Microsoft’tun gelenekselleşen “Patch Tuesday” eylül ayı güncellemeleri yayınlandı. Microsoft bu ay çeşitli ürünlerinde ortaya çıkan tam 129 adet güvenlik açığı kapattı.
- Microsoft Windows
- Edge browser
- Internet Explorer
- ChakraCore
- SQL Server
- Exchange Server
- Office
- ASP.NET
- OneDrive
- Azure DevOps
- Visual Studio
Zafiyetlerin seviyeleri, 23 kritik, 105 önemli ve 1 adet orta düzey olarak gösterildi.
Güvenlik açıklarına baktığımızda CVE-2020-16875 kodu ile listelenen ve güncelleme yapılmamış exchange sunucularını hedef alan zafiyetin istismar edilmesi durumunda, sistem üzerinde kod çalıştırma yetkisine sahip olunabiliniyor.
Tam liste şöyle:
| VE-2020-1285 GDI+ Remote Code Execution Vulnerability Critical RCE |
| CVE-2020-0878 Microsoft Browser Memory Corruption Vulnerability Critical RCE |
| CVE-2020-0922 Microsoft COM for Windows Remote Code Execution Vulnerability Critical RCE |
| CVE-2020-16862 Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability Critical RCE |
| CVE-2020-16857 |
| Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability |
| Critical RCE |
| CVE-2020-16875 Microsoft Exchange Memory Corruption Vulnerability Critical RCE |
| CVE-2020-1200 Microsoft SharePoint Remote Code Execution Vulnerability Critical RCE |
| CVE-2020-1210 Microsoft SharePoint Remote Code Execution Vulnerability Critical RCE |
| CVE-2020-1452 Microsoft SharePoint Remote Code Execution Vulnerability Critical RCE |
| CVE-2020-1453 Microsoft SharePoint Remote Code Execution Vulnerability Critical RCE |
| CVE-2020-1576 Microsoft SharePoint Remote Code Execution Vulnerability Critical RCE |
| CVE-2020-1595 Microsoft SharePoint Remote Code Execution Vulnerability Critical RCE |
| CVE-2020-1460 Microsoft SharePoint Server Remote Code Execution Vulnerability Critical RCE |
| CVE-2020-1129 Microsoft Windows Codecs Library Remote Code Execution Vulnerability Critical RCE |
| CVE-2020-1319 Microsoft Windows Codecs Library Remote Code Execution Vulnerability Critical RCE |
| CVE-2020-1057 Scripting Engine Memory Corruption Vulnerability Critical RCE |
| CVE-2020-1172 Scripting Engine Memory Corruption Vulnerability Critical RCE |
| CVE-2020-16874 Visual Studio Remote Code Execution Vulnerability Critical RCE |
| CVE-2020-0997 Windows Camera Codec Pack Remote Code Execution Vulnerability Critical RCE |
| CVE-2020-1508 Windows Media Audio Decoder Remote Code Execution Vulnerability Critical RCE |
| CVE-2020-1593 Windows Media Audio Decoder Remote Code Execution Vulnerability Critical RCE |
| CVE-2020-1252 Windows Remote Code Execution Vulnerability Critical RCE |
| CVE-2020-0908 Windows Text Service Module Remote Code Execution Vulnerability Critical RCE |
| CVE-2020-0664 Active Directory Information Disclosure Vulnerability Important Info |
| CVE-2020-0856 Active Directory Information Disclosure Vulnerability Important Info |
| CVE-2020-0718 Active Directory Remote Code Execution Vulnerability Important RCE |
| CVE-2020-0761 Active Directory Remote Code Execution Vulnerability Important RCE |
| CVE-2020-0837 ADFS Spoofing Vulnerability Important Spoofing |
| CVE-2020-1590 Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability Important EoP |
| CVE-2020-1130 Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability Important EoP |
| CVE-2020-1133 Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability Important EoP |
| CVE-2020-1053 DirectX Elevation of Privilege Vulnerability Important EoP |
| CVE-2020-1308 DirectX Elevation of Privilege Vulnerability Important EoP |
| CVE-2020-1013 Group Policy Elevation of Privilege Vulnerability Important EoP |
| CVE-2020-16884 Internet Explorer Browser Helper Object (BHO) Memory Corruption Vulnerability Important RCE |
| CVE-2020-1039 Jet Database Engine Remote Code Execution Vulnerability Important RCE |
| CVE-2020-1074 Jet Database Engine Remote Code Execution Vulnerability Important RCE |
| CVE-2020-1045 Microsoft ASP.NET Core Security Feature Bypass Vulnerability Important SFB |
| CVE-2020-1507 Microsoft COM for Windows Elevation of Privilege Vulnerability Important EoP |
| CVE-2020-16858 Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability Important XSS |
| CVE-2020-16859 Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability Important XSS |
| CVE-2020-16861 Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability Important XSS |
| CVE-2020-16864 Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability Important XSS |
| CVE-2020-16871 Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability Important XSS |
| CVE-2020-16872 Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability Important XSS |
| CVE-2020-16878 Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability Important XSS |
| CVE-2020-16860 Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability Important RCE |
| CVE-2020-1224 Microsoft Excel Information Disclosure Vulnerability Important Info |
| CVE-2020-1193 Microsoft Excel Remote Code Execution Vulnerability Important RCE |
| CVE-2020-1332 Microsoft Excel Remote Code Execution Vulnerability Important RCE |
| CVE-2020-1335 Microsoft Excel Remote Code Execution Vulnerability Important RCE |
| CVE-2020-1594 Microsoft Excel Remote Code Execution Vulnerability Important RCE |
| CVE-2020-0921 Microsoft Graphics Component Information Disclosure Vulnerability Important Info |
| CVE-2020-1083 Microsoft Graphics Component Information Disclosure Vulnerability Important Info |
| CVE-2020-16855 Microsoft Office Information Disclosure Vulnerability Important Info |
| CVE-2020-1198 Microsoft Office SharePoint XSS Vulnerability Important XSS |
| CVE-2020-1227 Microsoft Office SharePoint XSS Vulnerability Important XSS |
| CVE-2020-1345 Microsoft Office SharePoint XSS Vulnerability Important XSS |
| CVE-2020-1482 Microsoft Office SharePoint XSS Vulnerability Important XSS |
| CVE-2020-1514 Microsoft Office SharePoint XSS Vulnerability Important XSS |
| CVE-2020-1575 Microsoft Office SharePoint XSS Vulnerability Important XSS |
| CVE-2020-1440 Microsoft SharePoint Server Tampering Vulnerability Important Tampering |
| CVE-2020-1523 Microsoft SharePoint Server Tampering Vulnerability Important Tampering |
| CVE-2020-1205 Microsoft SharePoint Spoofing Vulnerability Important Spoofing |
| CVE-2020-0790 Microsoft splwow64 Elevation of Privilege Vulnerability Important EoP |
| CVE-2020-0875 Microsoft splwow64 Information Disclosure Vulnerability Important Info |
| CVE-2020-0766 Microsoft Store Runtime Elevation of Privilege Vulnerability Important EoP |
| CVE-2020-1146 Microsoft Store Runtime Elevation of Privilege Vulnerability Important EoP |
| CVE-2020-1218 Microsoft Word Remote Code Execution Vulnerability Important RCE |
| CVE-2020-1338 Microsoft Word Remote Code Execution Vulnerability Important RCE |
| CVE-2020-0838 NTFS Elevation of Privilege Vulnerability Important EoP |
| CVE-2020-16851 OneDrive for Windows Elevation of Privilege Vulnerability Important EoP |
| CVE-2020-16852 OneDrive for Windows Elevation of Privilege Vulnerability Important EoP |
| CVE-2020-16853 OneDrive for Windows Elevation of Privilege Vulnerability Important EoP |
| CVE-2020-16879 Projected Filesystem Information Disclosure Vulnerability Important Info |
| CVE-2020-0805 Projected Filesystem Security Feature Bypass Vulnerability Important SFB |
| CVE-2020-1180 Scripting Engine Memory Corruption Vulnerability Important RCE |
| CVE-2020-0870 Shell infrastructure component Elevation of Privilege Vulnerability Important EoP |
| CVE-2020-1596 TLS Information Disclosure Vulnerability Important Info |
| CVE-2020-16881 Visual Studio JSON Remote Code Execution Important RCE |
| CVE-2020-16856 Visual Studio Remote Code Execution Vulnerability Important RCE |
| CVE-2020-1245 Win32k Elevation of Privilege Vulnerability Important EoP |
| CVE-2020-0941 Win32k Information Disclosure Vulnerability Important Info |
| CVE-2020-1250 Win32k Information Disclosure Vulnerability Important Info |
| CVE-2020-1471 Windows CloudExperienceHost Elevation of Privilege Vulnerability Important EoP |
| CVE-2020-1115 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important EoP |
| CVE-2020-0782 Windows Cryptographic Catalog Services Elevation of Privilege Vulnerability Important EoP |
| CVE-2020-0951 Windows Defender Application Control Security Feature Bypass Vulnerability Important SFB |
| CVE-2020-1031 Windows DHCP Server Information Disclosure Vulnerability Important Info |
| CVE-2020-0836 Windows DNS Denial of Service Vulnerability Important DoS |
| CVE-2020-1228 Windows DNS Denial of Service Vulnerability Important DoS |
| CVE-2020-0839 Windows dnsrslvr.dll Elevation of Privilege Vulnerability Important EoP |
| CVE-2020-1052 Windows Elevation of Privilege Vulnerability Important EoP |
| CVE-2020-1159 Windows Elevation of Privilege Vulnerability Important EoP |
| CVE-2020-1376 Windows Elevation of Privilege Vulnerability Important EoP |
| CVE-2020-1491 Windows Function Discovery Service Elevation of Privilege Vulnerability Important EoP |
| CVE-2020-0912 Windows Function Discovery SSDP Provider Elevation of Privilege Vulnerability Important EoP |
| CVE-2020-1256 Windows GDI Information Disclosure Vulnerability Important Info |
| CVE-2020-0998 Windows Graphics Component Elevation of Privilege Vulnerability Important EoP |
| CVE-2020-1091 Windows Graphics Component Information Disclosure Vulnerability Important Info |
| CVE-2020-1097 Windows Graphics Component Information Disclosure Vulnerability Important Info |
| CVE-2020-0890 Windows Hyper-V Denial of Service Vulnerability Important DoS |
| CVE-2020-0904 Windows Hyper-V Denial of Service Vulnerability Important DoS |
| CVE-2020-1119 Windows Information Disclosure Vulnerability Important Info |
| CVE-2020-1532 Windows InstallService Elevation of Privilege Vulnerability Important EoP |
| CVE-2020-1034 Windows Kernel Elevation of Privilege Vulnerability Important EoP |
| CVE-2020-0928 Windows Kernel Information Disclosure Vulnerability Important Info |
| CVE-2020-1033 Windows Kernel Information Disclosure Vulnerability Important Info |
| CVE-2020-1589 Windows Kernel Information Disclosure Vulnerability Important Info |
| CVE-2020-1592 Windows Kernel Information Disclosure Vulnerability Important Info |
| CVE-2020-16854 Windows Kernel Information Disclosure Vulnerability Important Info |
| CVE-2020-1122 Windows Language Pack Installer Elevation of Privilege Vulnerability Important EoP |
| CVE-2020-0989 Windows Mobile Device Management Diagnostics Information Disclosure Vulnerability Important Info |
| CVE-2020-0911 Windows Modules Installer Elevation of Privilege Vulnerability Important EoP |
| CVE-2020-1030 Windows Print Spooler Elevation of Privilege Vulnerability Important EoP |
| CVE-2020-1038 Windows Routing Utilities Denial of Service Important DoS |
| CVE-2020-0648 Windows RSoP Service Application Elevation of Privilege Vulnerability Important EoP |
| CVE-2020-1169 Windows Runtime Elevation of Privilege Vulnerability Important EoP |
| CVE-2020-1303 Windows Runtime Elevation of Privilege Vulnerability Important EoP |
| CVE-2020-1098 Windows Shell Infrastructure Component Elevation of Privilege Vulnerability Important EoP |
| CVE-2020-1012 Windows Start-Up Application Elevation of Privilege Vulnerability Important EoP |
| CVE-2020-1506 Windows Start-Up Application Elevation of Privilege Vulnerability Important EoP |
| CVE-2020-0914 Windows State Repository Service Information Disclosure Vulnerability Important Info |
| CVE-2020-0886 Windows Storage Services Elevation of Privilege Vulnerability Important EoP |
| CVE-2020-1559 Windows Storage Services Elevation of Privilege Vulnerability Important EoP |
| CVE-2020-1598 Windows UPnP Service Elevation of Privilege Vulnerability Important EoP |
| CVE-2020-1152 Windows Win32k Elevation of Privilege Vulnerability Important EoP |
| CVE-2020-16873 Xamarin.Forms Spoofing Vulnerability Important Spoofing |
| CVE-2020-1044 SQL Server Reporting Services Security Feature Bypass Vulnerability |
Microsoft, güncellemelerin bir an önce yapılması konusunda kullanıcılarını uyarıyor.