Haberler

Microsoft,Patch Tuesday’i Yayınladı 9 Zero-Day 117 Zafiyeti Kapattı

Microsoft, gelenekselleşen her ayın ikinci salısı yayınladığı güvenlik güncelleştirmelerini kapsayan Patch Tuesday’i yayınladı. Microsoft, bu ay yayınladığı güncellemeler ile 9 zero-day ve 117 zafiyeti kapattı. Microsoft, 13’ü Kritik, 1’i Orta ve 103’ü Önemli olarak sınıflandırılan 117 güvenlik açığını yamaladı. Zafiyetlere baktığımızda 117 güvenlik açığından 44’ü remote code execution , 32’si ayrıcalık yükseltme, 14’ü bilgi ifşası, 12’si Denial of Service, 8’i güvenlik atlama ve 7’si kimlik sahtekarlığı güvenlik açıklarıdır.

9 Zero-Day Kapatıldı, 4 Tanesi İstismar Edildiği Tespit Edildi

Aşağıdaki 5 Zafiyet Kamuya Açıklandı Ancak İstismar Edilmediği Belirtildi

  • CVE-2021-34492 – Windows Certificate Spoofing Vulnerability
  • CVE-2021-34523 – Microsoft Exchange Server Elevation of Privilege Vulnerability
  • CVE-2021-34473 – Microsoft Exchange Server Remote Code Execution Vulnerability
  • CVE-2021-33779 – Windows ADFS Security Feature Bypass Vulnerability
  • CVE-2021-33781 – Active Directory Security Feature Bypass Vulnerability

PrintNightmare Olarak Bilinen Zafiyet İstismar Edilmiş Durumda

  • CVE-2021-34527 – Windows Print Spooler Remote Code Execution Vulnerability

Kamuya Açıklanmayan Ancak İstismar Edilen Zafiyetler Aşağıdaki Gibidir

  • CVE-2021-33771 – Windows Kernel Elevation of Privilege Vulnerability
  • CVE-2021-34448 – Scripting Engine Memory Corruption Vulnerability
  • CVE-2021-31979 – Windows Kernel Elevation of Privilege Vulnerability

Windows Hello Authentication Bypass Zafiyeti Giderildi

Bu zafiyet saldırganların yüz tanıma sistemini atlayarak sistemleri ele geçirmelerini sağlıyordu. CVE-2021-34466 kodu ile takip edilebilen zafiyet bu yayınlanan toplu güncellemeler ile kapatılmış durumda. Konu ile ilgili daha fazla bilgiye buradan ulaşabilirsiniz.

Diğer Güncelleştirmer Şöyle:

  • Adobe released security updates for five products.
  • Android’s July security updates were released last week.
  • Cisco released security updates for numerous products this month.
  • SAP released its July 2021 security updates.
  • VMware released security updates for ESXi and ThinApp.

Tüm Yayınlanan Güncelleme Listesi Şöyle:

TagCVE IDCVE TitleSeverity
Active Directory Federation ServicesCVE-2021-33779Windows ADFS Security Feature Bypass VulnerabilityImportant
Common Internet File SystemCVE-2021-34476Bowser.sys Denial of Service VulnerabilityImportant
Dynamics Business Central ControlCVE-2021-34474Dynamics Business Central Remote Code Execution VulnerabilityCritical
Microsoft BingCVE-2021-33753Microsoft Bing Search Spoofing VulnerabilityImportant
Microsoft Exchange ServerCVE-2021-31206Microsoft Exchange Server Remote Code Execution VulnerabilityImportant
Microsoft Exchange ServerCVE-2021-34473Microsoft Exchange Server Remote Code Execution VulnerabilityCritical
Microsoft Exchange ServerCVE-2021-33766Microsoft Exchange Information Disclosure VulnerabilityImportant
Microsoft Exchange ServerCVE-2021-34523Microsoft Exchange Server Elevation of Privilege VulnerabilityImportant
Microsoft Exchange ServerCVE-2021-31196Microsoft Exchange Server Remote Code Execution VulnerabilityImportant
Microsoft Exchange ServerCVE-2021-33768Microsoft Exchange Server Elevation of Privilege VulnerabilityImportant
Microsoft Exchange ServerCVE-2021-34470Microsoft Exchange Server Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2021-34440GDI+ Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2021-34489DirectWrite Remote Code Execution VulnerabilityImportant
Microsoft Graphics ComponentCVE-2021-34496Windows GDI Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2021-34498Windows GDI Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2021-34438Windows Font Driver Host Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2021-34469Microsoft Office Security Feature Bypass VulnerabilityImportant
Microsoft OfficeCVE-2021-34451Microsoft Office Online Server Spoofing VulnerabilityImportant
Microsoft OfficeCVE-2021-34452Microsoft Word Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2021-34501Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2021-34518Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2021-34468Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2021-34519Microsoft SharePoint Server Information Disclosure VulnerabilityModerate
Microsoft Office SharePointCVE-2021-34520Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2021-34517Microsoft SharePoint Server Spoofing VulnerabilityImportant
Microsoft Office SharePointCVE-2021-34467Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
Microsoft Scripting EngineCVE-2021-34448Scripting Engine Memory Corruption VulnerabilityCritical
Microsoft Windows Codecs LibraryCVE-2021-33778HEVC Video Extensions Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2021-31947HEVC Video Extensions Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2021-33740Windows Media Remote Code Execution VulnerabilityCritical
Microsoft Windows Codecs LibraryCVE-2021-33760Media Foundation Information Disclosure VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2021-33775HEVC Video Extensions Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2021-33776HEVC Video Extensions Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2021-33777HEVC Video Extensions Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2021-34521Raw Image Extension Remote Code Execution VulnerabilityImportant
Microsoft Windows DNSCVE-2021-34499Windows DNS Server Denial of Service VulnerabilityImportant
Microsoft Windows DNSCVE-2021-33746Windows DNS Server Remote Code Execution VulnerabilityImportant
Microsoft Windows DNSCVE-2021-33754Windows DNS Server Remote Code Execution VulnerabilityImportant
Microsoft Windows Media FoundationCVE-2021-34441Microsoft Windows Media Foundation Remote Code Execution VulnerabilityImportant
Microsoft Windows Media FoundationCVE-2021-34439Microsoft Windows Media Foundation Remote Code Execution VulnerabilityCritical
Microsoft Windows Media FoundationCVE-2021-34503Microsoft Windows Media Foundation Remote Code Execution VulnerabilityCritical
OpenEnclaveCVE-2021-33767Open Enclave SDK Elevation of Privilege VulnerabilityImportant
Power BICVE-2021-31984Power BI Remote Code Execution VulnerabilityImportant
Role: DNS ServerCVE-2021-33749Windows DNS Snap-in Remote Code Execution VulnerabilityImportant
Role: DNS ServerCVE-2021-33745Windows DNS Server Denial of Service VulnerabilityImportant
Role: DNS ServerCVE-2021-34442Windows DNS Server Denial of Service VulnerabilityImportant
Role: DNS ServerCVE-2021-34444Windows DNS Server Denial of Service VulnerabilityImportant
Role: DNS ServerCVE-2021-34525Windows DNS Server Remote Code Execution VulnerabilityImportant
Role: DNS ServerCVE-2021-33780Windows DNS Server Remote Code Execution VulnerabilityImportant
Role: DNS ServerCVE-2021-34494Windows DNS Server Remote Code Execution VulnerabilityCritical
Role: DNS ServerCVE-2021-33750Windows DNS Snap-in Remote Code Execution VulnerabilityImportant
Role: DNS ServerCVE-2021-33752Windows DNS Snap-in Remote Code Execution VulnerabilityImportant
Role: DNS ServerCVE-2021-33756Windows DNS Snap-in Remote Code Execution VulnerabilityImportant
Role: Hyper-VCVE-2021-33758Windows Hyper-V Denial of Service VulnerabilityImportant
Role: Hyper-VCVE-2021-33755Windows Hyper-V Denial of Service VulnerabilityImportant
Role: Hyper-VCVE-2021-34450Windows Hyper-V Remote Code Execution VulnerabilityCritical
Visual Studio CodeCVE-2021-34529Visual Studio Code Remote Code Execution VulnerabilityImportant
Visual Studio CodeCVE-2021-34528Visual Studio Code Remote Code Execution VulnerabilityImportant
Visual Studio CodeCVE-2021-34479Microsoft Visual Studio Spoofing VulnerabilityImportant
Visual Studio Code – .NET RuntimeCVE-2021-34477Visual Studio Code .NET Runtime Elevation of Privilege VulnerabilityImportant
Windows Active DirectoryCVE-2021-33781Active Directory Security Feature Bypass VulnerabilityImportant
Windows Address BookCVE-2021-34504Windows Address Book Remote Code Execution VulnerabilityImportant
Windows AF_UNIX Socket ProviderCVE-2021-33785Windows AF_UNIX Socket Provider Denial of Service VulnerabilityImportant
Windows AppContainerCVE-2021-34459Windows AppContainer Elevation Of Privilege VulnerabilityImportant
Windows AppX Deployment ExtensionsCVE-2021-34462Windows AppX Deployment Extensions Elevation of Privilege VulnerabilityImportant
Windows AuthenticodeCVE-2021-33782Windows Authenticode Spoofing VulnerabilityImportant
Windows Cloud Files Mini Filter DriverCVE-2021-33784Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityImportant
Windows Console DriverCVE-2021-34488Windows Console Driver Elevation of Privilege VulnerabilityImportant
Windows DefenderCVE-2021-34522Microsoft Defender Remote Code Execution VulnerabilityCritical
Windows DefenderCVE-2021-34464Microsoft Defender Remote Code Execution VulnerabilityCritical
Windows Desktop BridgeCVE-2021-33759Windows Desktop Bridge Elevation of Privilege VulnerabilityImportant
Windows Event TracingCVE-2021-33774Windows Event Tracing Elevation of Privilege VulnerabilityImportant
Windows File History ServiceCVE-2021-34455Windows File History Service Elevation of Privilege VulnerabilityImportant
Windows HelloCVE-2021-34466Windows Hello Security Feature Bypass VulnerabilityImportant
Windows HTML PlatformCVE-2021-34446Windows HTML Platforms Security Feature Bypass VulnerabilityImportant
Windows InstallerCVE-2021-33765Windows Installer Spoofing VulnerabilityImportant
Windows InstallerCVE-2021-34511Windows Installer Elevation of Privilege VulnerabilityImportant
Windows InstallerCVE-2021-31961Windows InstallService Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2021-34461Windows Container Isolation FS Filter Driver Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2021-34508Windows Kernel Remote Code Execution VulnerabilityImportant
Windows KernelCVE-2021-34458Windows Kernel Remote Code Execution VulnerabilityCritical
Windows KernelCVE-2021-33771Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2021-31979Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2021-34514Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2021-34500Windows Kernel Memory Information Disclosure VulnerabilityImportant
Windows Key Distribution CenterCVE-2021-33764Windows Key Distribution Center Information Disclosure VulnerabilityImportant
Windows Local Security Authority Subsystem ServiceCVE-2021-33788Windows LSA Denial of Service VulnerabilityImportant
Windows Local Security Authority Subsystem ServiceCVE-2021-33786Windows LSA Security Feature Bypass VulnerabilityImportant
Windows MSHTML PlatformCVE-2021-34497Windows MSHTML Platform Remote Code Execution VulnerabilityCritical
Windows MSHTML PlatformCVE-2021-34447Windows MSHTML Platform Remote Code Execution VulnerabilityImportant
Windows Partition Management DriverCVE-2021-34493Windows Partition Management Driver Elevation of Privilege VulnerabilityImportant
Windows PFX EncryptionCVE-2021-34492Windows Certificate Spoofing VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2021-34527Windows Print Spooler Remote Code Execution VulnerabilityCritical
Windows Projected File SystemCVE-2021-33743Windows Projected File System Elevation of Privilege VulnerabilityImportant
Windows Remote Access Connection ManagerCVE-2021-34457Windows Remote Access Connection Manager Information Disclosure VulnerabilityImportant
Windows Remote Access Connection ManagerCVE-2021-33761Windows Remote Access Connection Manager Elevation of Privilege VulnerabilityImportant
Windows Remote Access Connection ManagerCVE-2021-33773Windows Remote Access Connection Manager Elevation of Privilege VulnerabilityImportant
Windows Remote Access Connection ManagerCVE-2021-33763Windows Remote Access Connection Manager Information Disclosure VulnerabilityImportant
Windows Remote Access Connection ManagerCVE-2021-34445Windows Remote Access Connection Manager Elevation of Privilege VulnerabilityImportant
Windows Remote Access Connection ManagerCVE-2021-34456Windows Remote Access Connection Manager Elevation of Privilege VulnerabilityImportant
Windows Remote AssistanceCVE-2021-34507Windows Remote Assistance Information Disclosure VulnerabilityImportant
Windows Secure Kernel ModeCVE-2021-33744Windows Secure Kernel Mode Security Feature Bypass VulnerabilityImportant
Windows Security Account ManagerCVE-2021-33757Windows Security Account Manager Remote Protocol Security Feature Bypass VulnerabilityImportant
Windows ShellCVE-2021-34454Windows Remote Access Connection Manager Information Disclosure VulnerabilityImportant
Windows SMBCVE-2021-33783Windows SMB Information Disclosure VulnerabilityImportant
Windows Storage Spaces ControllerCVE-2021-33751Storage Spaces Controller Elevation of Privilege VulnerabilityImportant
Windows Storage Spaces ControllerCVE-2021-34460Storage Spaces Controller Elevation of Privilege VulnerabilityImportant
Windows Storage Spaces ControllerCVE-2021-34509Storage Spaces Controller Information Disclosure VulnerabilityImportant
Windows Storage Spaces ControllerCVE-2021-34510Storage Spaces Controller Elevation of Privilege VulnerabilityImportant
Windows Storage Spaces ControllerCVE-2021-34512Storage Spaces Controller Elevation of Privilege VulnerabilityImportant
Windows Storage Spaces ControllerCVE-2021-34513Storage Spaces Controller Elevation of Privilege VulnerabilityImportant
Windows TCP/IPCVE-2021-31183Windows TCP/IP Driver Denial of Service VulnerabilityImportant
Windows TCP/IPCVE-2021-33772Windows TCP/IP Driver Denial of Service VulnerabilityImportant
Windows TCP/IPCVE-2021-34490Windows TCP/IP Driver Denial of Service VulnerabilityImportant
Windows Win32KCVE-2021-34449Win32k Elevation of Privilege VulnerabilityImportant
Windows Win32KCVE-2021-34516Win32k Elevation of Privilege VulnerabilityImportant
Windows Win32KCVE-2021-34491Win32k Information Disclosure VulnerabilityImportan

Kaynak: bleepingcomputer.com

Bir cevap yazın

E-posta hesabınız yayımlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir

Başa dön tuşu

Reklam Engelleyici Algılandı

ÇözümPark Bilişim Portalı gönüllü bir organizasyon olup tek gelir kaynağı reklamlardır. Bu nedenle siteyi gezerken lütfen reklam engelleme eklentinizi kapatın veya Çözümpark web sitesi için izin tanımı yapın. Anlayışınız için teşekkürler.