Microsoft Temmuz 2023 Patch Tuesday: 6 Zero-Day, 132 Zafiyet Kapatıldı

Microsoft bu ay yayınladığı Patch Tuesday güncellemeleri ile 6 adet Zero-day güvenlik açığı ve toplam 132 zafiyeti kapattı.

Bu ay yayınlanan güncellemerle düzeltilen 132 güvenlik açığından 9’u kritik olarak olarak sınıflandırıdı.

Kapatılan zafiyetler aşağıdaki gibidir:

Önemli güvenlik açıkları

CVE-2023-32046 – Windows MSHTML Platform Elevation of Privilege Vulnerability

CVE-2023-32049 – Windows SmartScreen Security Feature Bypass Vulnerability

CVE-2023-36874 – Windows Error Reporting Service Elevation of Privilege Vulnerability

CVE-2023-36884 – Office and Windows HTML Remote Code Execution Vulnerability

Şu anda bu kusur için herhangi bir güvenlik güncelleştirmesi bulunmamakla birlikte Microsoft, Office için Microsoft Defender kullanıcılarının ve “Block all Office applications from creating child processes” saldırı yüzeyi azaltma kuralını kullananların bu güvenlik açığından yararlanmaya çalışan eklerden korunduğunu söylüyor.

Bu korumaları kullanmayanlar için, aşağıdaki adımlar uygulanmalı

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATION” kayıt defteri anahtarına veri 1 ile REG_DWORD türünde değerler olarak ekleyebilirsiniz.

excel.exe

ADV230001 – Guidance on Microsoft Signed Drivers Being Used Maliciously

CVE-2023-35311 – Microsoft Outlook Security Feature Bypass Vulnerability

Temmuz 2023 Patch Tuesday Güvenlik Güncellemelerinin Tam Listesi

TagCVE IDCVE TitleSeverity
.NET and Visual StudioCVE-2023-33127.NET and Visual Studio Elevation of Privilege VulnerabilityImportant
ASP.NET and Visual StudioCVE-2023-33170ASP.NET and Visual Studio Security Feature Bypass VulnerabilityImportant
Azure Active DirectoryCVE-2023-36871Azure Active Directory Security Feature Bypass VulnerabilityImportant
Azure Active DirectoryCVE-2023-35348Active Directory Federation Service Security Feature Bypass VulnerabilityImportant
Microsoft DynamicsCVE-2023-33171Microsoft Dynamics 365 (on-premises) Cross-site Scripting VulnerabilityImportant
Microsoft DynamicsCVE-2023-35335Microsoft Dynamics 365 (on-premises) Cross-site Scripting VulnerabilityImportant
Microsoft Graphics ComponentCVE-2023-33149Microsoft Office Graphics Remote Code Execution VulnerabilityImportant
Microsoft Graphics ComponentCVE-2023-21756Windows Win32k Elevation of Privilege VulnerabilityImportant
Microsoft Media-Wiki ExtensionsCVE-2023-35333MediaWiki PandocUpload Extension Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2023-33148Microsoft Office Elevation of Privilege VulnerabilityImportant
Microsoft OfficeCVE-2023-36884Office and Windows HTML Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2023-33150Microsoft Office Security Feature Bypass VulnerabilityImportant
Microsoft Office AccessCVE-2023-33152Microsoft ActiveX Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2023-33158Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2023-33161Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2023-33162Microsoft Excel Information Disclosure VulnerabilityImportant
Microsoft Office OutlookCVE-2023-33151Microsoft Outlook Spoofing VulnerabilityImportant
Microsoft Office OutlookCVE-2023-33153Microsoft Outlook Remote Code Execution VulnerabilityImportant
Microsoft Office OutlookCVE-2023-35311Microsoft Outlook Security Feature Bypass VulnerabilityImportant
Microsoft Office SharePointCVE-2023-33134Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2023-33160Microsoft SharePoint Server Remote Code Execution VulnerabilityCritical
Microsoft Office SharePointCVE-2023-33165Microsoft SharePoint Server Security Feature Bypass VulnerabilityImportant
Microsoft Office SharePointCVE-2023-33157Microsoft SharePoint Remote Code Execution VulnerabilityCritical
Microsoft Office SharePointCVE-2023-33159Microsoft SharePoint Server Spoofing VulnerabilityImportant
Microsoft Power AppsCVE-2023-32052Microsoft Power Apps Spoofing VulnerabilityImportant
Microsoft Printer DriversCVE-2023-32085Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure VulnerabilityImportant
Microsoft Printer DriversCVE-2023-35302Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution VulnerabilityImportant
Microsoft Printer DriversCVE-2023-35296Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure VulnerabilityImportant
Microsoft Printer DriversCVE-2023-35324Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure VulnerabilityImportant
Microsoft Printer DriversCVE-2023-32040Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure VulnerabilityImportant
Microsoft Printer DriversCVE-2023-35306Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure VulnerabilityImportant
Microsoft Printer DriversCVE-2023-32039Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2023-35303USB Audio Class System Driver Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2023-36872VP9 Video Extensions Information Disclosure VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2023-32051Raw Image Extension Remote Code Execution VulnerabilityImportant
Mono AuthenticodeCVE-2023-35373Mono Authenticode Validation Spoofing VulnerabilityImportant
Paint 3DCVE-2023-35374Paint 3D Remote Code Execution VulnerabilityImportant
Paint 3DCVE-2023-32047Paint 3D Remote Code Execution VulnerabilityImportant
Role: DNS ServerCVE-2023-35310Windows DNS Server Remote Code Execution VulnerabilityImportant
Role: DNS ServerCVE-2023-35346Windows DNS Server Remote Code Execution VulnerabilityImportant
Role: DNS ServerCVE-2023-35345Windows DNS Server Remote Code Execution VulnerabilityImportant
Role: DNS ServerCVE-2023-35344Windows DNS Server Remote Code Execution VulnerabilityImportant
Service FabricCVE-2023-36868Azure Service Fabric on Windows Information Disclosure VulnerabilityImportant
Visual Studio CodeCVE-2023-36867Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution VulnerabilityImportant
Windows Active Directory Certificate ServicesCVE-2023-35351Windows Active Directory Certificate Services (AD CS) Remote Code Execution VulnerabilityImportant
Windows Active Directory Certificate ServicesCVE-2023-35350Windows Active Directory Certificate Services (AD CS) Remote Code Execution VulnerabilityImportant
Windows Active Template LibraryCVE-2023-32055Active Template Library Elevation of Privilege VulnerabilityImportant
Windows Admin CenterCVE-2023-29347Windows Admin Center Spoofing VulnerabilityImportant
Windows App StoreCVE-2023-35347Microsoft Install Service Elevation of Privilege VulnerabilityImportant
Windows Authentication MethodsCVE-2023-35329Windows Authentication Denial of Service VulnerabilityImportant
Windows CDP User ComponentsCVE-2023-35326Windows CDP User Components Information Disclosure VulnerabilityImportant
Windows CertificatesADV230001Guidance on Microsoft Signed Drivers Being Used MaliciouslyNone
Windows Clip ServiceCVE-2023-35362Windows Clip Service Elevation of Privilege VulnerabilityImportant
Windows Cloud Files Mini Filter DriverCVE-2023-33155Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityImportant
Windows Cluster ServerCVE-2023-32033Microsoft Failover Cluster Remote Code Execution VulnerabilityImportant
Windows CNG Key Isolation ServiceCVE-2023-35340Windows CNG Key Isolation Service Elevation of Privilege VulnerabilityImportant
Windows Common Log File System DriverCVE-2023-35299Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
Windows Connected User Experiences and TelemetryCVE-2023-35320Connected User Experiences and Telemetry Elevation of Privilege VulnerabilityImportant
Windows Connected User Experiences and TelemetryCVE-2023-35353Connected User Experiences and Telemetry Elevation of Privilege VulnerabilityImportant
Windows CryptoAPICVE-2023-35339Windows CryptoAPI Denial of Service VulnerabilityImportant
Windows Cryptographic ServicesCVE-2023-33174Windows Cryptographic Information Disclosure VulnerabilityImportant
Windows DefenderCVE-2023-33156Microsoft Defender Elevation of Privilege VulnerabilityImportant
Windows Deployment ServicesCVE-2023-35322Windows Deployment Services Remote Code Execution VulnerabilityImportant
Windows Deployment ServicesCVE-2023-35321Windows Deployment Services Denial of Service VulnerabilityImportant
Windows EFI PartitionADV230002Microsoft Guidance for Addressing Security Feature Bypass in Trend Micro EFI ModulesImportant
Windows Error ReportingCVE-2023-36874Windows Error Reporting Service Elevation of Privilege VulnerabilityImportant
Windows Failover ClusterCVE-2023-32083Microsoft Failover Cluster Information Disclosure VulnerabilityImportant
Windows Geolocation ServiceCVE-2023-35343Windows Geolocation Service Remote Code Execution VulnerabilityImportant
Windows HTTP.sysCVE-2023-32084HTTP.sys Denial of Service VulnerabilityImportant
Windows HTTP.sysCVE-2023-35298HTTP.sys Denial of Service VulnerabilityImportant
Windows Image AcquisitionCVE-2023-35342Windows Image Acquisition Elevation of Privilege VulnerabilityImportant
Windows InstallerCVE-2023-32053Windows Installer Elevation of Privilege VulnerabilityImportant
Windows InstallerCVE-2023-32050Windows Installer Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2023-35304Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2023-35363Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2023-35305Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2023-35356Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2023-35357Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2023-35358Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows Layer 2 Tunneling ProtocolCVE-2023-32037Windows Layer-2 Bridge Network Driver Information Disclosure VulnerabilityImportant
Windows Layer-2 Bridge Network DriverCVE-2023-35315Windows Layer-2 Bridge Network Driver Remote Code Execution VulnerabilityCritical
Windows Local Security Authority (LSA)CVE-2023-35331Windows Local Security Authority (LSA) Denial of Service VulnerabilityImportant
Windows MediaCVE-2023-35341Microsoft DirectMusic Information Disclosure VulnerabilityImportant
Windows Message QueuingCVE-2023-32057Microsoft Message Queuing Remote Code Execution VulnerabilityCritical
Windows Message QueuingCVE-2023-35309Microsoft Message Queuing Remote Code Execution VulnerabilityImportant
Windows Message QueuingCVE-2023-32045Microsoft Message Queuing Denial of Service VulnerabilityImportant
Windows Message QueuingCVE-2023-32044Microsoft Message Queuing Denial of Service VulnerabilityImportant
Windows MSHTML PlatformCVE-2023-32046Windows MSHTML Platform Elevation of Privilege VulnerabilityImportant
Windows MSHTML PlatformCVE-2023-35336Windows MSHTML Platform Security Feature Bypass VulnerabilityImportant
Windows MSHTML PlatformCVE-2023-35308Windows MSHTML Platform Security Feature Bypass VulnerabilityImportant
Windows NetlogonCVE-2023-21526Windows Netlogon Information Disclosure VulnerabilityImportant
Windows Network Load BalancingCVE-2023-33163Windows Network Load Balancing Remote Code Execution VulnerabilityImportant
Windows NT OS KernelCVE-2023-35361Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows NT OS KernelCVE-2023-35364Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows NT OS KernelCVE-2023-35360Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows ODBC DriverCVE-2023-32038Microsoft ODBC Driver Remote Code Execution VulnerabilityImportant
Windows OLECVE-2023-32042OLE Automation Information Disclosure VulnerabilityImportant
Windows Online Certificate Status Protocol (OCSP) SnapInCVE-2023-35323Windows OLE Remote Code Execution VulnerabilityImportant
Windows Online Certificate Status Protocol (OCSP) SnapInCVE-2023-35313Windows Online Certificate Status Protocol (OCSP) SnapIn Remote Code Execution VulnerabilityImportant
Windows Partition Management DriverCVE-2023-33154Windows Partition Management Driver Elevation of Privilege VulnerabilityImportant
Windows Peer Name Resolution ProtocolCVE-2023-35338Windows Peer Name Resolution Protocol Denial of Service VulnerabilityImportant
Windows PGMCVE-2023-35297Windows Pragmatic General Multicast (PGM) Remote Code Execution VulnerabilityCritical
Windows Print Spooler ComponentsCVE-2023-35325Windows Print Spooler Information Disclosure VulnerabilityImportant
Windows Remote DesktopCVE-2023-35352Windows Remote Desktop Security Feature Bypass VulnerabilityCritical
Windows Remote DesktopCVE-2023-32043Windows Remote Desktop Security Feature Bypass VulnerabilityImportant
Windows Remote DesktopCVE-2023-35332Windows Remote Desktop Protocol Security Feature BypassImportant
Windows Remote Procedure CallCVE-2023-35300Remote Procedure Call Runtime Remote Code Execution VulnerabilityImportant
Windows Remote Procedure CallCVE-2023-33168Remote Procedure Call Runtime Denial of Service VulnerabilityImportant
Windows Remote Procedure CallCVE-2023-33173Remote Procedure Call Runtime Denial of Service VulnerabilityImportant
Windows Remote Procedure CallCVE-2023-33172Remote Procedure Call Runtime Denial of Service VulnerabilityImportant
Windows Remote Procedure CallCVE-2023-32035Remote Procedure Call Runtime Denial of Service VulnerabilityImportant
Windows Remote Procedure CallCVE-2023-33166Remote Procedure Call Runtime Denial of Service VulnerabilityImportant
Windows Remote Procedure CallCVE-2023-32034Remote Procedure Call Runtime Denial of Service VulnerabilityImportant
Windows Remote Procedure CallCVE-2023-33167Remote Procedure Call Runtime Denial of Service VulnerabilityImportant
Windows Remote Procedure CallCVE-2023-33169Remote Procedure Call Runtime Denial of Service VulnerabilityImportant
Windows Remote Procedure CallCVE-2023-35318Remote Procedure Call Runtime Denial of Service VulnerabilityImportant
Windows Remote Procedure CallCVE-2023-33164Remote Procedure Call Runtime Denial of Service VulnerabilityImportant
Windows Remote Procedure CallCVE-2023-35319Remote Procedure Call Runtime Denial of Service VulnerabilityImportant
Windows Remote Procedure CallCVE-2023-35316Remote Procedure Call Runtime Information Disclosure VulnerabilityImportant
Windows Remote Procedure CallCVE-2023-35314Remote Procedure Call Runtime Denial of Service VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2023-35367Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityCritical
Windows Routing and Remote Access Service (RRAS)CVE-2023-35366Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityCritical
Windows Routing and Remote Access Service (RRAS)CVE-2023-35365Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityCritical
Windows Server Update ServiceCVE-2023-35317Windows Server Update Service (WSUS) Elevation of Privilege VulnerabilityImportant
Windows Server Update ServiceCVE-2023-32056Windows Server Update Service (WSUS) Elevation of Privilege VulnerabilityImportant
Windows SmartScreenCVE-2023-32049Windows SmartScreen Security Feature Bypass VulnerabilityImportant
Windows SPNEGO Extended NegotiationCVE-2023-35330Windows Extended Negotiation Denial of Service VulnerabilityImportant
Windows Transaction ManagerCVE-2023-35328Windows Transaction Manager Elevation of Privilege VulnerabilityImportant
Windows Update Orchestrator ServiceCVE-2023-32041Windows Update Orchestrator Service Information Disclosure VulnerabilityImportant
Windows VOLSNAP.SYSCVE-2023-35312Microsoft VOLSNAP.SYS Elevation of Privilege VulnerabilityImportant
Windows Volume Shadow CopyCVE-2023-32054Volume Shadow Copy Elevation of Privilege VulnerabilityImportant
Windows Win32KCVE-2023-35337Win32k Elevation of Privilege VulnerabilityImportant
Exit mobile version