Haberler

Microsoft Ekim 2023 Patch Tuesday: 3 Zero-Day, 104 Zafiyet Kapatıldı

Mehmet Sait YILMAZ fotoğrafı Mehmet Sait YILMAZ Bir e-posta göndermek 10/10/2023
0 4 dakika okuma süresi

Microsoft bu ay yayınladığı Patch Tuesday güncellemeleri ile 4 adet zero-day güvenlik açığı ve toplam 104 zafiyeti kapattı.

Bu ay yayınlanan güncellemerde düzeltilen 104 güvenlik açığından 2’si kritik olarak olarak sınıflandırıdı ve 45 RCE zafiyeti kapatıldı.

Kapatılan zafiyetler aşağıdaki gibidir:

  • 26 Elevation of Privilege Vulnerabilities
  • 3 Security Feature Bypass Vulnerabilities
  • 45 Remote Code Execution Vulnerabilities
  • 12 Information Disclosure Vulnerabilities
  • 17 Denial of Service Vulnerabilities
  • 1 Spoofing Vulnerabilities

Aktif olarak kullanılan üç zero-day kapatıldı

CVE-2023-41763  – Skype for Business Elevation of Privilege Vulnerability

CVE-2023-36563 – Microsoft WordPad Information Disclosure Vulnerability

CVE-2023-44487 – HTTP/2 Rapid Reset Attack

Ekim 2023 Patch Tuesday Güvenlik Güncellemelerinin Tam Listesi

TagCVE IDCVE TitleSeverity
Active Directory Domain ServicesCVE-2023-36722Active Directory Domain Services Information Disclosure VulnerabilityImportant
AzureCVE-2023-36737Azure Network Watcher VM Agent Elevation of Privilege VulnerabilityImportant
AzureCVE-2023-36419Azure HDInsight Apache Oozie Workflow Scheduler Elevation of Privilege VulnerabilityImportant
Azure DevOpsCVE-2023-36561Azure DevOps Server Elevation of Privilege VulnerabilityImportant
Azure Real Time Operating SystemCVE-2023-36418Azure RTOS GUIX Studio Remote Code Execution VulnerabilityImportant
Azure SDKCVE-2023-36414Azure Identity SDK Remote Code Execution VulnerabilityImportant
Azure SDKCVE-2023-36415Azure Identity SDK Remote Code Execution VulnerabilityImportant
Client Server Run-time Subsystem (CSRSS)CVE-2023-41766Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege VulnerabilityImportant
HTTP/2CVE-2023-44487MITRE: CVE-2023-44487 HTTP/2 Rapid Reset AttackImportant
Microsoft Common Data Model SDKCVE-2023-36566Microsoft Common Data Model SDK Denial of Service VulnerabilityImportant
Microsoft DynamicsCVE-2023-36429Microsoft Dynamics 365 (On-Premises) Information Disclosure VulnerabilityImportant
Microsoft DynamicsCVE-2023-36416Microsoft Dynamics 365 (on-premises) Cross-site Scripting VulnerabilityImportant
Microsoft DynamicsCVE-2023-36433Microsoft Dynamics 365 (On-Premises) Information Disclosure VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2023-5346Chromium: CVE-2023-5346 Type Confusion in V8Unknown
Microsoft Exchange ServerCVE-2023-36778Microsoft Exchange Server Remote Code Execution VulnerabilityImportant
Microsoft Graphics ComponentCVE-2023-36594Windows Graphics Component Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2023-38159Windows Graphics Component Elevation of Privilege VulnerabilityImportant
Microsoft OfficeCVE-2023-36565Microsoft Office Graphics Elevation of Privilege VulnerabilityImportant
Microsoft OfficeCVE-2023-36569Microsoft Office Elevation of Privilege VulnerabilityImportant
Microsoft OfficeCVE-2023-36568Microsoft Office Click-To-Run Elevation of Privilege VulnerabilityImportant
Microsoft QUICCVE-2023-38171Microsoft QUIC Denial of Service VulnerabilityImportant
Microsoft QUICCVE-2023-36435Microsoft QUIC Denial of Service VulnerabilityImportant
Microsoft WDAC OLE DB provider for SQLCVE-2023-36577Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution VulnerabilityImportant
Microsoft Windows Media FoundationCVE-2023-36710Windows Media Foundation Core Remote Code Execution VulnerabilityImportant
Microsoft Windows Search ComponentCVE-2023-36564Windows Search Security Feature Bypass VulnerabilityImportant
Microsoft WordPadCVE-2023-36563Microsoft WordPad Information Disclosure VulnerabilityImportant
Skype for BusinessCVE-2023-36786Skype for Business Remote Code Execution VulnerabilityImportant
Skype for BusinessCVE-2023-36780Skype for Business Remote Code Execution VulnerabilityImportant
Skype for BusinessCVE-2023-36789Skype for Business Remote Code Execution VulnerabilityImportant
Skype for BusinessCVE-2023-41763Skype for Business Elevation of Privilege VulnerabilityImportant
SQL ServerCVE-2023-36728Microsoft SQL Server Denial of Service VulnerabilityImportant
SQL ServerCVE-2023-36417Microsoft SQL ODBC Driver Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2023-36785Microsoft ODBC Driver for SQL Server Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2023-36598Microsoft WDAC ODBC Driver Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2023-36730Microsoft ODBC Driver for SQL Server Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2023-36420Microsoft ODBC Driver for SQL Server Remote Code Execution VulnerabilityImportant
Windows Active Template LibraryCVE-2023-36585Active Template Library Denial of Service VulnerabilityImportant
Windows AllJoyn APICVE-2023-36709Microsoft AllJoyn API Denial of Service VulnerabilityImportant
Windows Client/Server Runtime SubsystemCVE-2023-36902Windows Runtime Remote Code Execution VulnerabilityImportant
Windows Common Log File System DriverCVE-2023-36713Windows Common Log File System Driver Information Disclosure VulnerabilityImportant
Windows Container Manager ServiceCVE-2023-36723Windows Container Manager Service Elevation of Privilege VulnerabilityImportant
Windows Deployment ServicesCVE-2023-36707Windows Deployment Services Denial of Service VulnerabilityImportant
Windows Deployment ServicesCVE-2023-36567Windows Deployment Services Information Disclosure VulnerabilityImportant
Windows Deployment ServicesCVE-2023-36706Windows Deployment Services Information Disclosure VulnerabilityImportant
Windows DHCP ServerCVE-2023-36703DHCP Server Service Denial of Service VulnerabilityImportant
Windows Error ReportingCVE-2023-36721Windows Error Reporting Service Elevation of Privilege VulnerabilityImportant
Windows HTML PlatformCVE-2023-36436Windows MSHTML Platform Remote Code Execution VulnerabilityImportant
Windows HTML PlatformCVE-2023-36557PrintHTML API Remote Code Execution VulnerabilityImportant
Windows IISCVE-2023-36434Windows IIS Server Elevation of Privilege VulnerabilityImportant
Windows IKE ExtensionCVE-2023-36726Windows Internet Key Exchange (IKE) Extension Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2023-36576Windows Kernel Information Disclosure VulnerabilityImportant
Windows KernelCVE-2023-36712Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2023-36698Windows Kernel Security Feature Bypass VulnerabilityImportant
Windows Layer 2 Tunneling ProtocolCVE-2023-41770Layer 2 Tunneling Protocol Remote Code Execution VulnerabilityCritical
Windows Layer 2 Tunneling ProtocolCVE-2023-41765Layer 2 Tunneling Protocol Remote Code Execution VulnerabilityCritical
Windows Layer 2 Tunneling ProtocolCVE-2023-41767Layer 2 Tunneling Protocol Remote Code Execution VulnerabilityCritical
Windows Layer 2 Tunneling ProtocolCVE-2023-38166Layer 2 Tunneling Protocol Remote Code Execution VulnerabilityCritical
Windows Layer 2 Tunneling ProtocolCVE-2023-41774Layer 2 Tunneling Protocol Remote Code Execution VulnerabilityCritical
Windows Layer 2 Tunneling ProtocolCVE-2023-41773Layer 2 Tunneling Protocol Remote Code Execution VulnerabilityCritical
Windows Layer 2 Tunneling ProtocolCVE-2023-41771Layer 2 Tunneling Protocol Remote Code Execution VulnerabilityCritical
Windows Layer 2 Tunneling ProtocolCVE-2023-41769Layer 2 Tunneling Protocol Remote Code Execution VulnerabilityCritical
Windows Layer 2 Tunneling ProtocolCVE-2023-41768Layer 2 Tunneling Protocol Remote Code Execution VulnerabilityCritical
Windows Mark of the Web (MOTW)CVE-2023-36584Windows Mark of the Web Security Feature Bypass VulnerabilityImportant
Windows Message QueuingCVE-2023-36571Microsoft Message Queuing Remote Code Execution VulnerabilityImportant
Windows Message QueuingCVE-2023-36570Microsoft Message Queuing Remote Code Execution VulnerabilityImportant
Windows Message QueuingCVE-2023-36431Microsoft Message Queuing Denial of Service VulnerabilityImportant
Windows Message QueuingCVE-2023-35349Microsoft Message Queuing Remote Code Execution VulnerabilityCritical
Windows Message QueuingCVE-2023-36591Microsoft Message Queuing Remote Code Execution VulnerabilityImportant
Windows Message QueuingCVE-2023-36590Microsoft Message Queuing Remote Code Execution VulnerabilityImportant
Windows Message QueuingCVE-2023-36589Microsoft Message Queuing Remote Code Execution VulnerabilityImportant
Windows Message QueuingCVE-2023-36583Microsoft Message Queuing Remote Code Execution VulnerabilityImportant
Windows Message QueuingCVE-2023-36592Microsoft Message Queuing Remote Code Execution VulnerabilityImportant
Windows Message QueuingCVE-2023-36697Microsoft Message Queuing Remote Code Execution VulnerabilityCritical
Windows Message QueuingCVE-2023-36606Microsoft Message Queuing Denial of Service VulnerabilityImportant
Windows Message QueuingCVE-2023-36593Microsoft Message Queuing Remote Code Execution VulnerabilityImportant
Windows Message QueuingCVE-2023-36582Microsoft Message Queuing Remote Code Execution VulnerabilityImportant
Windows Message QueuingCVE-2023-36574Microsoft Message Queuing Remote Code Execution VulnerabilityImportant
Windows Message QueuingCVE-2023-36575Microsoft Message Queuing Remote Code Execution VulnerabilityImportant
Windows Message QueuingCVE-2023-36573Microsoft Message Queuing Remote Code Execution VulnerabilityImportant
Windows Message QueuingCVE-2023-36572Microsoft Message Queuing Remote Code Execution VulnerabilityImportant
Windows Message QueuingCVE-2023-36581Microsoft Message Queuing Denial of Service VulnerabilityImportant
Windows Message QueuingCVE-2023-36579Microsoft Message Queuing Denial of Service VulnerabilityImportant
Windows Message QueuingCVE-2023-36578Microsoft Message Queuing Remote Code Execution VulnerabilityImportant
Windows Microsoft DirectMusicCVE-2023-36702Microsoft DirectMusic Remote Code Execution VulnerabilityImportant
Windows Mixed Reality Developer ToolsCVE-2023-36720Windows Mixed Reality Developer Tools Denial of Service VulnerabilityImportant
Windows Named Pipe File SystemCVE-2023-36729Named Pipe File System Elevation of Privilege VulnerabilityImportant
Windows Named Pipe File SystemCVE-2023-36605Windows Named Pipe Filesystem Elevation of Privilege VulnerabilityImportant
Windows NT OS KernelCVE-2023-36725Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows Power Management ServiceCVE-2023-36724Windows Power Management Service Information Disclosure VulnerabilityImportant
Windows RDPCVE-2023-36790Windows RDP Encoder Mirror Driver Elevation of Privilege VulnerabilityImportant
Windows RDPCVE-2023-29348Windows Remote Desktop Gateway (RD Gateway) Information Disclosure VulnerabilityImportant
Windows Remote Procedure CallCVE-2023-36596Remote Procedure Call Information Disclosure VulnerabilityImportant
Windows Resilient File System (ReFS)CVE-2023-36701Microsoft Resilient File System (ReFS) Elevation of Privilege VulnerabilityImportant
Windows Runtime C++ Template LibraryCVE-2023-36711Windows Runtime C++ Template Library Elevation of Privilege VulnerabilityImportant
Windows Setup Files CleanupCVE-2023-36704Windows Setup Files Cleanup Remote Code Execution VulnerabilityImportant
Windows TCP/IPCVE-2023-36438Windows TCP/IP Information Disclosure VulnerabilityImportant
Windows TCP/IPCVE-2023-36603Windows TCP/IP Denial of Service VulnerabilityImportant
Windows TCP/IPCVE-2023-36602Windows TCP/IP Denial of Service VulnerabilityImportant
Windows TPMCVE-2023-36717Windows Virtual Trusted Platform Module Denial of Service VulnerabilityImportant
Windows Virtual Trusted Platform ModuleCVE-2023-36718Microsoft Virtual Trusted Platform Module Remote Code Execution VulnerabilityCritical
Windows Win32KCVE-2023-36731Win32k Elevation of Privilege VulnerabilityImportant
Windows Win32KCVE-2023-36732Win32k Elevation of Privilege VulnerabilityImportant
Windows Win32KCVE-2023-36776Win32k Elevation of Privilege VulnerabilityImportant
Windows Win32KCVE-2023-36743Win32k Elevation of Privilege VulnerabilityImportant
Windows Win32KCVE-2023-41772Win32k Elevation of Privilege VulnerabilityImportant
Mehmet Sait YILMAZ fotoğrafı Mehmet Sait YILMAZ Bir e-posta göndermek 10/10/2023
0 4 dakika okuma süresi
Mehmet Sait YILMAZ fotoğrafı

Mehmet Sait YILMAZ

İlgili Makaleler

Cisco’dan Kritik Zafiyet Uyarısı!

18/04/2024

Kullanıcıların Dikkatine: PuTTY SSH’da Önemli Bir Güvenlik Açığı Tespit Edildi

17/04/2024

Microsoft Nisan 2024 Güncellemeleri SQL Reporting Services’de Sorunlara Neden Oluyor

16/04/2024

iPhone Kullanıcıları Dikkat! Acilen iMessage’i Kapatın

16/04/2024

Bir yanıt yazın

E-posta adresiniz yayınlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir

Başa dön tuşu