoft Aralık 2022 Patch Tuesday: 2 Zero-Day, 49 Zafiyet Kapatıldı

Microsoft bu ay yayınladığı Patch Tuesday güncellemeleri ile 2 adet zero-day güvenlik açığı ve toplam 49 zafiyeti kapattı.

Bu ay yayınlanan güncellemerde düzeltilen 48 güvenlik açığından 6’sı kritik olarak olarak sınıflandırıdı.

Kapatılan zafiyetler aşağıdaki gibidir:

  • 19 Elevation of Privilege Vulnerabilities
  • 2 Security Feature Bypass Vulnerabilities
  • 23 Remote Code Execution Vulnerabilities
  • 3 Information Disclosure Vulnerabilities
  • 3 Denial of Service Vulnerabilities
  • 1 Spoofing Vulnerability

İki zero-day kapatıldı

CVE-2022-44698 – Windows SmartScreen Security Feature Bypass Vulnerability

CVE-2022-44710 – DirectX Graphics Kernel Elevation of Privilege Vulnerability

Aralık 2022 Patch Tuesday Güvenlik Güncellemelerinin Tam Listesi

TagCVE IDCVE TitleSeverity
.NET FrameworkCVE-2022-41089.NET Framework Remote Code Execution VulnerabilityImportant
AzureCVE-2022-44699Azure Network Watcher Agent Security Feature Bypass VulnerabilityImportant
Client Server Run-time Subsystem (CSRSS)CVE-2022-44673Windows Client Server Run-Time Subsystem (CSRSS) Elevation of Privilege VulnerabilityImportant
Microsoft Bluetooth DriverCVE-2022-44675Windows Bluetooth Driver Elevation of Privilege VulnerabilityImportant
Microsoft Bluetooth DriverCVE-2022-44674Windows Bluetooth Driver Information Disclosure VulnerabilityImportant
Microsoft DynamicsCVE-2022-41127Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution VulnerabilityCritical
Microsoft Edge (Chromium-based)CVE-2022-4192Chromium: CVE-2022-4192 Use after free in Live CaptionUnknown
Microsoft Edge (Chromium-based)CVE-2022-4193Chromium: CVE-2022-4193 Insufficient policy enforcement in File System APIUnknown
Microsoft Edge (Chromium-based)CVE-2022-4190Chromium: CVE-2022-4190 Insufficient data validation in DirectoryUnknown
Microsoft Edge (Chromium-based)CVE-2022-4191Chromium: CVE-2022-4191 Use after free in Sign-InUnknown
Microsoft Edge (Chromium-based)CVE-2022-4194Chromium: CVE-2022-4194 Use after free in AccessibilityUnknown
Microsoft Edge (Chromium-based)CVE-2022-41115Microsoft Edge (Chromium-based) Update Elevation of Privilege VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2022-44688Microsoft Edge (Chromium-based) Spoofing VulnerabilityModerate
Microsoft Edge (Chromium-based)CVE-2022-4195Chromium: CVE-2022-4195 Insufficient policy enforcement in Safe BrowsingUnknown
Microsoft Edge (Chromium-based)CVE-2022-44708Microsoft Edge (Chromium-based) Elevation of Privilege VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2022-4181Chromium: CVE-2022-4181 Use after free in FormsUnknown
Microsoft Edge (Chromium-based)CVE-2022-4180Chromium: CVE-2022-4180 Use after free in MojoUnknown
Microsoft Edge (Chromium-based)CVE-2022-4174Chromium: CVE-2022-4174 Type Confusion in V8Unknown
Microsoft Edge (Chromium-based)CVE-2022-4182Chromium: CVE-2022-4182 Inappropriate implementation in Fenced FramesUnknown
Microsoft Edge (Chromium-based)CVE-2022-4179Chromium: CVE-2022-4179 Use after free in AudioUnknown
Microsoft Edge (Chromium-based)CVE-2022-4178Chromium: CVE-2022-4178 Use after free in MojoUnknown
Microsoft Edge (Chromium-based)CVE-2022-4175Chromium: CVE-2022-4175 Use after free in Camera CaptureUnknown
Microsoft Edge (Chromium-based)CVE-2022-4177Chromium: CVE-2022-4177 Use after free in ExtensionsUnknown
Microsoft Edge (Chromium-based)CVE-2022-4187Chromium: CVE-2022-4187 Insufficient policy enforcement in DevToolsUnknown
Microsoft Edge (Chromium-based)CVE-2022-4185Chromium: CVE-2022-4185 Inappropriate implementation in NavigationUnknown
Microsoft Edge (Chromium-based)CVE-2022-4188Chromium: CVE-2022-4188 Insufficient validation of untrusted input in CORSUnknown
Microsoft Edge (Chromium-based)CVE-2022-4189Chromium: CVE-2022-4189 Insufficient policy enforcement in DevToolsUnknown
Microsoft Edge (Chromium-based)CVE-2022-4186Chromium: CVE-2022-4186 Insufficient validation of untrusted input in DownloadsUnknown
Microsoft Edge (Chromium-based)CVE-2022-4183Chromium: CVE-2022-4183 Insufficient policy enforcement in Popup BlockerUnknown
Microsoft Edge (Chromium-based)CVE-2022-4184Chromium: CVE-2022-4184 Insufficient policy enforcement in AutofillUnknown
Microsoft Graphics ComponentCVE-2022-26805Microsoft Office Graphics Remote Code Execution VulnerabilityImportant
Microsoft Graphics ComponentCVE-2022-26804Microsoft Office Graphics Remote Code Execution VulnerabilityImportant
Microsoft Graphics ComponentCVE-2022-47213Microsoft Office Graphics Remote Code Execution VulnerabilityImportant
Microsoft Graphics ComponentCVE-2022-44697Windows Graphics Component Elevation of Privilege VulnerabilityModerate
Microsoft Graphics ComponentCVE-2022-41121Windows Graphics Component Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2022-44671Windows Graphics Component Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2022-47212Microsoft Office Graphics Remote Code Execution VulnerabilityImportant
Microsoft Graphics ComponentCVE-2022-26806Microsoft Office Graphics Remote Code Execution VulnerabilityImportant
Microsoft Graphics ComponentCVE-2022-47211Microsoft Office Graphics Remote Code Execution VulnerabilityImportant
Microsoft Graphics ComponentCVE-2022-41074Windows Graphics Component Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2022-44679Windows Graphics Component Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2022-44680Windows Graphics Component Elevation of Privilege VulnerabilityImportant
Microsoft OfficeCVE-2022-44692Microsoft Office Graphics Remote Code Execution VulnerabilityImportant
Microsoft Office OneNoteCVE-2022-44691Microsoft Office OneNote Remote Code Execution VulnerabilityImportant
Microsoft Office OutlookCVE-2022-24480Outlook for Android Elevation of Privilege VulnerabilityImportant
Microsoft Office OutlookCVE-2022-44713Microsoft Outlook for Mac Spoofing VulnerabilityImportant
Microsoft Office SharePointCVE-2022-44690Microsoft SharePoint Server Remote Code Execution VulnerabilityCritical
Microsoft Office SharePointCVE-2022-44693Microsoft SharePoint Server Remote Code Execution VulnerabilityCritical
Microsoft Office VisioCVE-2022-44696Microsoft Office Visio Remote Code Execution VulnerabilityImportant
Microsoft Office VisioCVE-2022-44695Microsoft Office Visio Remote Code Execution VulnerabilityImportant
Microsoft Office VisioCVE-2022-44694Microsoft Office Visio Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2022-44668Windows Media Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2022-44667Windows Media Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2022-44687Raw Image Extension Remote Code Execution VulnerabilityImportant
Role: Windows Hyper-VCVE-2022-41094Windows Hyper-V Elevation of Privilege VulnerabilityImportant
Role: Windows Hyper-VCVE-2022-44682Windows Hyper-V Denial of Service VulnerabilityImportant
SysInternalsCVE-2022-44704Microsoft Windows Sysmon Elevation of Privilege VulnerabilityImportant
Windows CertificatesADV220005Guidance on Microsoft Signed Drivers Being Used MaliciouslyNone
Windows ContactsCVE-2022-44666Windows Contacts Remote Code Execution VulnerabilityImportant
Windows DirectXCVE-2022-44710DirectX Graphics Kernel Elevation of Privilege VulnerabilityImportant
Windows Error ReportingCVE-2022-44669Windows Error Reporting Elevation of Privilege VulnerabilityImportant
Windows Fax Compose FormCVE-2022-41077Windows Fax Compose Form Elevation of Privilege VulnerabilityImportant
Windows HTTP Print ProviderCVE-2022-44678Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2022-44707Windows Kernel Denial of Service VulnerabilityImportant
Windows KernelCVE-2022-44683Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows PowerShellCVE-2022-41076PowerShell Remote Code Execution VulnerabilityCritical
Windows Print Spooler ComponentsCVE-2022-44681Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Projected File SystemCVE-2022-44677Windows Projected File System Elevation of Privilege VulnerabilityImportant
Windows Secure Socket Tunneling Protocol (SSTP)CVE-2022-44670Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution VulnerabilityCritical
Windows Secure Socket Tunneling Protocol (SSTP)CVE-2022-44676Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution VulnerabilityCritical
Windows SmartScreenCVE-2022-44698Windows SmartScreen Security Feature Bypass VulnerabilityModerate
Windows Subsystem for LinuxCVE-2022-44689Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege VulnerabilityImportant
Windows TerminalCVE-2022-44702Windows Terminal Remote Code Execution VulnerabilityImportant

Kaynak: bleepingcomputer.com

İlgili Makaleler

Bir yanıt yazın

E-posta adresiniz yayınlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir

Başa dön tuşu