Haberler

Microsoft 7 Adet Zero-Day Zafiyeti İçin Güncelleme Yayınladı

Microsoft, bu ay yayınladığı güncellemeler ile toplam da 50 adet zafiyeti kapattı. Güncelleme yayınlanan zafiyetler arasında 7 adet zero-day bulunmakta.

Güncelleme yayınlanan 7 adet zero-day zafiyetleri ise şöyle:

  • CVE-2021-31955 – Windows Kernel Information Disclosure Vulnerability 
  • CVE-2021-31956 – Windows NTFS Elevation of Privilege Vulnerability
  • CVE-2021-33739 – Microsoft DWM Core Library Elevation of Privilege Vulnerability
  • CVE-2021-33742 – Windows MSHTML Platform Remote Code Execution Vulnerability
  • CVE-2021-31199 – Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability
  • CVE-2021-31201 – Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability
  • CVE-2021-31968 – Windows Remote Desktop Services Denial of Service Vulnerability

Zafiyetlerden CVE-2021-31955  ve CVE-2021-31956 olan iki zero-day’in saldırganlar tarafından PuzzleMaker olarak bilinen APT grubu tarafından kullanıldığı rapor edildi.

Tüm yayınlanan güncelleme listesi ise şöyle:

TagCVE IDCVE TitleSeverity
.NET Core & Visual StudioCVE-2021-31957.NET Core and Visual Studio Denial of Service VulnerabilityImportant
3D ViewerCVE-2021-319423D Viewer Remote Code Execution VulnerabilityImportant
3D ViewerCVE-2021-319433D Viewer Remote Code Execution VulnerabilityImportant
3D ViewerCVE-2021-319443D Viewer Information Disclosure VulnerabilityImportant
Microsoft DWM Core LibraryCVE-2021-33739Microsoft DWM Core Library Elevation of Privilege VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2021-33741Microsoft Edge (Chromium-based) Elevation of Privilege VulnerabilityImportant
Microsoft IntuneCVE-2021-31980Microsoft Intune Management Extension Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2021-31940Microsoft Office Graphics Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2021-31941Microsoft Office Graphics Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2021-31939Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office OutlookCVE-2021-31949Microsoft Outlook Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2021-31964Microsoft SharePoint Server Spoofing VulnerabilityImportant
Microsoft Office SharePointCVE-2021-31963Microsoft SharePoint Server Remote Code Execution VulnerabilityCritical
Microsoft Office SharePointCVE-2021-31950Microsoft SharePoint Server Spoofing VulnerabilityImportant
Microsoft Office SharePointCVE-2021-31948Microsoft SharePoint Server Spoofing VulnerabilityImportant
Microsoft Office SharePointCVE-2021-31966Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2021-31965Microsoft SharePoint Server Information Disclosure VulnerabilityImportant
Microsoft Office SharePointCVE-2021-26420Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
Microsoft Scripting EngineCVE-2021-31959Scripting Engine Memory Corruption VulnerabilityCritical
Microsoft Windows Codecs LibraryCVE-2021-31967VP9 Video Extensions Remote Code Execution VulnerabilityCritical
Paint 3DCVE-2021-31946Paint 3D Remote Code Execution VulnerabilityImportant
Paint 3DCVE-2021-31983Paint 3D Remote Code Execution VulnerabilityImportant
Paint 3DCVE-2021-31945Paint 3D Remote Code Execution VulnerabilityImportant
Role: Hyper-VCVE-2021-31977Windows Hyper-V Denial of Service VulnerabilityImportant
Visual Studio Code – Kubernetes ToolsCVE-2021-31938Microsoft VsCode Kubernetes Tools Extension Elevation of Privilege VulnerabilityImportant
Windows Bind Filter DriverCVE-2021-31960Windows Bind Filter Driver Information Disclosure VulnerabilityImportant
Windows Common Log File System DriverCVE-2021-31954Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
Windows Cryptographic ServicesCVE-2021-31201Microsoft Enhanced Cryptographic Provider Elevation of Privilege VulnerabilityImportant
Windows Cryptographic ServicesCVE-2021-31199Microsoft Enhanced Cryptographic Provider Elevation of Privilege VulnerabilityImportant
Windows DCOM ServerCVE-2021-26414Windows DCOM Server Security Feature BypassImportant
Windows DefenderCVE-2021-31978Microsoft Defender Denial of Service VulnerabilityImportant
Windows DefenderCVE-2021-31985Microsoft Defender Remote Code Execution VulnerabilityCritical
Windows DriversCVE-2021-31969Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityImportant
Windows Event Logging ServiceCVE-2021-31972Event Tracing for Windows Information Disclosure VulnerabilityImportant
Windows Filter ManagerCVE-2021-31953Windows Filter Manager Elevation of Privilege VulnerabilityImportant
Windows HTML PlatformCVE-2021-31971Windows HTML Platform Security Feature Bypass VulnerabilityImportant
Windows InstallerCVE-2021-31973Windows GPSVC Elevation of Privilege VulnerabilityImportant
Windows KerberosCVE-2021-31962Kerberos AppContainer Security Feature Bypass VulnerabilityImportant
Windows KernelCVE-2021-31951Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2021-31955Windows Kernel Information Disclosure VulnerabilityImportant
Windows Kernel-Mode DriversCVE-2021-31952Windows Kernel-Mode Driver Elevation of Privilege VulnerabilityImportant
Windows MSHTML PlatformCVE-2021-33742Windows MSHTML Platform Remote Code Execution VulnerabilityCritical
Windows Network File SystemCVE-2021-31975Server for NFS Information Disclosure VulnerabilityImportant
Windows Network File SystemCVE-2021-31974Server for NFS Denial of Service VulnerabilityImportant
Windows Network File SystemCVE-2021-31976Server for NFS Information Disclosure VulnerabilityImportant
Windows NTFSCVE-2021-31956Windows NTFS Elevation of Privilege VulnerabilityImportant
Windows NTLMCVE-2021-31958Windows NTLM Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2021-1675Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Remote DesktopCVE-2021-31968Windows Remote Desktop Services Denial of Service VulnerabilityImportant
Windows TCP/IPCVE-2021-31970Windows TCP/IP Driver Security Feature Bypass VulnerabilityImportant

Kaynak: bleepingcomputer.com

Bir cevap yazın

E-posta hesabınız yayımlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir

Başa dön tuşu

Reklam Engelleyici Algılandı

ÇözümPark Bilişim Portalı gönüllü bir organizasyon olup tek gelir kaynağı reklamlardır. Bu nedenle siteyi gezerken lütfen reklam engelleme eklentinizi kapatın veya Çözümpark web sitesi için izin tanımı yapın. Anlayışınız için teşekkürler.