Haberler

Microsoft Mart 2023 Patch Tuesday: 2 Zero-Day, 83 Zafiyet Kapatıldı

Microsoft bu ay yayınladığı Patch Tuesday güncellemeleri ile 2 adet zero-day güvenlik açığı ve toplam 83 zafiyeti kapattı.

Bu ay yayınlanan güncellemerde düzeltilen 83 güvenlik açığından 9 tanesi kritik olarak olarak sınıflandırıdı.

Kapatılan zafiyetler aşağıdaki gibidir:

  • 21 Elevation of Privilege Vulnerabilities
  • 2 Security Feature Bypass Vulnerabilities
  • 27 Remote Code Execution Vulnerabilities
  • 15 Information Disclosure Vulnerabilities
  • 4 Denial of Service Vulnerabilities
  • 10 Spoofing Vulnerabilities
  • 1 Edge – Chromium Vulnerability

İki adet zero-day kapatıldı

CVE-2023-23397 – Microsoft Outlook Elevation of Privilege Vulnerability

CVE-2023-24880 – Windows SmartScreen Security Feature Bypass Vulnerability

Mart 2023 Patch Tuesday Güvenlik Güncellemelerinin Tam Listesi

TagCVE IDCVE TitleSeverity
AzureCVE-2023-23408Azure Apache Ambari Spoofing VulnerabilityImportant
Client Server Run-time Subsystem (CSRSS)CVE-2023-23409Client Server Run-Time Subsystem (CSRSS) Information Disclosure VulnerabilityImportant
Client Server Run-time Subsystem (CSRSS)CVE-2023-23394Client Server Run-Time Subsystem (CSRSS) Information Disclosure VulnerabilityImportant
Internet Control Message Protocol (ICMP)CVE-2023-23415Internet Control Message Protocol (ICMP) Remote Code Execution VulnerabilityCritical
MarinerCVE-2023-0567UnknownUnknown
MarinerCVE-2023-20052UnknownUnknown
MarinerCVE-2023-20032UnknownUnknown
Microsoft Bluetooth DriverCVE-2023-23388Windows Bluetooth Driver Elevation of Privilege VulnerabilityImportant
Microsoft DynamicsCVE-2023-24920Microsoft Dynamics 365 (on-premises) Cross-site Scripting VulnerabilityImportant
Microsoft DynamicsCVE-2023-24879Microsoft Dynamics 365 (on-premises) Cross-site Scripting VulnerabilityImportant
Microsoft DynamicsCVE-2023-24919Microsoft Dynamics 365 (on-premises) Cross-site Scripting VulnerabilityImportant
Microsoft DynamicsCVE-2023-24891Microsoft Dynamics 365 (on-premises) Cross-site Scripting VulnerabilityImportant
Microsoft DynamicsCVE-2023-24922Microsoft Dynamics 365 Information Disclosure VulnerabilityImportant
Microsoft DynamicsCVE-2023-24921Microsoft Dynamics 365 (on-premises) Cross-site Scripting VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2023-1236Chromium: CVE-2023-1236 Inappropriate implementation in InternalsUnknown
Microsoft Edge (Chromium-based)CVE-2023-1235Chromium: CVE-2023-1235 Type Confusion in DevToolsUnknown
Microsoft Edge (Chromium-based)CVE-2023-1213Chromium: CVE-2023-1213 Use after free in SwiftshaderUnknown
Microsoft Edge (Chromium-based)CVE-2023-24892Microsoft Edge (Chromium-based) Webview2 Spoofing VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2023-1234Chromium: CVE-2023-1234 Inappropriate implementation in IntentsUnknown
Microsoft Edge (Chromium-based)CVE-2023-1223Chromium: CVE-2023-1223 Insufficient policy enforcement in AutofillUnknown
Microsoft Edge (Chromium-based)CVE-2023-1222Chromium: CVE-2023-1222 Heap buffer overflow in Web Audio APIUnknown
Microsoft Edge (Chromium-based)CVE-2023-1221Chromium: CVE-2023-1221 Insufficient policy enforcement in Extensions APIUnknown
Microsoft Edge (Chromium-based)CVE-2023-1229Chromium: CVE-2023-1229 Inappropriate implementation in Permission promptsUnknown
Microsoft Edge (Chromium-based)CVE-2023-1228Chromium: CVE-2023-1228 Insufficient policy enforcement in IntentsUnknown
Microsoft Edge (Chromium-based)CVE-2023-1224Chromium: CVE-2023-1224 Insufficient policy enforcement in Web Payments APIUnknown
Microsoft Edge (Chromium-based)CVE-2023-1220Chromium: CVE-2023-1220 Heap buffer overflow in UMAUnknown
Microsoft Edge (Chromium-based)CVE-2023-1216Chromium: CVE-2023-1216 Use after free in DevToolsUnknown
Microsoft Edge (Chromium-based)CVE-2023-1215Chromium: CVE-2023-1215 Type Confusion in CSSUnknown
Microsoft Edge (Chromium-based)CVE-2023-1214Chromium: CVE-2023-1214 Type Confusion in V8Unknown
Microsoft Edge (Chromium-based)CVE-2023-1219Chromium: CVE-2023-1219 Heap buffer overflow in MetricsUnknown
Microsoft Edge (Chromium-based)CVE-2023-1218Chromium: CVE-2023-1218 Use after free in WebRTCUnknown
Microsoft Edge (Chromium-based)CVE-2023-1217Chromium: CVE-2023-1217 Stack buffer overflow in Crash reportingUnknown
Microsoft Edge (Chromium-based)CVE-2023-1230Chromium: CVE-2023-1230 Inappropriate implementation in WebApp InstallsUnknown
Microsoft Edge (Chromium-based)CVE-2023-1232Chromium: CVE-2023-1232 Insufficient policy enforcement in Resource TimingUnknown
Microsoft Edge (Chromium-based)CVE-2023-1233Chromium: CVE-2023-1233 Insufficient policy enforcement in Resource TimingUnknown
Microsoft Edge (Chromium-based)CVE-2023-1231Chromium: CVE-2023-1231 Inappropriate implementation in AutofillUnknown
Microsoft Graphics ComponentCVE-2023-24910Windows Graphics Component Elevation of Privilege VulnerabilityImportant
Microsoft Office ExcelCVE-2023-23398Microsoft Excel Spoofing VulnerabilityImportant
Microsoft Office ExcelCVE-2023-23396Microsoft Excel Denial of Service VulnerabilityImportant
Microsoft Office ExcelCVE-2023-23399Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office OutlookCVE-2023-23397Microsoft Outlook Elevation of Privilege VulnerabilityCritical
Microsoft Office SharePointCVE-2023-23395Microsoft SharePoint Server Spoofing VulnerabilityImportant
Microsoft OneDriveCVE-2023-24890Microsoft OneDrive for iOS Security Feature Bypass VulnerabilityImportant
Microsoft OneDriveCVE-2023-24930Microsoft OneDrive for MacOS Elevation of Privilege VulnerabilityImportant
Microsoft OneDriveCVE-2023-24882Microsoft OneDrive for Android Information Disclosure VulnerabilityImportant
Microsoft OneDriveCVE-2023-24923Microsoft OneDrive for Android Information Disclosure VulnerabilityImportant
Microsoft PostScript Printer DriverCVE-2023-24907Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution VulnerabilityImportant
Microsoft PostScript Printer DriverCVE-2023-24857Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure VulnerabilityImportant
Microsoft PostScript Printer DriverCVE-2023-24868Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution VulnerabilityImportant
Microsoft PostScript Printer DriverCVE-2023-24872Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution VulnerabilityImportant
Microsoft PostScript Printer DriverCVE-2023-24876Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution VulnerabilityImportant
Microsoft PostScript Printer DriverCVE-2023-24913Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution VulnerabilityImportant
Microsoft PostScript Printer DriverCVE-2023-24864Microsoft PostScript and PCL6 Class Printer Driver Elevation of Privilege VulnerabilityImportant
Microsoft PostScript Printer DriverCVE-2023-24866Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure VulnerabilityImportant
Microsoft PostScript Printer DriverCVE-2023-24906Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure VulnerabilityImportant
Microsoft PostScript Printer DriverCVE-2023-24867Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution VulnerabilityImportant
Microsoft PostScript Printer DriverCVE-2023-24863Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure VulnerabilityImportant
Microsoft PostScript Printer DriverCVE-2023-24858Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure VulnerabilityImportant
Microsoft PostScript Printer DriverCVE-2023-24911Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure VulnerabilityImportant
Microsoft PostScript Printer DriverCVE-2023-24870Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure VulnerabilityImportant
Microsoft PostScript Printer DriverCVE-2023-24909Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution VulnerabilityImportant
Microsoft PostScript Printer DriverCVE-2023-23406Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution VulnerabilityImportant
Microsoft PostScript Printer DriverCVE-2023-23413Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution VulnerabilityImportant
Microsoft PostScript Printer DriverCVE-2023-24856Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure VulnerabilityImportant
Microsoft Printer DriversCVE-2023-24865Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure VulnerabilityImportant
Microsoft Printer DriversCVE-2023-23403Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2023-23401Windows Media Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2023-23402Windows Media Remote Code Execution VulnerabilityImportant
Office for AndroidCVE-2023-23391Office for Android Spoofing VulnerabilityImportant
Remote Access Service Point-to-Point Tunneling ProtocolCVE-2023-23404Windows Point-to-Point Tunneling Protocol Remote Code Execution VulnerabilityCritical
Role: DNS ServerCVE-2023-23400Windows DNS Server Remote Code Execution VulnerabilityImportant
Role: Windows Hyper-VCVE-2023-23411Windows Hyper-V Denial of Service VulnerabilityCritical
Service FabricCVE-2023-23383Service Fabric Explorer Spoofing VulnerabilityImportant
Visual StudioCVE-2023-23618GitHub: CVE-2023-23618 Git for Windows Remote Code Execution VulnerabilityImportant
Visual StudioCVE-2023-22743GitHub: CVE-2023-22743 Git for Windows Installer Elevation of Privilege VulnerabilityImportant
Visual StudioCVE-2023-23946GitHub: CVE-2023-23946 mingit Remote Code Execution VulnerabilityImportant
Visual StudioCVE-2023-22490GitHub: CVE-2023-22490 mingit Information Disclosure VulnerabilityImportant
Windows Accounts ControlCVE-2023-23412Windows Accounts Picture Elevation of Privilege VulnerabilityImportant
Windows Bluetooth ServiceCVE-2023-24871Windows Bluetooth Service Remote Code Execution VulnerabilityImportant
Windows Central Resource ManagerCVE-2023-23393Windows BrokerInfrastructure Service Elevation of Privilege VulnerabilityImportant
Windows Cryptographic ServicesCVE-2023-23416Windows Cryptographic Services Remote Code Execution VulnerabilityCritical
Windows DefenderCVE-2023-23389Microsoft Defender Elevation of Privilege VulnerabilityImportant
Windows HTTP Protocol StackCVE-2023-23392HTTP Protocol Stack Remote Code Execution VulnerabilityCritical
Windows HTTP.sysCVE-2023-23410Windows HTTP.sys Elevation of Privilege VulnerabilityImportant
Windows Internet Key Exchange (IKE) ProtocolCVE-2023-24859Windows Internet Key Exchange (IKE) Extension Denial of Service VulnerabilityImportant
Windows KernelCVE-2023-23420Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2023-23422Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2023-23421Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2023-23423Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows Partition Management DriverCVE-2023-23417Windows Partition Management Driver Elevation of Privilege VulnerabilityImportant
Windows Point-to-Point Protocol over Ethernet (PPPoE)CVE-2023-23407Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution VulnerabilityImportant
Windows Point-to-Point Protocol over Ethernet (PPPoE)CVE-2023-23385Windows Point-to-Point Protocol over Ethernet (PPPoE) Elevation of Privilege VulnerabilityImportant
Windows Point-to-Point Protocol over Ethernet (PPPoE)CVE-2023-23414Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution VulnerabilityImportant
Windows Remote Procedure CallCVE-2023-21708Remote Procedure Call Runtime Remote Code Execution VulnerabilityCritical
Windows Remote Procedure Call RuntimeCVE-2023-23405Remote Procedure Call Runtime Remote Code Execution VulnerabilityImportant
Windows Remote Procedure Call RuntimeCVE-2023-24869Remote Procedure Call Runtime Remote Code Execution VulnerabilityImportant
Windows Remote Procedure Call RuntimeCVE-2023-24908Remote Procedure Call Runtime Remote Code Execution VulnerabilityImportant
Windows Resilient File System (ReFS)CVE-2023-23419Windows Resilient File System (ReFS) Elevation of Privilege VulnerabilityImportant
Windows Resilient File System (ReFS)CVE-2023-23418Windows Resilient File System (ReFS) Elevation of Privilege VulnerabilityImportant
Windows Secure ChannelCVE-2023-24862Windows Secure Channel Denial of Service VulnerabilityImportant
Windows SmartScreenCVE-2023-24880Windows SmartScreen Security Feature Bypass VulnerabilityModerate
Windows TPMCVE-2023-1017CERT/CC: CVE-2023-1017 TPM2.0 Module Library Elevation of Privilege VulnerabilityCritical
Windows TPMCVE-2023-1018CERT/CC: CVE-2023-1018 TPM2.0 Module Library Elevation of Privilege VulnerabilityCritical
Windows Win32KCVE-2023-24861Windows Graphics Component Elevation of Privilege VulnerabilityImportant

Kaynak: bleepingcomputer.com

İlgili Makaleler

Bir yanıt yazın

E-posta adresiniz yayınlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir

Başa dön tuşu