Microsoft Haziran 2023 Patch Tuesday: 38 RCE, 78 Zafiyet Kapatıldı

Microsoft bu ay yayınladığı Patch Tuesday güncellemeleri ile 38 adet RCE güvenlik açığı ve toplam 78 zafiyeti kapattı.

Bu ay yayınlanan güncellemerle düzeltilen 78 güvenlik açığından 38’ü kritik olarak olarak sınıflandırıdı.

Kapatılan zafiyetler aşağıdaki gibidir:

Önemli güvenlik açıkları

CVE-2023-29357 – Microsoft SharePoint Server Elevation of Privilege Vulnerability

CVE-2023-32031 – Microsoft Exchange Server Remote Code Execution Vulnerability

Haziran 2023 Patch Tuesday Güvenlik Güncellemelerinin Tam Listesi

TagCVE IDCVE TitleSeverity
.NET and Visual StudioCVE-2023-24895.NET, .NET Framework, and Visual Studio Remote Code Execution VulnerabilityImportant
.NET and Visual StudioCVE-2023-33126.NET and Visual Studio Remote Code Execution VulnerabilityImportant
.NET and Visual StudioCVE-2023-24936.NET, .NET Framework, and Visual Studio Elevation of Privilege VulnerabilityModerate
.NET and Visual StudioCVE-2023-33135.NET and Visual Studio Elevation of Privilege VulnerabilityImportant
.NET and Visual StudioCVE-2023-32032.NET and Visual Studio Elevation of Privilege VulnerabilityImportant
.NET and Visual StudioCVE-2023-32030.NET and Visual Studio Denial of Service VulnerabilityImportant
.NET and Visual StudioCVE-2023-33128.NET and Visual Studio Remote Code Execution VulnerabilityImportant
.NET and Visual StudioCVE-2023-24897.NET, .NET Framework, and Visual Studio Remote Code Execution VulnerabilityCritical
.NET CoreCVE-2023-29331.NET, .NET Framework, and Visual Studio Denial of Service VulnerabilityImportant
.NET FrameworkCVE-2023-29326.NET Framework Remote Code Execution VulnerabilityImportant
ASP .NETCVE-2023-33141Yet Another Reverse Proxy (YARP) Denial of Service VulnerabilityImportant
Azure DevOpsCVE-2023-21569Azure DevOps Server Spoofing VulnerabilityImportant
Azure DevOpsCVE-2023-21565Azure DevOps Server Spoofing VulnerabilityImportant
Microsoft DynamicsCVE-2023-24896Dynamics 365 Finance Spoofing VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2023-2941Chromium: CVE-2023-2941 Inappropriate implementation in Extensions APIUnknown
Microsoft Edge (Chromium-based)CVE-2023-33145Microsoft Edge (Chromium-based) Information Disclosure VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2023-2937Chromium: CVE-2023-2937 Inappropriate implementation in Picture In PictureUnknown
Microsoft Edge (Chromium-based)CVE-2023-2936Chromium: CVE-2023-2936 Type Confusion in V8Unknown
Microsoft Edge (Chromium-based)CVE-2023-2935Chromium: CVE-2023-2935 Type Confusion in V8Unknown
Microsoft Edge (Chromium-based)CVE-2023-2940Chromium: CVE-2023-2940 Inappropriate implementation in DownloadsUnknown
Microsoft Edge (Chromium-based)CVE-2023-2939Chromium: CVE-2023-2939 Insufficient data validation in InstallerUnknown
Microsoft Edge (Chromium-based)CVE-2023-2938Chromium: CVE-2023-2938 Inappropriate implementation in Picture In PictureUnknown
Microsoft Edge (Chromium-based)CVE-2023-2931Chromium: CVE-2023-2931 Use after free in PDFUnknown
Microsoft Edge (Chromium-based)CVE-2023-2930Chromium: CVE-2023-2930 Use after free in ExtensionsUnknown
Microsoft Edge (Chromium-based)CVE-2023-2929Chromium: CVE-2023-2929 Out of bounds write in SwiftshaderUnknown
Microsoft Edge (Chromium-based)CVE-2023-2934Chromium: CVE-2023-2934 Out of bounds memory access in MojoUnknown
Microsoft Edge (Chromium-based)CVE-2023-2933Chromium: CVE-2023-2933 Use after free in PDFUnknown
Microsoft Edge (Chromium-based)CVE-2023-2932Chromium: CVE-2023-2932 Use after free in PDFUnknown
Microsoft Edge (Chromium-based)CVE-2023-3079Chromium: CVE-2023-3079 Type Confusion in V8Unknown
Microsoft Edge (Chromium-based)CVE-2023-29345Microsoft Edge (Chromium-based) Security Feature Bypass VulnerabilityLow
Microsoft Edge (Chromium-based)CVE-2023-33143Microsoft Edge (Chromium-based) Elevation of Privilege VulnerabilityModerate
Microsoft Exchange ServerCVE-2023-32031Microsoft Exchange Server Remote Code Execution VulnerabilityImportant
Microsoft Exchange ServerCVE-2023-28310Microsoft Exchange Server Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2023-33146Microsoft Office Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2023-33133Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2023-32029Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2023-33137Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office OneNoteCVE-2023-33140Microsoft OneNote Spoofing VulnerabilityImportant
Microsoft Office OutlookCVE-2023-33131Microsoft Outlook Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2023-33142Microsoft SharePoint Server Elevation of Privilege VulnerabilityImportant
Microsoft Office SharePointCVE-2023-33129Microsoft SharePoint Denial of Service VulnerabilityImportant
Microsoft Office SharePointCVE-2023-33130Microsoft SharePoint Server Spoofing VulnerabilityImportant
Microsoft Office SharePointCVE-2023-33132Microsoft SharePoint Server Spoofing VulnerabilityImportant
Microsoft Office SharePointCVE-2023-29357Microsoft SharePoint Server Elevation of Privilege VulnerabilityCritical
Microsoft Power AppsCVE-2023-32024Microsoft Power Apps Spoofing VulnerabilityImportant
Microsoft Printer DriversCVE-2023-32017Microsoft PostScript Printer Driver Remote Code Execution VulnerabilityImportant
Microsoft WDAC OLE DB provider for SQLCVE-2023-29372Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2023-29370Windows Media Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2023-29365Windows Media Remote Code Execution VulnerabilityImportant
NuGet ClientCVE-2023-29337NuGet Client Remote Code Execution VulnerabilityImportant
Remote Desktop ClientCVE-2023-29362Remote Desktop Client Remote Code Execution VulnerabilityImportant
Remote Desktop ClientCVE-2023-29352Windows Remote Desktop Security Feature Bypass VulnerabilityImportant
Role: DNS ServerCVE-2023-32020Windows DNS Spoofing VulnerabilityImportant
SysInternalsCVE-2023-29353Sysinternals Process Monitor for Windows Denial of Service VulnerabilityLow
Visual StudioCVE-2023-29007GitHub: CVE-2023-29007 Arbitrary configuration injection via `git submodule deinit`Important
Visual StudioCVE-2023-33139Visual Studio Information Disclosure VulnerabilityImportant
Visual StudioCVE-2023-25652GitHub: CVE-2023-25652 “git apply –reject” partially-controlled arbitrary file writeImportant
Visual StudioCVE-2023-25815GitHub: CVE-2023-25815 Git looks for localized messages in an unprivileged placeImportant
Visual StudioCVE-2023-27911AutoDesk: CVE-2023-27911 Heap buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or priorImportant
Visual StudioCVE-2023-27910AutoDesk: CVE-2023-27910 stack buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or priorImportant
Visual StudioCVE-2023-29011GitHub: CVE-2023-29011 The config file of `connect.exe` is susceptible to malicious placingImportant
Visual StudioCVE-2023-29012GitHub: CVE-2023-29012 Git CMD erroneously executes `doskey.exe` in current directory, if it existsImportant
Visual StudioCVE-2023-27909AutoDesk: CVE-2023-27909 Out-Of-Bounds Write Vulnerability in Autodesk® FBX® SDK 2020 or priorImportant
Visual Studio CodeCVE-2023-33144Visual Studio Code Spoofing VulnerabilityImportant
Windows Authentication MethodsCVE-2023-29364Windows Authentication Elevation of Privilege VulnerabilityImportant
Windows Bus Filter DriverCVE-2023-32010Windows Bus Filter Driver Elevation of Privilege VulnerabilityImportant
Windows Cloud Files Mini Filter DriverCVE-2023-29361Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityImportant
Windows Collaborative Translation FrameworkCVE-2023-32009Windows Collaborative Translation Framework Elevation of Privilege VulnerabilityImportant
Windows Container Manager ServiceCVE-2023-32012Windows Container Manager Service Elevation of Privilege VulnerabilityImportant
Windows CryptoAPICVE-2023-24937Windows CryptoAPI Denial of Service VulnerabilityImportant
Windows CryptoAPICVE-2023-24938Windows CryptoAPI Denial of Service VulnerabilityImportant
Windows DHCP ServerCVE-2023-29355DHCP Server Service Information Disclosure VulnerabilityImportant
Windows FilteringCVE-2023-29368Windows Filtering Platform Elevation of Privilege VulnerabilityImportant
Windows GDICVE-2023-29358Windows GDI Elevation of Privilege VulnerabilityImportant
Windows Geolocation ServiceCVE-2023-29366Windows Geolocation Service Remote Code Execution VulnerabilityImportant
Windows Group PolicyCVE-2023-29351Windows Group Policy Elevation of Privilege VulnerabilityImportant
Windows HelloCVE-2023-32018Windows Hello Remote Code Execution VulnerabilityImportant
Windows Hyper-VCVE-2023-32013Windows Hyper-V Denial of Service VulnerabilityCritical
Windows InstallerCVE-2023-32016Windows Installer Information Disclosure VulnerabilityImportant
Windows iSCSICVE-2023-32011Windows iSCSI Discovery Service Denial of Service VulnerabilityImportant
Windows KernelCVE-2023-32019Windows Kernel Information Disclosure VulnerabilityImportant
Windows NTFSCVE-2023-29346NTFS Elevation of Privilege VulnerabilityImportant
Windows ODBC DriverCVE-2023-29373Microsoft ODBC Driver Remote Code Execution VulnerabilityImportant
Windows OLECVE-2023-29367iSCSI Target WMI Provider Remote Code Execution VulnerabilityImportant
Windows PGMCVE-2023-29363Windows Pragmatic General Multicast (PGM) Remote Code Execution VulnerabilityCritical
Windows PGMCVE-2023-32014Windows Pragmatic General Multicast (PGM) Remote Code Execution VulnerabilityCritical
Windows PGMCVE-2023-32015Windows Pragmatic General Multicast (PGM) Remote Code Execution VulnerabilityCritical
Windows Remote Procedure Call RuntimeCVE-2023-29369Remote Procedure Call Runtime Denial of Service VulnerabilityImportant
Windows Resilient File System (ReFS)CVE-2023-32008Windows Resilient File System (ReFS) Remote Code Execution VulnerabilityImportant
Windows Server ServiceCVE-2023-32022Windows Server Service Security Feature Bypass VulnerabilityImportant
Windows SMBCVE-2023-32021Windows SMB Witness Service Security Feature Bypass VulnerabilityImportant
Windows TPM Device DriverCVE-2023-29360Windows TPM Device Driver Elevation of Privilege VulnerabilityImportant
Windows Win32KCVE-2023-29371Windows GDI Elevation of Privilege VulnerabilityImportant
Windows Win32KCVE-2023-29359GDI Elevation of Privilege VulnerabilityImportant
Exit mobile version