Haberler
Microsoft, Sıfır Günlük ( Zero-Day ) Zafiyeti İçin Güncelleme Yayınladı
Microsoft, güvenlik ekosisteminde standart haline gelen Aralık ” Patch Thursday ” güvenlik güncelleştirmelerini yayınladı.
Toplamda 36 adet zafiyet için güncelleme yayınladı. Bunlarda 7’si Kritik 27’si Önemli ve 1 adette düşük olarak sınıflandırıldı.
Zafiyetlerden 1 tanesi sıfır günlük ( zero-day ) olarak sınıflandırılırken, zafiyete yol açan win32k kompenantı olarak açıkladı.
Zafiyet CVE-2019-1458 kodu ile takip edilebilirken,zafiyetin istitmar edilmesi durumunda sistemler üzerinde tam kontrol sağlanılabiliyor.
Zafiyet Listesi Şu şekilde
| ADV190026 | Microsoft Guidance for cleaning up orphaned keys generated on vulnerable TPMs and used for Windows Hello for Business | Unknown | |
| End of Life Software | CVE-2019-1489 | Remote Desktop Protocol Information Disclosure Vulnerability | Important |
| Microsoft Graphics Component | CVE-2019-1465 | Windows GDI Information Disclosure Vulnerability | Important |
| Microsoft Graphics Component | CVE-2019-1468 | Win32k Graphics Remote Code Execution Vulnerability | Critical |
| Microsoft Graphics Component | CVE-2019-1466 | Windows GDI Information Disclosure Vulnerability | Important |
| Microsoft Graphics Component | CVE-2019-1467 | Windows GDI Information Disclosure Vulnerability | Important |
| Microsoft Office | CVE-2019-1400 | Microsoft Access Information Disclosure Vulnerability | Important |
| Microsoft Office | CVE-2019-1464 | Microsoft Excel Information Disclosure Vulnerability | Important |
| Microsoft Office | CVE-2019-1461 | Microsoft Word Denial of Service Vulnerability | Important |
| Microsoft Office | CVE-2019-1462 | Microsoft PowerPoint Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2019-1463 | Microsoft Access Information Disclosure Vulnerability | Important |
| Microsoft Scripting Engine | CVE-2019-1485 | VBScript Remote Code Execution Vulnerability | Low |
| Microsoft Windows | CVE-2019-1453 | Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability | Important |
| Microsoft Windows | CVE-2019-1476 | Windows Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2019-1477 | Windows Printer Service Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2019-1474 | Windows Kernel Information Disclosure Vulnerability | Important |
| Microsoft Windows | CVE-2019-1478 | Windows COM Server Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2019-1483 | Windows Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2019-1488 | Microsoft Defender Security Feature Bypass Vulnerability | Important |
| Open Source Software | CVE-2019-1487 | Microsoft Authentication Library for Android Information Disclosure Vulnerability | Important |
| Servicing Stack Updates | ADV990001 | Latest Servicing Stack Updates | Critical |
| Skype for Business | CVE-2019-1490 | Skype for Business Server Spoofing Vulnerability | Important |
| SQL Server | CVE-2019-1332 | Microsoft SQL Server Reporting Services XSS Vulnerability | Important |
| Visual Studio | CVE-2019-1350 | Git for Visual Studio Remote Code Execution Vulnerability | Critical |
| Visual Studio | CVE-2019-1349 | Git for Visual Studio Remote Code Execution Vulnerability | Critical |
| Visual Studio | CVE-2019-1486 | Visual Studio Live Share Spoofing Vulnerability | Important |
| Visual Studio | CVE-2019-1387 | Git for Visual Studio Remote Code Execution Vulnerability | Critical |
| Visual Studio | CVE-2019-1354 | Git for Visual Studio Remote Code Execution Vulnerability | Critical |
| Visual Studio | CVE-2019-1351 | Git for Visual Studio Tampering Vulnerability | Moderate |
| Visual Studio | CVE-2019-1352 | Git for Visual Studio Remote Code Execution Vulnerability | Critical |
| Windows Hyper-V | CVE-2019-1471 | Windows Hyper-V Remote Code Execution Vulnerability | Critical |
| Windows Hyper-V | CVE-2019-1470 | Windows Hyper-V Information Disclosure Vulnerability | Important |
| Windows Kernel | CVE-2019-1472 | Windows Kernel Information Disclosure Vulnerability | Important |
| Windows Kernel | CVE-2019-1458 | Win32k Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2019-1469 | Win32k Information Disclosure Vulnerability | Important |
| Windows Media Player | CVE-2019-1480 | Windows Media Player Information Disclosure Vulnerability | Important |
| Windows Media Player | CVE-2019-1481 | Windows Media Player Information Disclosure Vulnerability | Important |
| Windows OLE | CVE-2019-1484 | Windows OLE Remote Code Execution Vulnerability | Important |
Kaynak
