Haberler

Microsoft Eylül 2023 Patch Tuesday: 2 Zero-Day, 59 Zafiyet Kapatıldı

Microsoft bu ay yayınladığı Patch Tuesday güncellemeleri ile 2 adet zero-day güvenlik açığı ve toplam 59 zafiyeti kapattı.

Bu ay yayınlanan güncellemerde 24 adet RCE zafiyeti kapatılırken 5 adet zafiyet kritik olarak derecelendirildi.

Kapatılan zafiyetler aşağıdaki gibidir

  • 3 Security Feature Bypass Vulnerabilities
  • 24 Remote Code Execution Vulnerabilities
  • 9 Information Disclosure Vulnerabilities
  • 3 Denial of Service Vulnerabilities
  • 5 Spoofing Vulnerabilities
  • 5 Edge – Chromium Vulnerabilities

Aktif olarak kullanılan 2 zero-day kapatıldı

CVE-2023-36802 – Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability

Microsoft has fixed an actively exploited local privilege elevation vulnerability that allows attackers to gain SYSTEM privileges.

CVE-2023-36761 – Microsoft Word Information Disclosure Vulnerability

Microsoft has fixed an actively exploited vulnerability that can be used to steal NTLM hashes when opening a document, including in the preview pane.

Eylül 2023 Patch Tuesday Güvenlik Güncellemelerinin Tam Listesi

TagCVE IDCVE TitleSeverity
.NET and Visual StudioCVE-2023-36794Visual Studio Remote Code Execution VulnerabilityImportant
.NET and Visual StudioCVE-2023-36796Visual Studio Remote Code Execution VulnerabilityCritical
.NET and Visual StudioCVE-2023-36792Visual Studio Remote Code Execution VulnerabilityCritical
.NET and Visual StudioCVE-2023-36793Visual Studio Remote Code Execution VulnerabilityCritical
.NET Core & Visual StudioCVE-2023-36799.NET Core and Visual Studio Denial of Service VulnerabilityImportant
.NET FrameworkCVE-2023-36788.NET Framework Remote Code Execution VulnerabilityImportant
3D BuilderCVE-2023-367723D Builder Remote Code Execution VulnerabilityImportant
3D BuilderCVE-2023-367713D Builder Remote Code Execution VulnerabilityImportant
3D BuilderCVE-2023-367703D Builder Remote Code Execution VulnerabilityImportant
3D BuilderCVE-2023-367733D Builder Remote Code Execution VulnerabilityImportant
3D ViewerCVE-2022-41303AutoDesk: CVE-2022-41303 use-after-free vulnerability in Autodesk® FBX® SDK 2020 or priorImportant
3D ViewerCVE-2023-367603D Viewer Remote Code Execution VulnerabilityImportant
3D ViewerCVE-2023-367403D Viewer Remote Code Execution VulnerabilityImportant
3D ViewerCVE-2023-367393D Viewer Remote Code Execution VulnerabilityImportant
Azure DevOpsCVE-2023-33136Azure DevOps Server Remote Code Execution VulnerabilityImportant
Azure DevOpsCVE-2023-38155Azure DevOps Server Remote Code Execution VulnerabilityImportant
Azure HDInsightsCVE-2023-38156Azure HDInsight Apache Ambari Elevation of Privilege VulnerabilityImportant
Microsoft Azure Kubernetes ServiceCVE-2023-29332Microsoft Azure Kubernetes Service Elevation of Privilege VulnerabilityCritical
Microsoft DynamicsCVE-2023-38164Microsoft Dynamics 365 (on-premises) Cross-site Scripting VulnerabilityImportant
Microsoft DynamicsCVE-2023-36886Microsoft Dynamics 365 (on-premises) Cross-site Scripting VulnerabilityImportant
Microsoft Dynamics Finance & OperationsCVE-2023-36800Dynamics Finance and Operations Cross-site Scripting VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2023-4863Chromium: CVE-2023-4863 Heap buffer overflow in WebPUnknown
Microsoft Edge (Chromium-based)CVE-2023-4763Chromium: CVE-2023-4763 Use after free in NetworksUnknown
Microsoft Edge (Chromium-based)CVE-2023-4761Chromium: CVE-2023-4761 Out of bounds memory access in FedCMUnknown
Microsoft Edge (Chromium-based)CVE-2023-4764Chromium: CVE-2023-4764 Incorrect security UI in BFCacheUnknown
Microsoft Edge (Chromium-based)CVE-2023-4762Chromium: CVE-2023-4762 Type Confusion in V8Unknown
Microsoft Exchange ServerCVE-2023-36744Microsoft Exchange Server Remote Code Execution VulnerabilityImportant
Microsoft Exchange ServerCVE-2023-36756Microsoft Exchange Server Remote Code Execution VulnerabilityImportant
Microsoft Exchange ServerCVE-2023-36745Microsoft Exchange Server Remote Code Execution VulnerabilityImportant
Microsoft Exchange ServerCVE-2023-36777Microsoft Exchange Server Information Disclosure VulnerabilityImportant
Microsoft Exchange ServerCVE-2023-36757Microsoft Exchange Server Spoofing VulnerabilityImportant
Microsoft Identity Linux BrokerCVE-2023-36736Microsoft Identity Linux Broker Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2023-36767Microsoft Office Security Feature Bypass VulnerabilityImportant
Microsoft OfficeCVE-2023-36765Microsoft Office Elevation of Privilege VulnerabilityImportant
Microsoft OfficeCVE-2023-41764Microsoft Office Spoofing VulnerabilityModerate
Microsoft Office ExcelCVE-2023-36766Microsoft Excel Information Disclosure VulnerabilityImportant
Microsoft Office OutlookCVE-2023-36763Microsoft Outlook Information Disclosure VulnerabilityImportant
Microsoft Office SharePointCVE-2023-36764Microsoft SharePoint Server Elevation of Privilege VulnerabilityImportant
Microsoft Office WordCVE-2023-36761Microsoft Word Information Disclosure VulnerabilityImportant
Microsoft Office WordCVE-2023-36762Microsoft Word Remote Code Execution VulnerabilityImportant
Microsoft Streaming ServiceCVE-2023-36802Microsoft Streaming Service Proxy Elevation of Privilege VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2023-38147Windows Miracast Wireless Display Remote Code Execution VulnerabilityImportant
Visual StudioCVE-2023-36758Visual Studio Elevation of Privilege VulnerabilityImportant
Visual StudioCVE-2023-36759Visual Studio Elevation of Privilege VulnerabilityImportant
Visual Studio CodeCVE-2023-36742Visual Studio Code Remote Code Execution VulnerabilityImportant
Visual Studio CodeCVE-2023-39956Electron: CVE-2023-39956 -Visual Studio Code Remote Code Execution VulnerabilityImportant
Windows Cloud Files Mini Filter DriverCVE-2023-35355Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityImportant
Windows Common Log File System DriverCVE-2023-38143Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
Windows Common Log File System DriverCVE-2023-38144Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
Windows DefenderCVE-2023-38163Windows Defender Attack Surface Reduction Security Feature BypassImportant
Windows DHCP ServerCVE-2023-38152DHCP Server Service Information Disclosure VulnerabilityImportant
Windows DHCP ServerCVE-2023-38162DHCP Server Service Denial of Service VulnerabilityImportant
Windows DHCP ServerCVE-2023-36801DHCP Server Service Information Disclosure VulnerabilityImportant
Windows GDICVE-2023-36804Windows GDI Elevation of Privilege VulnerabilityImportant
Windows GDICVE-2023-38161Windows GDI Elevation of Privilege VulnerabilityImportant
Windows Internet Connection Sharing (ICS)CVE-2023-38148Internet Connection Sharing (ICS) Remote Code Execution VulnerabilityCritical
Windows KernelCVE-2023-38141Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2023-38142Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2023-38139Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2023-38140Windows Kernel Information Disclosure VulnerabilityImportant
Windows KernelCVE-2023-38150Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2023-36803Windows Kernel Information Disclosure VulnerabilityImportant
Windows ScriptingCVE-2023-36805Windows MSHTML Platform Security Feature Bypass VulnerabilityImportant
Windows TCP/IPCVE-2023-38160Windows TCP/IP Information Disclosure VulnerabilityImportant
Windows TCP/IPCVE-2023-38149Windows TCP/IP Denial of Service VulnerabilityImportant
Windows ThemesCVE-2023-38146Windows Themes Remote Code Execution VulnerabilityImportant

Kaynak: msrc.microsoft.com/update-guide

İlgili Makaleler

Bir yanıt yazın

E-posta adresiniz yayınlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir

Başa dön tuşu