Haberler

Microsoft Ağustos 2022 Patch Tuesday: 2 Zero-Day, 121 Zafiyet Kapatıldı

Microsoft bu ay yayınladığı Patch Tuesday yamaları ile 1 adet zero-day güvenlik açığı ve toplam 121 zafiyeti kapattı.

Bugünkü güncellemede düzeltilen 121 güvenlik açığından on yedisi, uzaktan kod yürütülmesine veya ayrıcalıkların yükseltilmesine izin verdikleri için ‘Kritik’ olarak sınıflandırıldı.

Kapatılan zafiyetler aşağıdaki gibidir:

  • 64 Elevation of Privilege Vulnerabilities
  • 6 Security Feature Bypass Vulnerabilities
  • 31 Remote Code Execution Vulnerabilities
  • 12 Information Disclosure Vulnerabilities
  • 7 Denial of Service Vulnerabilities
  • 1 Spoofing Vulnerability

İki zero-day kapatıldı, bir tanesi aktif olarak kullanıldı

Aktif olarak yararlanılan zero-day güvenlik açıklarında ilki ‘ DogWalk ‘ olarak biliniyor ve Microsoft tarafından ‘ CVE-2022-34713 ‘  – “Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability” güvenlik açığı olarak izleniyor. Diğer zero-day güvenlik açığı ‘ CVE-2022-30134 ‘ olarak izleniyor ve “Microsoft Exchange Information Disclosure Vulnerability” olarak gösteriliyor. Zafiyetin istismar edilmesi durumunda e-posta mesajlarını okumasına olanak tanıyor.

Ağustos 2022 Patch Tuesday Güvenlik Güncellemelerinin Tam Listesi

TagCVE IDCVE TitleSeverity
.NET CoreCVE-2022-34716.NET Spoofing VulnerabilityImportant
Active Directory Domain ServicesCVE-2022-34691Active Directory Domain Services Elevation of Privilege VulnerabilityCritical
Azure Batch Node AgentCVE-2022-33646Azure Batch Node Agent Elevation of Privilege VulnerabilityCritical
Azure Real Time Operating SystemCVE-2022-34685Azure RTOS GUIX Studio Information Disclosure VulnerabilityImportant
Azure Real Time Operating SystemCVE-2022-34686Azure RTOS GUIX Studio Information Disclosure VulnerabilityImportant
Azure Real Time Operating SystemCVE-2022-35773Azure RTOS GUIX Studio Remote Code Execution VulnerabilityImportant
Azure Real Time Operating SystemCVE-2022-35779Azure RTOS GUIX Studio Remote Code Execution VulnerabilityImportant
Azure Real Time Operating SystemCVE-2022-35806Azure RTOS GUIX Studio Remote Code Execution VulnerabilityImportant
Azure Real Time Operating SystemCVE-2022-34687Azure RTOS GUIX Studio Remote Code Execution VulnerabilityImportant
Azure Real Time Operating SystemCVE-2022-30176Azure RTOS GUIX Studio Remote Code Execution VulnerabilityImportant
Azure Real Time Operating SystemCVE-2022-30175Azure RTOS GUIX Studio Remote Code Execution VulnerabilityImportant
Azure Site RecoveryCVE-2022-35791Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-35818Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-35809Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-35789Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-35815Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-35817Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-35816Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-35814Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-35785Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-35812Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-35811Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-35784Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-35810Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-35813Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-35788Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-35783Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-35786Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-35787Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-35819Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-35781Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-35775Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-35790Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-35780Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-35799Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-35772Azure Site Recovery Remote Code Execution VulnerabilityImportant
Azure Site RecoveryCVE-2022-35800Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-35774Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-35802Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-35782Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-35824Azure Site Recovery Remote Code Execution VulnerabilityImportant
Azure Site RecoveryCVE-2022-35801Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-35808Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-35776Azure Site Recovery Denial of Service VulnerabilityImportant
Azure Site RecoveryCVE-2022-35807Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure SphereCVE-2022-35821Azure Sphere Information Disclosure VulnerabilityImportant
Microsoft ATA Port DriverCVE-2022-35760Microsoft ATA Port Driver Elevation of Privilege VulnerabilityImportant
Microsoft Bluetooth DriverCVE-2022-35820Windows Bluetooth Driver Elevation of Privilege VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2022-35796Microsoft Edge (Chromium-based) Elevation of Privilege VulnerabilityLow
Microsoft Edge (Chromium-based)CVE-2022-33649Microsoft Edge (Chromium-based) Security Feature Bypass VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2022-2618Chromium: CVE-2022-2618 Insufficient validation of untrusted input in InternalsUnknown
Microsoft Edge (Chromium-based)CVE-2022-2616Chromium: CVE-2022-2616 Inappropriate implementation in Extensions APIUnknown
Microsoft Edge (Chromium-based)CVE-2022-2617Chromium: CVE-2022-2617 Use after free in Extensions APIUnknown
Microsoft Edge (Chromium-based)CVE-2022-2619Chromium: CVE-2022-2619 Insufficient validation of untrusted input in SettingsUnknown
Microsoft Edge (Chromium-based)CVE-2022-2622Chromium: CVE-2022-2622 Insufficient validation of untrusted input in Safe BrowsingUnknown
Microsoft Edge (Chromium-based)CVE-2022-2623Chromium: CVE-2022-2623 Use after free in OfflineUnknown
Microsoft Edge (Chromium-based)CVE-2022-33636Microsoft Edge (Chromium-based) Remote Code Execution VulnerabilityModerate
Microsoft Edge (Chromium-based)CVE-2022-2621Chromium: CVE-2022-2621 Use after free in ExtensionsUnknown
Microsoft Edge (Chromium-based)CVE-2022-2615Chromium: CVE-2022-2615 Insufficient policy enforcement in CookiesUnknown
Microsoft Edge (Chromium-based)CVE-2022-2604Chromium: CVE-2022-2604 Use after free in Safe BrowsingUnknown
Microsoft Edge (Chromium-based)CVE-2022-2605Chromium: CVE-2022-2605 Out of bounds read in DawnUnknown
Microsoft Edge (Chromium-based)CVE-2022-2624Chromium: CVE-2022-2624 Heap buffer overflow in PDFUnknown
Microsoft Edge (Chromium-based)CVE-2022-2603Chromium: CVE-2022-2603 Use after free in OmniboxUnknown
Microsoft Edge (Chromium-based)CVE-2022-2606Chromium: CVE-2022-2606 Use after free in Managed devices APIUnknown
Microsoft Edge (Chromium-based)CVE-2022-2612Chromium: CVE-2022-2612 Side-channel information leakage in Keyboard inputUnknown
Microsoft Edge (Chromium-based)CVE-2022-2614Chromium: CVE-2022-2614 Use after free in Sign-In FlowUnknown
Microsoft Edge (Chromium-based)CVE-2022-2610Chromium: CVE-2022-2610 Insufficient policy enforcement in Background FetchUnknown
Microsoft Edge (Chromium-based)CVE-2022-2611Chromium: CVE-2022-2611 Inappropriate implementation in Fullscreen APIUnknown
Microsoft Exchange ServerCVE-2022-34692Microsoft Exchange Information Disclosure VulnerabilityImportant
Microsoft Exchange ServerCVE-2022-21980Microsoft Exchange Server Elevation of Privilege VulnerabilityCritical
Microsoft Exchange ServerCVE-2022-21979Microsoft Exchange Information Disclosure VulnerabilityImportant
Microsoft Exchange ServerCVE-2022-24516Microsoft Exchange Server Elevation of Privilege VulnerabilityCritical
Microsoft Exchange ServerCVE-2022-30134Microsoft Exchange Information Disclosure VulnerabilityImportant
Microsoft Exchange ServerCVE-2022-24477Microsoft Exchange Server Elevation of Privilege VulnerabilityCritical
Microsoft OfficeCVE-2022-34717Microsoft Office Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2022-33648Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2022-33631Microsoft Excel Security Feature Bypass VulnerabilityImportant
Microsoft Office OutlookCVE-2022-35742Microsoft Outlook Denial of Service VulnerabilityImportant
Microsoft Windows Support Diagnostic Tool (MSDT)CVE-2022-34713Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution VulnerabilityImportant
Microsoft Windows Support Diagnostic Tool (MSDT)CVE-2022-35743Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution VulnerabilityImportant
Remote Access Service Point-to-Point Tunneling ProtocolCVE-2022-35752Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution VulnerabilityCritical
Remote Access Service Point-to-Point Tunneling ProtocolCVE-2022-35753Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution VulnerabilityCritical
Remote Access Service Point-to-Point Tunneling ProtocolCVE-2022-35769Windows Point-to-Point Protocol (PPP) Denial of Service VulnerabilityImportant
Role: Windows Fax ServiceCVE-2022-34690Windows Fax Service Elevation of Privilege VulnerabilityImportant
Role: Windows Hyper-VCVE-2022-34696Windows Hyper-V Remote Code Execution VulnerabilityCritical
Role: Windows Hyper-VCVE-2022-35751Windows Hyper-V Elevation of Privilege VulnerabilityImportant
System Center Operations ManagerCVE-2022-33640System Center Operations Manager: Open Management Infrastructure (OMI) Elevation of Privilege VulnerabilityImportant
Visual StudioCVE-2022-35827Visual Studio Remote Code Execution VulnerabilityImportant
Visual StudioCVE-2022-35777Visual Studio Remote Code Execution VulnerabilityImportant
Visual StudioCVE-2022-35825Visual Studio Remote Code Execution VulnerabilityImportant
Visual StudioCVE-2022-35826Visual Studio Remote Code Execution VulnerabilityImportant
Windows Bluetooth ServiceCVE-2022-30144Windows Bluetooth Service Remote Code Execution VulnerabilityImportant
Windows Canonical Display DriverCVE-2022-35750Win32k Elevation of Privilege VulnerabilityImportant
Windows Cloud Files Mini Filter DriverCVE-2022-35757Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityImportant
Windows Defender Credential GuardCVE-2022-35771Windows Defender Credential Guard Elevation of Privilege VulnerabilityImportant
Windows Defender Credential GuardCVE-2022-34705Windows Defender Credential Guard Elevation of Privilege VulnerabilityImportant
Windows Defender Credential GuardCVE-2022-34710Windows Defender Credential Guard Information Disclosure VulnerabilityImportant
Windows Defender Credential GuardCVE-2022-34709Windows Defender Credential Guard Security Feature Bypass VulnerabilityImportant
Windows Defender Credential GuardCVE-2022-34704Windows Defender Credential Guard Information Disclosure VulnerabilityImportant
Windows Defender Credential GuardCVE-2022-34712Windows Defender Credential Guard Information Disclosure VulnerabilityImportant
Windows Digital MediaCVE-2022-35746Windows Digital Media Receiver Elevation of Privilege VulnerabilityImportant
Windows Digital MediaCVE-2022-35749Windows Digital Media Receiver Elevation of Privilege VulnerabilityImportant
Windows Error ReportingCVE-2022-35795Windows Error Reporting Service Elevation of Privilege VulnerabilityImportant
Windows HelloCVE-2022-35797Windows Hello Security Feature Bypass VulnerabilityImportant
Windows Internet Information ServicesCVE-2022-35748HTTP.sys Denial of Service VulnerabilityImportant
Windows KerberosCVE-2022-35756Windows Kerberos Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2022-35761Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2022-35768Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2022-34708Windows Kernel Information Disclosure VulnerabilityImportant
Windows KernelCVE-2022-34707Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2022-35804SMB Client and Server Remote Code Execution VulnerabilityCritical
Windows KernelCVE-2022-30197Windows Kernel Information Disclosure VulnerabilityImportant
Windows KernelCVE-2022-35758Windows Kernel Memory Information Disclosure VulnerabilityImportant
Windows Local Security Authority (LSA)CVE-2022-34706Windows Local Security Authority (LSA) Elevation of Privilege VulnerabilityImportant
Windows Local Security Authority (LSA)CVE-2022-35759Windows Local Security Authority (LSA) Denial of Service VulnerabilityImportant
Windows Network File SystemCVE-2022-34715Windows Network File System Remote Code Execution VulnerabilityImportant
Windows Partition Management DriverCVE-2022-33670Windows Partition Management Driver Elevation of Privilege VulnerabilityImportant
Windows Partition Management DriverCVE-2022-34703Windows Partition Management Driver Elevation of Privilege VulnerabilityImportant
Windows Point-to-Point Tunneling ProtocolCVE-2022-30133Windows Point-to-Point Protocol (PPP) Remote Code Execution VulnerabilityCritical
Windows Point-to-Point Tunneling ProtocolCVE-2022-35747Windows Point-to-Point Protocol (PPP) Denial of Service VulnerabilityImportant
Windows Point-to-Point Tunneling ProtocolCVE-2022-35744Windows Point-to-Point Protocol (PPP) Remote Code Execution VulnerabilityCritical
Windows Print Spooler ComponentsCVE-2022-35793Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2022-35755Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Secure BootCVE-2022-34301CERT/CC: CVE-2022-34301 Eurosoft Boot Loader BypassImportant
Windows Secure BootCVE-2022-34302CERT/CC: CVE-2022-34302 New Horizon Data Systems Inc Boot Loader BypassImportant
Windows Secure BootCVE-2022-34303CERT/CC: CVE-20220-34303 Crypto Pro Boot Loader BypassImportant
Windows Secure Socket Tunneling Protocol (SSTP)CVE-2022-35745Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution VulnerabilityCritical
Windows Secure Socket Tunneling Protocol (SSTP)CVE-2022-35766Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution VulnerabilityCritical
Windows Secure Socket Tunneling Protocol (SSTP)CVE-2022-35794Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution VulnerabilityCritical
Windows Secure Socket Tunneling Protocol (SSTP)CVE-2022-34701Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service VulnerabilityImportant
Windows Secure Socket Tunneling Protocol (SSTP)CVE-2022-34714Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution VulnerabilityCritical
Windows Secure Socket Tunneling Protocol (SSTP)CVE-2022-34702Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution VulnerabilityCritical
Windows Secure Socket Tunneling Protocol (SSTP)CVE-2022-35767Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution VulnerabilityCritical
Windows Storage Spaces DirectCVE-2022-35762Storage Spaces Direct Elevation of Privilege VulnerabilityImportant
Windows Storage Spaces DirectCVE-2022-35765Storage Spaces Direct Elevation of Privilege VulnerabilityImportant
Windows Storage Spaces DirectCVE-2022-35792Storage Spaces Direct Elevation of Privilege VulnerabilityImportant
Windows Storage Spaces DirectCVE-2022-35763Storage Spaces Direct Elevation of Privilege VulnerabilityImportant
Windows Storage Spaces DirectCVE-2022-35764Storage Spaces Direct Elevation of Privilege VulnerabilityImportant
Windows Unified Write FilterCVE-2022-35754Unified Write Filter Elevation of Privilege VulnerabilityImportant
Windows WebBrowser ControlCVE-2022-30194Windows WebBrowser Control Remote Code Execution VulnerabilityImportant
Windows Win32KCVE-2022-34699Windows Win32k Elevation of Privilege VulnerabilityImportant

Kaynak: bleepingcomputer.com

İlgili Makaleler

Bir yanıt yazın

E-posta adresiniz yayınlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir

Başa dön tuşu