Microsoft bu ay yayınladığı Patch Tuesday güncellemeleri ile 4 zero day ve toplam 79 zafiyeti kapattı.
Kapatılan zafiyetler aşağıdaki gibi:
- 30 Elevation of Privilege Vulnerabilities
- 4 Security Feature Bypass Vulnerabilities
- 23 Remote Code Execution Vulnerabilities
- 11 Information Disclosure Vulnerabilities
- 8 Denial of Service Vulnerabilities
- 3 Spoofing Vulnerabilities
Dört Zero Day Kapatıldı
CVE-2024-38014 – Windows Installer Elevation of Privilege Vulnerability
CVE-2024-38217 – Windows Mark of the Web Security Feature Bypass Vulnerability
CVE-2024-38226 – Microsoft Publisher Security Feature Bypass Vulnerability
CVE-2024-43491 – Microsoft Windows Update Remote Code Execution Vulnerability
Eylül 2024 Patch Tuesday Güvenlik Güncellemelerinin Tam Listesi
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| Azure CycleCloud | CVE-2024-43469 | Azure CycleCloud Remote Code Execution Vulnerability | Important |
| Azure Network Watcher | CVE-2024-38188 | Azure Network Watcher VM Agent Elevation of Privilege Vulnerability | Important |
| Azure Network Watcher | CVE-2024-43470 | Azure Network Watcher VM Agent Elevation of Privilege Vulnerability | Important |
| Azure Stack | CVE-2024-38216 | Azure Stack Hub Elevation of Privilege Vulnerability | Critical |
| Azure Stack | CVE-2024-38220 | Azure Stack Hub Elevation of Privilege Vulnerability | Critical |
| Azure Web Apps | CVE-2024-38194 | Azure Web Apps Elevation of Privilege Vulnerability | Critical |
| Dynamics Business Central | CVE-2024-38225 | Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability | Important |
| Microsoft AutoUpdate (MAU) | CVE-2024-43492 | Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability | Important |
| Microsoft Dynamics 365 (on-premises) | CVE-2024-43476 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important |
| Microsoft Graphics Component | CVE-2024-38247 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
| Microsoft Graphics Component | CVE-2024-38250 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
| Microsoft Graphics Component | CVE-2024-38249 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
| Microsoft Management Console | CVE-2024-38259 | Microsoft Management Console Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2024-43465 | Microsoft Excel Elevation of Privilege Vulnerability | Important |
| Microsoft Office Publisher | CVE-2024-38226 | Microsoft Publisher Security Feature Bypass Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2024-38227 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2024-43464 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Critical |
| Microsoft Office SharePoint | CVE-2024-38018 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Critical |
| Microsoft Office SharePoint | CVE-2024-38228 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2024-43466 | Microsoft SharePoint Server Denial of Service Vulnerability | Important |
| Microsoft Office Visio | CVE-2024-43463 | Microsoft Office Visio Remote Code Execution Vulnerability | Important |
| Microsoft Outlook for iOS | CVE-2024-43482 | Microsoft Outlook for iOS Information Disclosure Vulnerability | Important |
| Microsoft Streaming Service | CVE-2024-38245 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability | Important |
| Microsoft Streaming Service | CVE-2024-38241 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability | Important |
| Microsoft Streaming Service | CVE-2024-38242 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability | Important |
| Microsoft Streaming Service | CVE-2024-38244 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability | Important |
| Microsoft Streaming Service | CVE-2024-38243 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability | Important |
| Microsoft Streaming Service | CVE-2024-38237 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | Important |
| Microsoft Streaming Service | CVE-2024-38238 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability | Important |
| Power Automate | CVE-2024-43479 | Microsoft Power Automate Desktop Remote Code Execution Vulnerability | Important |
| Role: Windows Hyper-V | CVE-2024-38235 | Windows Hyper-V Denial of Service Vulnerability | Important |
| SQL Server | CVE-2024-37338 | Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-37980 | Microsoft SQL Server Elevation of Privilege Vulnerability | Important |
| SQL Server | CVE-2024-26191 | Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-37339 | Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-37337 | Microsoft SQL Server Native Scoring Information Disclosure Vulnerability | Important |
| SQL Server | CVE-2024-26186 | Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-37342 | Microsoft SQL Server Native Scoring Information Disclosure Vulnerability | Important |
| SQL Server | CVE-2024-43474 | Microsoft SQL Server Information Disclosure Vulnerability | Important |
| SQL Server | CVE-2024-37335 | Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-37966 | Microsoft SQL Server Native Scoring Information Disclosure Vulnerability | Important |
| SQL Server | CVE-2024-37340 | Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-37965 | Microsoft SQL Server Elevation of Privilege Vulnerability | Important |
| SQL Server | CVE-2024-37341 | Microsoft SQL Server Elevation of Privilege Vulnerability | Important |
| Windows Admin Center | CVE-2024-43475 | Microsoft Windows Admin Center Information Disclosure Vulnerability | Important |
| Windows AllJoyn API | CVE-2024-38257 | Microsoft AllJoyn API Information Disclosure Vulnerability | Important |
| Windows Authentication Methods | CVE-2024-38254 | Windows Authentication Information Disclosure Vulnerability | Important |
| Windows DHCP Server | CVE-2024-38236 | DHCP Server Service Denial of Service Vulnerability | Important |
| Windows Installer | CVE-2024-38014 | Windows Installer Elevation of Privilege Vulnerability | Important |
| Windows Kerberos | CVE-2024-38239 | Windows Kerberos Elevation of Privilege Vulnerability | Important |
| Windows Kernel-Mode Drivers | CVE-2024-38256 | Windows Kernel-Mode Driver Information Disclosure Vulnerability | Important |
| Windows Libarchive | CVE-2024-43495 | Windows libarchive Remote Code Execution Vulnerability | Important |
| Windows Mark of the Web (MOTW) | CVE-2024-38217 | Windows Mark of the Web Security Feature Bypass Vulnerability | Important |
| Windows Mark of the Web (MOTW) | CVE-2024-43487 | Windows Mark of the Web Security Feature Bypass Vulnerability | Moderate |
| Windows MSHTML Platform | CVE-2024-43461 | Windows MSHTML Platform Spoofing Vulnerability | Important |
| Windows Network Address Translation (NAT) | CVE-2024-38119 | Windows Network Address Translation (NAT) Remote Code Execution Vulnerability | Critical |
| Windows Network Virtualization | CVE-2024-38232 | Windows Networking Denial of Service Vulnerability | Important |
| Windows Network Virtualization | CVE-2024-38233 | Windows Networking Denial of Service Vulnerability | Important |
| Windows Network Virtualization | CVE-2024-38234 | Windows Networking Denial of Service Vulnerability | Important |
| Windows Network Virtualization | CVE-2024-43458 | Windows Networking Information Disclosure Vulnerability | Important |
| Windows PowerShell | CVE-2024-38046 | PowerShell Elevation of Privilege Vulnerability | Important |
| Windows Remote Access Connection Manager | CVE-2024-38240 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | Important |
| Windows Remote Desktop Licensing Service | CVE-2024-38231 | Windows Remote Desktop Licensing Service Denial of Service Vulnerability | Important |
| Windows Remote Desktop Licensing Service | CVE-2024-38258 | Windows Remote Desktop Licensing Service Information Disclosure Vulnerability | Important |
| Windows Remote Desktop Licensing Service | CVE-2024-43467 | Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | Important |
| Windows Remote Desktop Licensing Service | CVE-2024-43454 | Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | Important |
| Windows Remote Desktop Licensing Service | CVE-2024-38263 | Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | Important |
| Windows Remote Desktop Licensing Service | CVE-2024-38260 | Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | Important |
| Windows Remote Desktop Licensing Service | CVE-2024-43455 | Windows Remote Desktop Licensing Service Spoofing Vulnerability | Important |
| Windows Security Zone Mapping | CVE-2024-30073 | Windows Security Zone Mapping Security Feature Bypass Vulnerability | Important |
| Windows Setup and Deployment | CVE-2024-43457 | Windows Setup and Deployment Elevation of Privilege Vulnerability | Important |
| Windows Standards-Based Storage Management Service | CVE-2024-38230 | Windows Standards-Based Storage Management Service Denial of Service Vulnerability | Important |
| Windows Storage | CVE-2024-38248 | Windows Storage Elevation of Privilege Vulnerability | Important |
| Windows TCP/IP | CVE-2024-21416 | Windows TCP/IP Remote Code Execution Vulnerability | Important |
| Windows TCP/IP | CVE-2024-38045 | Windows TCP/IP Remote Code Execution Vulnerability | Important |
| Windows Update | CVE-2024-43491 | Microsoft Windows Update Remote Code Execution Vulnerability | Critical |
| Windows Win32K – GRFX | CVE-2024-38246 | Win32k Elevation of Privilege Vulnerability | Important |
| Windows Win32K – ICOMP | CVE-2024-38252 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | Important |
| Windows Win32K – ICOMP | CVE-2024-38253 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | Important |
