Microsoft,Patch Tuesday’i Yayınladı 9 Zero-Day 117 Zafiyeti Kapattı

Mehmet Sait YILMAZ 15/07/2021

0 5 dakika okuma süresi

Microsoft, gelenekselleşen her ayın ikinci salısı yayınladığı güvenlik güncelleştirmelerini kapsayan Patch Tuesday’i yayınladı. Microsoft, bu ay yayınladığı güncellemeler ile 9 zero-day ve 117 zafiyeti kapattı. Microsoft, 13’ü Kritik, 1’i Orta ve 103’ü Önemli olarak sınıflandırılan 117 güvenlik açığını yamaladı. Zafiyetlere baktığımızda 117 güvenlik açığından 44’ü remote code execution , 32’si ayrıcalık yükseltme, 14’ü bilgi ifşası, 12’si Denial of Service, 8’i güvenlik atlama ve 7’si kimlik sahtekarlığı güvenlik açıklarıdır.

9 Zero-Day Kapatıldı, 4 Tanesi İstismar Edildiği Tespit Edildi

Aşağıdaki 5 Zafiyet Kamuya Açıklandı Ancak İstismar Edilmediği Belirtildi

CVE-2021-34492 – Windows Certificate Spoofing Vulnerability
CVE-2021-34523 – Microsoft Exchange Server Elevation of Privilege Vulnerability
CVE-2021-34473 – Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2021-33779 – Windows ADFS Security Feature Bypass Vulnerability
CVE-2021-33781 – Active Directory Security Feature Bypass Vulnerability

PrintNightmare Olarak Bilinen Zafiyet İstismar Edilmiş Durumda

CVE-2021-34527 – Windows Print Spooler Remote Code Execution Vulnerability

Clarified Guidance for CVE-2021-34527 #printnightmare

So I presume all is OK, and:
– you will not change UNC path detection
– RestrictDriverInstallationToAdministrators & driver no explaination?

➡️It's not, and you know it

> https://t.co/ONmlFjuhn0 pic.twitter.com/aqMDS8gdJa
— 🥝🏳️‍🌈 Benjamin Delpy (@gentilkiwi) July 9, 2021

Kamuya Açıklanmayan Ancak İstismar Edilen Zafiyetler Aşağıdaki Gibidir

CVE-2021-33771 – Windows Kernel Elevation of Privilege Vulnerability
CVE-2021-34448 – Scripting Engine Memory Corruption Vulnerability
CVE-2021-31979 – Windows Kernel Elevation of Privilege Vulnerability

Windows Hello Authentication Bypass Zafiyeti Giderildi

Bu zafiyet saldırganların yüz tanıma sistemini atlayarak sistemleri ele geçirmelerini sağlıyordu. CVE-2021-34466 kodu ile takip edilebilen zafiyet bu yayınlanan toplu güncellemeler ile kapatılmış durumda. Konu ile ilgili daha fazla bilgiye buradan ulaşabilirsiniz.

Diğer Güncelleştirmer Şöyle:

Adobe released security updates for five products.
Android’s July security updates were released last week.
Cisco released security updates for numerous products this month.
SAP released its July 2021 security updates.
VMware released security updates for ESXi and ThinApp.

Tüm Yayınlanan Güncelleme Listesi Şöyle:

Tag	CVE ID	CVE Title	Severity
Active Directory Federation Services	CVE-2021-33779	Windows ADFS Security Feature Bypass Vulnerability	Important
Common Internet File System	CVE-2021-34476	Bowser.sys Denial of Service Vulnerability	Important
Dynamics Business Central Control	CVE-2021-34474	Dynamics Business Central Remote Code Execution Vulnerability	Critical
Microsoft Bing	CVE-2021-33753	Microsoft Bing Search Spoofing Vulnerability	Important
Microsoft Exchange Server	CVE-2021-31206	Microsoft Exchange Server Remote Code Execution Vulnerability	Important
Microsoft Exchange Server	CVE-2021-34473	Microsoft Exchange Server Remote Code Execution Vulnerability	Critical
Microsoft Exchange Server	CVE-2021-33766	Microsoft Exchange Information Disclosure Vulnerability	Important
Microsoft Exchange Server	CVE-2021-34523	Microsoft Exchange Server Elevation of Privilege Vulnerability	Important
Microsoft Exchange Server	CVE-2021-31196	Microsoft Exchange Server Remote Code Execution Vulnerability	Important
Microsoft Exchange Server	CVE-2021-33768	Microsoft Exchange Server Elevation of Privilege Vulnerability	Important
Microsoft Exchange Server	CVE-2021-34470	Microsoft Exchange Server Elevation of Privilege Vulnerability	Important
Microsoft Graphics Component	CVE-2021-34440	GDI+ Information Disclosure Vulnerability	Important
Microsoft Graphics Component	CVE-2021-34489	DirectWrite Remote Code Execution Vulnerability	Important
Microsoft Graphics Component	CVE-2021-34496	Windows GDI Information Disclosure Vulnerability	Important
Microsoft Graphics Component	CVE-2021-34498	Windows GDI Elevation of Privilege Vulnerability	Important
Microsoft Graphics Component	CVE-2021-34438	Windows Font Driver Host Remote Code Execution Vulnerability	Important
Microsoft Office	CVE-2021-34469	Microsoft Office Security Feature Bypass Vulnerability	Important
Microsoft Office	CVE-2021-34451	Microsoft Office Online Server Spoofing Vulnerability	Important
Microsoft Office	CVE-2021-34452	Microsoft Word Remote Code Execution Vulnerability	Important
Microsoft Office Excel	CVE-2021-34501	Microsoft Excel Remote Code Execution Vulnerability	Important
Microsoft Office Excel	CVE-2021-34518	Microsoft Excel Remote Code Execution Vulnerability	Important
Microsoft Office SharePoint	CVE-2021-34468	Microsoft SharePoint Server Remote Code Execution Vulnerability	Important
Microsoft Office SharePoint	CVE-2021-34519	Microsoft SharePoint Server Information Disclosure Vulnerability	Moderate
Microsoft Office SharePoint	CVE-2021-34520	Microsoft SharePoint Server Remote Code Execution Vulnerability	Important
Microsoft Office SharePoint	CVE-2021-34517	Microsoft SharePoint Server Spoofing Vulnerability	Important
Microsoft Office SharePoint	CVE-2021-34467	Microsoft SharePoint Server Remote Code Execution Vulnerability	Important
Microsoft Scripting Engine	CVE-2021-34448	Scripting Engine Memory Corruption Vulnerability	Critical
Microsoft Windows Codecs Library	CVE-2021-33778	HEVC Video Extensions Remote Code Execution Vulnerability	Important
Microsoft Windows Codecs Library	CVE-2021-31947	HEVC Video Extensions Remote Code Execution Vulnerability	Important
Microsoft Windows Codecs Library	CVE-2021-33740	Windows Media Remote Code Execution Vulnerability	Critical
Microsoft Windows Codecs Library	CVE-2021-33760	Media Foundation Information Disclosure Vulnerability	Important
Microsoft Windows Codecs Library	CVE-2021-33775	HEVC Video Extensions Remote Code Execution Vulnerability	Important
Microsoft Windows Codecs Library	CVE-2021-33776	HEVC Video Extensions Remote Code Execution Vulnerability	Important
Microsoft Windows Codecs Library	CVE-2021-33777	HEVC Video Extensions Remote Code Execution Vulnerability	Important
Microsoft Windows Codecs Library	CVE-2021-34521	Raw Image Extension Remote Code Execution Vulnerability	Important
Microsoft Windows DNS	CVE-2021-34499	Windows DNS Server Denial of Service Vulnerability	Important
Microsoft Windows DNS	CVE-2021-33746	Windows DNS Server Remote Code Execution Vulnerability	Important
Microsoft Windows DNS	CVE-2021-33754	Windows DNS Server Remote Code Execution Vulnerability	Important
Microsoft Windows Media Foundation	CVE-2021-34441	Microsoft Windows Media Foundation Remote Code Execution Vulnerability	Important
Microsoft Windows Media Foundation	CVE-2021-34439	Microsoft Windows Media Foundation Remote Code Execution Vulnerability	Critical
Microsoft Windows Media Foundation	CVE-2021-34503	Microsoft Windows Media Foundation Remote Code Execution Vulnerability	Critical
OpenEnclave	CVE-2021-33767	Open Enclave SDK Elevation of Privilege Vulnerability	Important
Power BI	CVE-2021-31984	Power BI Remote Code Execution Vulnerability	Important
Role: DNS Server	CVE-2021-33749	Windows DNS Snap-in Remote Code Execution Vulnerability	Important
Role: DNS Server	CVE-2021-33745	Windows DNS Server Denial of Service Vulnerability	Important
Role: DNS Server	CVE-2021-34442	Windows DNS Server Denial of Service Vulnerability	Important
Role: DNS Server	CVE-2021-34444	Windows DNS Server Denial of Service Vulnerability	Important
Role: DNS Server	CVE-2021-34525	Windows DNS Server Remote Code Execution Vulnerability	Important
Role: DNS Server	CVE-2021-33780	Windows DNS Server Remote Code Execution Vulnerability	Important
Role: DNS Server	CVE-2021-34494	Windows DNS Server Remote Code Execution Vulnerability	Critical
Role: DNS Server	CVE-2021-33750	Windows DNS Snap-in Remote Code Execution Vulnerability	Important
Role: DNS Server	CVE-2021-33752	Windows DNS Snap-in Remote Code Execution Vulnerability	Important
Role: DNS Server	CVE-2021-33756	Windows DNS Snap-in Remote Code Execution Vulnerability	Important
Role: Hyper-V	CVE-2021-33758	Windows Hyper-V Denial of Service Vulnerability	Important
Role: Hyper-V	CVE-2021-33755	Windows Hyper-V Denial of Service Vulnerability	Important
Role: Hyper-V	CVE-2021-34450	Windows Hyper-V Remote Code Execution Vulnerability	Critical
Visual Studio Code	CVE-2021-34529	Visual Studio Code Remote Code Execution Vulnerability	Important
Visual Studio Code	CVE-2021-34528	Visual Studio Code Remote Code Execution Vulnerability	Important
Visual Studio Code	CVE-2021-34479	Microsoft Visual Studio Spoofing Vulnerability	Important
Visual Studio Code – .NET Runtime	CVE-2021-34477	Visual Studio Code .NET Runtime Elevation of Privilege Vulnerability	Important
Windows Active Directory	CVE-2021-33781	Active Directory Security Feature Bypass Vulnerability	Important
Windows Address Book	CVE-2021-34504	Windows Address Book Remote Code Execution Vulnerability	Important
Windows AF_UNIX Socket Provider	CVE-2021-33785	Windows AF_UNIX Socket Provider Denial of Service Vulnerability	Important
Windows AppContainer	CVE-2021-34459	Windows AppContainer Elevation Of Privilege Vulnerability	Important
Windows AppX Deployment Extensions	CVE-2021-34462	Windows AppX Deployment Extensions Elevation of Privilege Vulnerability	Important
Windows Authenticode	CVE-2021-33782	Windows Authenticode Spoofing Vulnerability	Important
Windows Cloud Files Mini Filter Driver	CVE-2021-33784	Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability	Important
Windows Console Driver	CVE-2021-34488	Windows Console Driver Elevation of Privilege Vulnerability	Important
Windows Defender	CVE-2021-34522	Microsoft Defender Remote Code Execution Vulnerability	Critical
Windows Defender	CVE-2021-34464	Microsoft Defender Remote Code Execution Vulnerability	Critical
Windows Desktop Bridge	CVE-2021-33759	Windows Desktop Bridge Elevation of Privilege Vulnerability	Important
Windows Event Tracing	CVE-2021-33774	Windows Event Tracing Elevation of Privilege Vulnerability	Important
Windows File History Service	CVE-2021-34455	Windows File History Service Elevation of Privilege Vulnerability	Important
Windows Hello	CVE-2021-34466	Windows Hello Security Feature Bypass Vulnerability	Important
Windows HTML Platform	CVE-2021-34446	Windows HTML Platforms Security Feature Bypass Vulnerability	Important
Windows Installer	CVE-2021-33765	Windows Installer Spoofing Vulnerability	Important
Windows Installer	CVE-2021-34511	Windows Installer Elevation of Privilege Vulnerability	Important
Windows Installer	CVE-2021-31961	Windows InstallService Elevation of Privilege Vulnerability	Important
Windows Kernel	CVE-2021-34461	Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability	Important
Windows Kernel	CVE-2021-34508	Windows Kernel Remote Code Execution Vulnerability	Important
Windows Kernel	CVE-2021-34458	Windows Kernel Remote Code Execution Vulnerability	Critical
Windows Kernel	CVE-2021-33771	Windows Kernel Elevation of Privilege Vulnerability	Important
Windows Kernel	CVE-2021-31979	Windows Kernel Elevation of Privilege Vulnerability	Important
Windows Kernel	CVE-2021-34514	Windows Kernel Elevation of Privilege Vulnerability	Important
Windows Kernel	CVE-2021-34500	Windows Kernel Memory Information Disclosure Vulnerability	Important
Windows Key Distribution Center	CVE-2021-33764	Windows Key Distribution Center Information Disclosure Vulnerability	Important
Windows Local Security Authority Subsystem Service	CVE-2021-33788	Windows LSA Denial of Service Vulnerability	Important
Windows Local Security Authority Subsystem Service	CVE-2021-33786	Windows LSA Security Feature Bypass Vulnerability	Important
Windows MSHTML Platform	CVE-2021-34497	Windows MSHTML Platform Remote Code Execution Vulnerability	Critical
Windows MSHTML Platform	CVE-2021-34447	Windows MSHTML Platform Remote Code Execution Vulnerability	Important
Windows Partition Management Driver	CVE-2021-34493	Windows Partition Management Driver Elevation of Privilege Vulnerability	Important
Windows PFX Encryption	CVE-2021-34492	Windows Certificate Spoofing Vulnerability	Important
Windows Print Spooler Components	CVE-2021-34527	Windows Print Spooler Remote Code Execution Vulnerability	Critical
Windows Projected File System	CVE-2021-33743	Windows Projected File System Elevation of Privilege Vulnerability	Important
Windows Remote Access Connection Manager	CVE-2021-34457	Windows Remote Access Connection Manager Information Disclosure Vulnerability	Important
Windows Remote Access Connection Manager	CVE-2021-33761	Windows Remote Access Connection Manager Elevation of Privilege Vulnerability	Important
Windows Remote Access Connection Manager	CVE-2021-33773	Windows Remote Access Connection Manager Elevation of Privilege Vulnerability	Important
Windows Remote Access Connection Manager	CVE-2021-33763	Windows Remote Access Connection Manager Information Disclosure Vulnerability	Important
Windows Remote Access Connection Manager	CVE-2021-34445	Windows Remote Access Connection Manager Elevation of Privilege Vulnerability	Important
Windows Remote Access Connection Manager	CVE-2021-34456	Windows Remote Access Connection Manager Elevation of Privilege Vulnerability	Important
Windows Remote Assistance	CVE-2021-34507	Windows Remote Assistance Information Disclosure Vulnerability	Important
Windows Secure Kernel Mode	CVE-2021-33744	Windows Secure Kernel Mode Security Feature Bypass Vulnerability	Important
Windows Security Account Manager	CVE-2021-33757	Windows Security Account Manager Remote Protocol Security Feature Bypass Vulnerability	Important
Windows Shell	CVE-2021-34454	Windows Remote Access Connection Manager Information Disclosure Vulnerability	Important
Windows SMB	CVE-2021-33783	Windows SMB Information Disclosure Vulnerability	Important
Windows Storage Spaces Controller	CVE-2021-33751	Storage Spaces Controller Elevation of Privilege Vulnerability	Important
Windows Storage Spaces Controller	CVE-2021-34460	Storage Spaces Controller Elevation of Privilege Vulnerability	Important
Windows Storage Spaces Controller	CVE-2021-34509	Storage Spaces Controller Information Disclosure Vulnerability	Important
Windows Storage Spaces Controller	CVE-2021-34510	Storage Spaces Controller Elevation of Privilege Vulnerability	Important
Windows Storage Spaces Controller	CVE-2021-34512	Storage Spaces Controller Elevation of Privilege Vulnerability	Important
Windows Storage Spaces Controller	CVE-2021-34513	Storage Spaces Controller Elevation of Privilege Vulnerability	Important
Windows TCP/IP	CVE-2021-31183	Windows TCP/IP Driver Denial of Service Vulnerability	Important
Windows TCP/IP	CVE-2021-33772	Windows TCP/IP Driver Denial of Service Vulnerability	Important
Windows TCP/IP	CVE-2021-34490	Windows TCP/IP Driver Denial of Service Vulnerability	Important
Windows Win32K	CVE-2021-34449	Win32k Elevation of Privilege Vulnerability	Important
Windows Win32K	CVE-2021-34516	Win32k Elevation of Privilege Vulnerability	Important
Windows Win32K	CVE-2021-34491	Win32k Information Disclosure Vulnerability	Importan

Kaynak: bleepingcomputer.com

Mehmet Sait YILMAZ 15/07/2021

0 5 dakika okuma süresi

Melih Ertaş
Mehmet hocam bu yöntemle Microsoft store engelleyebilir miyi...
Eren
resize2f komutunu bulmaya çalışıyordum uzun süredir sağolun...
Dogan
Vmware istediği parayı verir yine de Microsoft u kullanmam....
Hakan Uzuner
Onur bey yanlış anlamayın ama Azure o dediğiniz işletim sist...
Onur
Nedense bir Windows sisteminin üzerine kurulmuş olan sanalla...

Microsoft,Patch Tuesday’i Yayınladı 9 Zero-Day 117 Zafiyeti Kapattı

9 Zero-Day Kapatıldı, 4 Tanesi İstismar Edildiği Tespit Edildi

Aşağıdaki 5 Zafiyet Kamuya Açıklandı Ancak İstismar Edilmediği Belirtildi

PrintNightmare Olarak Bilinen Zafiyet İstismar Edilmiş Durumda

Kamuya Açıklanmayan Ancak İstismar Edilen Zafiyetler Aşağıdaki Gibidir

Windows Hello Authentication Bypass Zafiyeti Giderildi

Diğer Güncelleştirmer Şöyle:

Tüm Yayınlanan Güncelleme Listesi Şöyle:

Mehmet Sait YILMAZ

Bir yanıt yazın Yanıtı iptal et

Microsoft Teams Toplantıları İçin 10 İpucu

Windows 10 Üzerinde Kali Linux Kullanımı

Bir Samsung Modeli Daha Android 14 Güncellemesi Aldı. İşte Tüm Modeller!

Bir Veritabanı Sunucusuna Brute Force ile Saldırmak ve Sunucuyu Savunmak

Acı Kaybımız, Uğur Demir’ i Kaybettik

Windows 0x0000011b Ağ Yazdırma Hatası Nasıl Düzeltilir

9 Zero-Day Kapatıldı, 4 Tanesi İstismar Edildiği Tespit Edildi

Aşağıdaki 5 Zafiyet Kamuya Açıklandı Ancak İstismar Edilmediği Belirtildi

PrintNightmare Olarak Bilinen Zafiyet İstismar Edilmiş Durumda

Kamuya Açıklanmayan Ancak İstismar Edilen Zafiyetler Aşağıdaki Gibidir

Windows Hello Authentication Bypass Zafiyeti Giderildi

Diğer Güncelleştirmer Şöyle:

Tüm Yayınlanan Güncelleme Listesi Şöyle:

Mehmet Sait YILMAZ

Apple, MagSafe Pil Paketini Kullanıma Sunuyor

SonicWall EOL SMA 100 VPN İçin Acil Yama Vakti

İlgili Makaleler

Cisco’dan Kritik Zafiyet Uyarısı!

Kullanıcıların Dikkatine: PuTTY SSH’da Önemli Bir Güvenlik Açığı Tespit Edildi

Microsoft Nisan 2024 Güncellemeleri SQL Reporting Services’de Sorunlara Neden Oluyor

iPhone Kullanıcıları Dikkat! Acilen iMessage’i Kapatın

Bir yanıt yazın Yanıtı iptal et

Microsoft Teams Toplantıları İçin 10 İpucu

Windows 10 Üzerinde Kali Linux Kullanımı

Bir Samsung Modeli Daha Android 14 Güncellemesi Aldı. İşte Tüm Modeller!

Bir Veritabanı Sunucusuna Brute Force ile Saldırmak ve Sunucuyu Savunmak

Acı Kaybımız, Uğur Demir’ i Kaybettik

Windows 0x0000011b Ağ Yazdırma Hatası Nasıl Düzeltilir