Haberler

Microsoft Şubat 2022 Patch Tuesday: 1 Zero-day 48 Zafiyet Kapatıldı

Mehmet Sait YILMAZ fotoğrafı Mehmet Sait YILMAZ Bir e-posta göndermek 09/02/2022
0 3 dakika okuma süresi

Microsoft bu ay yayınladığı Patch Tuesday yamaları ile 1 sıfırıncı gün güvenlik açığı ve toplam 48 zafiyeti kapattı. Microsoft, hiçbiri kritik olarak sınıflandırılmayan 48 güvenlik açığını (22 Microsoft Edge güvenlik açığı hariç) düzeltti.

Kapatılan zafiyetler aşağıdaki gibidir

  • 16 Elevation of Privilege Vulnerabilities
  • 3 Security Feature Bypass Vulnerabilities
  • 16 Remote Code Execution Vulnerabilities
  • 5 Information Disclosure Vulnerabilities
  • 5 Denial of Service Vulnerabilities
  • 3 Spoofing Vulnerabilities
  • 22 Edge – Chromium Vulnerabilities

Bir adet sıfır gün düzeltildi, hiçbiri aktif olarak kullanılmadı

Bu ayın Salı Yaması, genel olarak açıklanan bir sıfır gün güvenlik açığı için düzeltmeler içeriyor. Ancak saldırılarında aktif olarak yararlanılan sıfır gün güvenlik açığı olmadığını söyledi.

Şubat 2022 Yaması Salı Güvenlik Güncellemeleri

TagCVE IDCVE TitleSeverity
Azure Data ExplorerCVE-2022-23256Azure Data Explorer Spoofing VulnerabilityImportant
Kestrel Web ServerCVE-2022-21986.NET Denial of Service VulnerabilityImportant
Microsoft DynamicsCVE-2022-21957Microsoft Dynamics 365 (on-premises) Remote Code Execution VulnerabilityImportant
Microsoft Dynamics GPCVE-2022-23272Microsoft Dynamics GP Elevation Of Privilege VulnerabilityImportant
Microsoft Dynamics GPCVE-2022-23271Microsoft Dynamics GP Elevation Of Privilege VulnerabilityImportant
Microsoft Dynamics GPCVE-2022-23273Microsoft Dynamics GP Elevation Of Privilege VulnerabilityImportant
Microsoft Dynamics GPCVE-2022-23274Microsoft Dynamics GP Remote Code Execution VulnerabilityImportant
Microsoft Dynamics GPCVE-2022-23269Microsoft Dynamics GP Spoofing VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2022-0469Chromium: CVE-2022-0469 Use after free in CastUnknown
Microsoft Edge (Chromium-based)CVE-2022-0467Chromium: CVE-2022-0467 Inappropriate implementation in Pointer LockUnknown
Microsoft Edge (Chromium-based)CVE-2022-23261Microsoft Edge (Chromium-based) Tampering VulnerabilityModerate
Microsoft Edge (Chromium-based)CVE-2022-0453Chromium: CVE-2022-0453 Use after free in Reader ModeUnknown
Microsoft Edge (Chromium-based)CVE-2022-23262Microsoft Edge (Chromium-based) Elevation of Privilege VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2022-0468Chromium: CVE-2022-0468 Use after free in PaymentsUnknown
Microsoft Edge (Chromium-based)CVE-2022-0452Chromium: CVE-2022-0452 Use after free in Safe BrowsingUnknown
Microsoft Edge (Chromium-based)CVE-2022-23263Microsoft Edge (Chromium-based) Elevation of Privilege VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2022-0462Chromium: CVE-2022-0462 Inappropriate implementation in ScrollUnknown
Microsoft Edge (Chromium-based)CVE-2022-0461Chromium: CVE-2022-0461 Policy bypass in COOPUnknown
Microsoft Edge (Chromium-based)CVE-2022-0460Chromium: CVE-2022-0460 Use after free in Window DialogUnknown
Microsoft Edge (Chromium-based)CVE-2022-0465Chromium: CVE-2022-0465 Use after free in ExtensionsUnknown
Microsoft Edge (Chromium-based)CVE-2022-0464Chromium: CVE-2022-0464 Use after free in AccessibilityUnknown
Microsoft Edge (Chromium-based)CVE-2022-0463Chromium: CVE-2022-0463 Use after free in AccessibilityUnknown
Microsoft Edge (Chromium-based)CVE-2022-0459Chromium: CVE-2022-0459 Use after free in Screen CaptureUnknown
Microsoft Edge (Chromium-based)CVE-2022-0455Chromium: CVE-2022-0455 Inappropriate implementation in Full Screen ModeUnknown
Microsoft Edge (Chromium-based)CVE-2022-0454Chromium: CVE-2022-0454 Heap buffer overflow in ANGLEUnknown
Microsoft Edge (Chromium-based)CVE-2022-0466Chromium: CVE-2022-0466 Inappropriate implementation in Extensions PlatformUnknown
Microsoft Edge (Chromium-based)CVE-2022-0458Chromium: CVE-2022-0458 Use after free in Thumbnail Tab StripUnknown
Microsoft Edge (Chromium-based)CVE-2022-0457Chromium: CVE-2022-0457 Type Confusion in V8Unknown
Microsoft Edge (Chromium-based)CVE-2022-0456Chromium: CVE-2022-0456 Use after free in Web SearchUnknown
Microsoft Edge (Chromium-based)CVE-2022-0470Chromium: CVE-2022-0470 Out of bounds memory access in V8Unknown
Microsoft OfficeCVE-2022-22004Microsoft Office ClickToRun Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2022-22003Microsoft Office Graphics Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2022-23252Microsoft Office Information Disclosure VulnerabilityImportant
Microsoft Office ExcelCVE-2022-22716Microsoft Excel Information Disclosure VulnerabilityImportant
Microsoft Office OutlookCVE-2022-23280Microsoft Outlook for Mac Security Feature Bypass VulnerabilityImportant
Microsoft Office SharePointCVE-2022-21987Microsoft SharePoint Server Spoofing VulnerabilityImportant
Microsoft Office SharePointCVE-2022-21968Microsoft SharePoint Server Security Feature BypassVulnerabilityImportant
Microsoft Office SharePointCVE-2022-22005Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
Microsoft Office VisioCVE-2022-21988Microsoft Office Visio Remote Code Execution VulnerabilityImportant
Microsoft OneDriveCVE-2022-23255Microsoft OneDrive for Android Security Feature Bypass VulnerabilityImportant
Microsoft TeamsCVE-2022-21965Microsoft Teams Denial of Service VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2022-21844HEVC Video Extensions Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2022-21927HEVC Video Extensions Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2022-21926HEVC Video Extensions Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2022-22709VP9 Video Extensions Remote Code Execution VulnerabilityImportant
Power BICVE-2022-23254Microsoft Power BI Elevation of Privilege VulnerabilityImportant
Roaming Security Rights Management ServicesCVE-2022-21974Roaming Security Rights Management Services Remote Code Execution VulnerabilityImportant
Role: DNS ServerCVE-2022-21984Windows DNS Server Remote Code Execution VulnerabilityImportant
Role: Windows Hyper-VCVE-2022-21995Windows Hyper-V Remote Code Execution VulnerabilityImportant
Role: Windows Hyper-VCVE-2022-22712Windows Hyper-V Denial of Service VulnerabilityImportant
SQL ServerCVE-2022-23276SQL Server for Linux Containers Elevation of Privilege VulnerabilityImportant
Visual Studio CodeCVE-2022-21991Visual Studio Code Remote Development Extension Remote Code Execution VulnerabilityImportant
Windows Common Log File System DriverCVE-2022-22000Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
Windows Common Log File System DriverCVE-2022-22710Windows Common Log File System Driver Denial of Service VulnerabilityImportant
Windows Common Log File System DriverCVE-2022-21981Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
Windows Common Log File System DriverCVE-2022-21998Windows Common Log File System Driver Information Disclosure VulnerabilityImportant
Windows DWM Core LibraryCVE-2022-21994Windows DWM Core Library Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2022-21989Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2022-21992Windows Mobile Device Management Remote Code Execution VulnerabilityImportant
Windows Kernel-Mode DriversCVE-2022-21993Windows Services for NFS ONCRPC XDR Driver Information Disclosure VulnerabilityImportant
Windows Named Pipe File SystemCVE-2022-22715Named Pipe File System Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2022-22718Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2022-22717Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2022-21999Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2022-21997Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Remote Access Connection ManagerCVE-2022-21985Windows Remote Access Connection Manager Information Disclosure VulnerabilityImportant
Windows Remote Access Connection ManagerCVE-2022-22001Windows Remote Access Connection Manager Elevation of Privilege VulnerabilityImportant
Windows Remote Procedure Call RuntimeCVE-2022-21971Windows Runtime Remote Code Execution VulnerabilityImportant
Windows User Account ProfileCVE-2022-22002Windows User Account Profile Picture Denial of Service VulnerabilityImportant
Windows Win32KCVE-2022-21996Win32k Elevation of Privilege VulnerabilityImportant

Kaynak: bleepingcomputer.com

Mehmet Sait YILMAZ fotoğrafı Mehmet Sait YILMAZ Bir e-posta göndermek 09/02/2022
0 3 dakika okuma süresi
Mehmet Sait YILMAZ fotoğrafı

Mehmet Sait YILMAZ

İlgili Makaleler

Microsoft Edge Güncellemesi Yanlışlıkla Copilot Uygulaması Yüklüyor

19/04/2024

Cisco’dan Kritik Zafiyet Uyarısı!

18/04/2024

Kullanıcıların Dikkatine: PuTTY SSH’da Önemli Bir Güvenlik Açığı Tespit Edildi

17/04/2024

Microsoft Nisan 2024 Güncellemeleri SQL Reporting Services’de Sorunlara Neden Oluyor

16/04/2024

Bir yanıt yazın

E-posta adresiniz yayınlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir

Başa dön tuşu