Haberler

Microsoft Haziran 2022 Patch Tuesday: 1 Zero-Day, 55 Zafiyet Kapatıldı

Microsoft bu ay yayınladığı Patch Tuesday yamaları ile 1 sıfırıncı gün güvenlik açığı ve toplam 55 zafiyeti kapattı. Bunların içerisinde Windows MSDT ‘Follina’ zero-day güvenlik açığı ve yeni Intel MMIO’da bulunuyor. Düzeltilen 55 güvenlik açığından üçü uzaktan kod yürütülmesine izin verdikleri için ‘Kritik’ olarak sınıflandırılırken, geri kalanı Önemli olarak sınıflandırıldı.

Kapatılan zafiyetler aşağıdaki gibidir

  • 12 Elevation of Privilege Vulnerabilities
  • 1 Security Feature Bypass Vulnerabilities
  • 27 Remote Code Execution Vulnerabilities
  • 11 Information Disclosure Vulnerabilities
  • 3 Denial of Service Vulnerabilities
  • 1 Spoofing Vulnerability

Follina zero-day kapatıldı

Microsoft, Haziran 2022 Güncellemelerinde CVE-2022-30190 olarak izlenen Windows  Follina MSDT zero-day güvenlik açığını kapattı.

Haziran 2022 Yaması Salı Güvenlik Güncellemeleri

TagCVE IDCVE TitleSeverity
.NET and Visual StudioCVE-2022-30184.NET and Visual Studio Information Disclosure VulnerabilityImportant
Azure OMICVE-2022-29149Azure Open Management Infrastructure (OMI) Elevation of Privilege VulnerabilityImportant
Azure Real Time Operating SystemCVE-2022-30179Azure RTOS GUIX Studio Remote Code Execution VulnerabilityImportant
Azure Real Time Operating SystemCVE-2022-30178Azure RTOS GUIX Studio Remote Code Execution VulnerabilityImportant
Azure Real Time Operating SystemCVE-2022-30180Azure RTOS GUIX Studio Information Disclosure VulnerabilityImportant
Azure Real Time Operating SystemCVE-2022-30177Azure RTOS GUIX Studio Remote Code Execution VulnerabilityImportant
Azure Service Fabric ContainerCVE-2022-30137Azure Service Fabric Container Elevation of Privilege VulnerabilityImportant
IntelCVE-2022-21127Intel: CVE-2022-21127 Special Register Buffer Data Sampling Update (SRBDS Update)Important
IntelADV220002Microsoft Guidance on Intel Processor MMIO Stale Data VulnerabilitiesUnknown
IntelCVE-2022-21123Intel: CVE-2022-21123 Shared Buffers Data Read (SBDR)Important
IntelCVE-2022-21125Intel: CVE-2022-21125 Shared Buffers Data Sampling (SBDS)Important
IntelCVE-2022-21166Intel: CVE-2022-21166 Device Register Partial Write (DRPW)Important
Microsoft Edge (Chromium-based)CVE-2022-2011Chromium: CVE-2022-2011 Use after free in ANGLEUnknown
Microsoft Edge (Chromium-based)CVE-2022-2010Chromium: CVE-2022-2010 Out of bounds read in compositingUnknown
Microsoft Edge (Chromium-based)CVE-2022-2008Chromium: CVE-2022-2008 Out of bounds memory access in WebGLUnknown
Microsoft Edge (Chromium-based)CVE-2022-2007Chromium: CVE-2022-2007 Use after free in WebGPUUnknown
Microsoft Edge (Chromium-based)CVE-2022-22021Microsoft Edge (Chromium-based) Remote Code Execution VulnerabilityModerate
Microsoft OfficeCVE-2022-30159Microsoft Office Information Disclosure VulnerabilityImportant
Microsoft OfficeCVE-2022-30171Microsoft Office Information Disclosure VulnerabilityImportant
Microsoft OfficeCVE-2022-30172Microsoft Office Information Disclosure VulnerabilityImportant
Microsoft OfficeCVE-2022-30174Microsoft Office Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2022-30173Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2022-30158Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2022-30157Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
Microsoft Windows ALPCCVE-2022-30160Windows Advanced Local Procedure Call Elevation of Privilege VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2022-29119HEVC Video Extensions Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2022-30188HEVC Video Extensions Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2022-30167AV1 Video Extension Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2022-30193AV1 Video Extension Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2022-29111HEVC Video Extensions Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2022-22018HEVC Video Extensions Remote Code Execution VulnerabilityImportant
Remote Volume Shadow Copy Service (RVSS)CVE-2022-30154Microsoft File Server Shadow Copy Agent Service (RVSS) Elevation of Privilege VulnerabilityImportant
Role: Windows Hyper-VCVE-2022-30163Windows Hyper-V Remote Code Execution VulnerabilityCritical
SQL ServerCVE-2022-29143Microsoft SQL Server Remote Code Execution VulnerabilityImportant
Windows Ancillary Function Driver for WinSockCVE-2022-30151Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityImportant
Windows App StoreCVE-2022-30168Microsoft Photos App Remote Code Execution VulnerabilityImportant
Windows AutopilotCVE-2022-30189Windows Autopilot Device Management and Enrollment Client Spoofing VulnerabilityImportant
Windows Container Isolation FS Filter DriverCVE-2022-30131Windows Container Isolation FS Filter Driver Elevation of Privilege VulnerabilityImportant
Windows Container Manager ServiceCVE-2022-30132Windows Container Manager Service Elevation of Privilege VulnerabilityImportant
Windows DefenderCVE-2022-30150Windows Defender Remote Credential Guard Elevation of Privilege VulnerabilityImportant
Windows Encrypting File System (EFS)CVE-2022-30145Windows Encrypting File System (EFS) Remote Code Execution VulnerabilityImportant
Windows File History ServiceCVE-2022-30142Windows File History Remote Code Execution VulnerabilityImportant
Windows InstallerCVE-2022-30147Windows Installer Elevation of Privilege VulnerabilityImportant
Windows iSCSICVE-2022-30140Windows iSCSI Discovery Service Remote Code Execution VulnerabilityImportant
Windows KerberosCVE-2022-30164Kerberos AppContainer Security Feature Bypass VulnerabilityImportant
Windows KerberosCVE-2022-30165Windows Kerberos Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2022-30162Windows Kernel Information Disclosure VulnerabilityImportant
Windows KernelCVE-2022-30155Windows Kernel Denial of Service VulnerabilityImportant
Windows LDAP – Lightweight Directory Access ProtocolCVE-2022-30143Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution VulnerabilityImportant
Windows LDAP – Lightweight Directory Access ProtocolCVE-2022-30161Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution VulnerabilityImportant
Windows LDAP – Lightweight Directory Access ProtocolCVE-2022-30141Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution VulnerabilityImportant
Windows LDAP – Lightweight Directory Access ProtocolCVE-2022-30153Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution VulnerabilityImportant
Windows LDAP – Lightweight Directory Access ProtocolCVE-2022-30139Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution VulnerabilityCritical
Windows LDAP – Lightweight Directory Access ProtocolCVE-2022-30149Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution VulnerabilityImportant
Windows LDAP – Lightweight Directory Access ProtocolCVE-2022-30146Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution VulnerabilityImportant
Windows Local Security Authority Subsystem ServiceCVE-2022-30166Local Security Authority Subsystem Service Elevation of Privilege VulnerabilityImportant
Windows MediaCVE-2022-30135Windows Media Center Elevation of Privilege VulnerabilityImportant
Windows Network Address Translation (NAT)CVE-2022-30152Windows Network Address Translation (NAT) Denial of Service VulnerabilityImportant
Windows Network File SystemCVE-2022-30136Windows Network File System Remote Code Execution VulnerabilityCritical
Windows PowerShellCVE-2022-30148Windows Desired State Configuration (DSC) Information Disclosure VulnerabilityImportant
Windows SMBCVE-2022-32230Windows SMB Denial of Service VulnerabilityImportant

Kaynak: bleepingcomputer.com

İlgili Makaleler

Bir yanıt yazın

E-posta adresiniz yayınlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir

Başa dön tuşu