Haberler

Microsoft Temmuz 2022 Patch Tuesday: 1 Zero-Day, 88 Zafiyet Kapatıldı

Microsoft bu ay yayınladığı Patch Tuesday yamaları ile 1 adet zero-day güvenlik açığı ve toplam 88 zafiyeti kapattı. Bugünkü güncellemede düzeltilen 84 güvenlik açığından dördü RCE (uzaktan kod yürütme) zafiyeti olduğu için kritik olarak sınıflandırılmış durumda.

Kapatılan zafiyetler aşağıdaki gibidir:

  • 52 Elevation of Privilege Vulnerabilities
  • 4 Security Feature Bypass Vulnerabilities
  • 12 Remote Code Execution Vulnerabilities
  • 11 Information Disclosure Vulnerabilities
  • 5 Denial of Service Vulnerabilities

Akitf olarak kullanılan Zero-day kapatıldı

CVE-2022-22047 olarak izlenen ve Windows CSRSS Elevation of Privilege zafiyetine neden olan güvenlik açığı istismar edilmesi durumunda system ayrıcalıkları elde edilmesine sebebiyet veriyor.

Temmuz 2022 Patch Tuesday Güvenlik Güncellemeleri Tam Listesi

TagCVE IDCVE TitleSeverity
AMD CPU BranchCVE-2022-23825AMD: CVE-2022-23825 AMD CPU Branch Type ConfusionImportant
AMD CPU BranchCVE-2022-23816AMD: CVE-2022-23816 AMD CPU Branch Type ConfusionImportant
Azure Site RecoveryCVE-2022-33665Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33666Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33663Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33664Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33667Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33672Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33673Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33671Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33668Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33661Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33662Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33657Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33656Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33658Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33660Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33659Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33655Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33651Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33650Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33652Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33654Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33653Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33669Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33643Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-30181Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33676Azure Site Recovery Remote Code Execution VulnerabilityImportant
Azure Site RecoveryCVE-2022-33677Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33678Azure Site Recovery Remote Code Execution VulnerabilityImportant
Azure Site RecoveryCVE-2022-33642Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33674Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33675Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33641Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Storage LibraryCVE-2022-30187Azure Storage Library Information Disclosure VulnerabilityImportant
Microsoft Defender for EndpointCVE-2022-33637Microsoft Defender for Endpoint Tampering VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2022-2295Chromium: CVE-2022-2295 Type Confusion in V8Unknown
Microsoft Edge (Chromium-based)CVE-2022-2294Chromium: CVE-2022-2294 Heap buffer overflow in WebRTCUnknown
Microsoft Graphics ComponentCVE-2022-22034Windows Graphics Component Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2022-30213Windows GDI+ Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2022-30221Windows Graphics Component Remote Code Execution VulnerabilityCritical
Microsoft OfficeCVE-2022-33632Microsoft Office Security Feature Bypass VulnerabilityImportant
Open Source SoftwareCVE-2022-27776HackerOne: CVE-2022-27776 Insufficiently protected credentials vulnerability might leak authentication or cookie header dataImportant
Role: DNS ServerCVE-2022-30214Windows DNS Server Remote Code Execution VulnerabilityImportant
Role: Windows Fax ServiceCVE-2022-22024Windows Fax Service Remote Code Execution VulnerabilityImportant
Role: Windows Fax ServiceCVE-2022-22027Windows Fax Service Remote Code Execution VulnerabilityImportant
Role: Windows Hyper-VCVE-2022-30223Windows Hyper-V Information Disclosure VulnerabilityImportant
Role: Windows Hyper-VCVE-2022-22042Windows Hyper-V Information Disclosure VulnerabilityImportant
Skype for Business and Microsoft LyncCVE-2022-33633Skype for Business and Lync Remote Code Execution VulnerabilityImportant
Windows Active DirectoryCVE-2022-30215Active Directory Federation Services Elevation of Privilege VulnerabilityImportant
Windows Advanced Local Procedure CallCVE-2022-30202Windows Advanced Local Procedure Call Elevation of Privilege VulnerabilityImportant
Windows Advanced Local Procedure CallCVE-2022-30224Windows Advanced Local Procedure Call Elevation of Privilege VulnerabilityImportant
Windows Advanced Local Procedure CallCVE-2022-22037Windows Advanced Local Procedure Call Elevation of Privilege VulnerabilityImportant
Windows BitLockerCVE-2022-22711Windows BitLocker Information Disclosure VulnerabilityImportant
Windows BitLockerCVE-2022-22048BitLocker Security Feature Bypass VulnerabilityImportant
Windows Boot ManagerCVE-2022-30203Windows Boot Manager Security Feature Bypass VulnerabilityImportant
Windows Client/Server Runtime SubsystemCVE-2022-22026Windows CSRSS Elevation of Privilege VulnerabilityImportant
Windows Client/Server Runtime SubsystemCVE-2022-22049Windows CSRSS Elevation of Privilege VulnerabilityImportant
Windows Client/Server Runtime SubsystemCVE-2022-22047Windows CSRSS Elevation of Privilege VulnerabilityImportant
Windows Connected Devices Platform ServiceCVE-2022-30212Windows Connected Devices Platform Service Information Disclosure VulnerabilityImportant
Windows Credential GuardCVE-2022-22031Windows Credential Guard Domain-joined Public Key Elevation of Privilege VulnerabilityImportant
Windows Fast FAT DriverCVE-2022-22043Windows Fast FAT File System Driver Elevation of Privilege VulnerabilityImportant
Windows Fax and Scan ServiceCVE-2022-22050Windows Fax Service Elevation of Privilege VulnerabilityImportant
Windows Group PolicyCVE-2022-30205Windows Group Policy Elevation of Privilege VulnerabilityImportant
Windows IISCVE-2022-30209Windows IIS Server Elevation of Privilege VulnerabilityImportant
Windows IISCVE-2022-22025Windows Internet Information Services Cachuri Module Denial of Service VulnerabilityImportant
Windows IISCVE-2022-22040Internet Information Services Dynamic Compression Module Denial of Service VulnerabilityImportant
Windows KernelCVE-2022-21845Windows Kernel Information Disclosure VulnerabilityImportant
Windows MediaCVE-2022-22045Windows.Devices.Picker.dll Elevation of Privilege VulnerabilityImportant
Windows MediaCVE-2022-30225Windows Media Player Network Sharing Service Elevation of Privilege VulnerabilityImportant
Windows Network File SystemCVE-2022-22029Windows Network File System Remote Code Execution VulnerabilityCritical
Windows Network File SystemCVE-2022-22028Windows Network File System Information Disclosure VulnerabilityImportant
Windows Network File SystemCVE-2022-22039Windows Network File System Remote Code Execution VulnerabilityCritical
Windows Performance CountersCVE-2022-22036Performance Counters for Windows Elevation of Privilege VulnerabilityImportant
Windows Point-to-Point Tunneling ProtocolCVE-2022-30211Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution VulnerabilityImportant
Windows Portable Device Enumerator ServiceCVE-2022-22023Windows Portable Device Enumerator Service Security Feature Bypass VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2022-30206Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2022-30226Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2022-22022Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2022-22041Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Remote Procedure Call RuntimeCVE-2022-22038Remote Procedure Call Runtime Remote Code Execution VulnerabilityCritical
Windows Security Account ManagerCVE-2022-30208Windows Security Account Manager (SAM) Denial of Service VulnerabilityImportant
Windows Server ServiceCVE-2022-30216Windows Server Service Tampering VulnerabilityImportant
Windows ShellCVE-2022-30222Windows Shell Remote Code Execution VulnerabilityImportant
Windows StorageCVE-2022-30220Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
XBoxCVE-2022-33644Xbox Live Save Service Elevation of Privilege VulnerabilityImportant

Kaynak: bleepingcomputer.com

İlgili Makaleler

Bir cevap yazın

E-posta hesabınız yayımlanmayacak.

Başa dön tuşu

Reklam Engelleyici Algılandı

ÇözümPark Bilişim Portalı gönüllü bir organizasyon olup tek gelir kaynağı reklamlardır. Bu nedenle siteyi gezerken lütfen reklam engelleme eklentinizi kapatın veya Çözümpark web sitesi için izin tanımı yapın. Anlayışınız için teşekkürler.