Haberler

Microsoft Mayıs 2023 Patch Tuesday: 3 Zero-Day, 38 Zafiyet Kapatıldı

Microsoft bu ay yayınladığı Patch Tuesday güncellemeleri ile 3 adet zero-day güvenlik açığı ve toplam 38 zafiyeti kapattı.

Bu ay yayınlanan güncellemerde düzeltilen 38 güvenlik açığından 6’ı kritik olarak olarak sınıflandırıdı.

Kapatılan zafiyetler aşağıdaki gibidir:

  • 8 Elevation of Privilege Vulnerabilities
  • 4 Security Feature Bypass Vulnerabilities
  • 12 Remote Code Execution Vulnerabilities
  • 8 Information Disclosure Vulnerabilities
  • 5 Denial of Service Vulnerabilities
  • 1 Spoofing Vulnerability

Üç zero-day kapatıldı

CVE-2023-29336 – Win32k Elevation of Privilege Vulnerability

CVE-2023-24932 – Secure Boot Security Feature Bypass Vulnerability

CVE-2023-29325 – Windows OLE Remote Code Execution Vulnerability

Mayıs 2023 Patch Tuesday Güvenlik Güncellemelerinin Tam Listesi

TagCVE IDCVE TitleSeverity
Microsoft Bluetooth DriverCVE-2023-24947Windows Bluetooth Driver Remote Code Execution VulnerabilityImportant
Microsoft Bluetooth DriverCVE-2023-24948Windows Bluetooth Driver Elevation of Privilege VulnerabilityImportant
Microsoft Bluetooth DriverCVE-2023-24944Windows Bluetooth Driver Information Disclosure VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2023-29354Microsoft Edge (Chromium-based) Security Feature Bypass VulnerabilityModerate
Microsoft Edge (Chromium-based)CVE-2023-2468Chromium: CVE-2023-2468 Inappropriate implementation in PictureInPictureUnknown
Microsoft Edge (Chromium-based)CVE-2023-2459Chromium: CVE-2023-2459 Inappropriate implementation in PromptsUnknown
Microsoft Edge (Chromium-based)CVE-2023-29350Microsoft Edge (Chromium-based) Elevation of Privilege VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2023-2467Chromium: CVE-2023-2467 Inappropriate implementation in PromptsUnknown
Microsoft Edge (Chromium-based)CVE-2023-2463Chromium: CVE-2023-2463 Inappropriate implementation in Full Screen ModeUnknown
Microsoft Edge (Chromium-based)CVE-2023-2462Chromium: CVE-2023-2462 Inappropriate implementation in PromptsUnknown
Microsoft Edge (Chromium-based)CVE-2023-2460Chromium: CVE-2023-2460 Insufficient validation of untrusted input in ExtensionsUnknown
Microsoft Edge (Chromium-based)CVE-2023-2465Chromium: CVE-2023-2465 Inappropriate implementation in CORSUnknown
Microsoft Edge (Chromium-based)CVE-2023-2466Chromium: CVE-2023-2466 Inappropriate implementation in PromptsUnknown
Microsoft Edge (Chromium-based)CVE-2023-2464Chromium: CVE-2023-2464 Inappropriate implementation in PictureInPictureUnknown
Microsoft Graphics ComponentCVE-2023-24899Windows Graphics Component Elevation of Privilege VulnerabilityImportant
Microsoft OfficeCVE-2023-29344Microsoft Office Remote Code Execution VulnerabilityImportant
Microsoft Office AccessCVE-2023-29333Microsoft Access Denial of Service VulnerabilityImportant
Microsoft Office ExcelCVE-2023-24953Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2023-24955Microsoft SharePoint Server Remote Code Execution VulnerabilityCritical
Microsoft Office SharePointCVE-2023-24954Microsoft SharePoint Server Information Disclosure VulnerabilityImportant
Microsoft Office SharePointCVE-2023-24950Microsoft SharePoint Server Spoofing VulnerabilityImportant
Microsoft Office WordCVE-2023-29335Microsoft Word Security Feature Bypass VulnerabilityImportant
Microsoft TeamsCVE-2023-24881Microsoft Teams Information Disclosure VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2023-29340AV1 Video Extension Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2023-29341AV1 Video Extension Remote Code Execution VulnerabilityImportant
Remote Desktop ClientCVE-2023-24905Remote Desktop Client Remote Code Execution VulnerabilityImportant
SysInternalsCVE-2023-29343SysInternals Sysmon for Windows Elevation of Privilege VulnerabilityImportant
Visual Studio CodeCVE-2023-29338Visual Studio Code Information Disclosure VulnerabilityImportant
Windows Backup EngineCVE-2023-24946Windows Backup Service Elevation of Privilege VulnerabilityImportant
Windows InstallerCVE-2023-24904Windows Installer Elevation of Privilege VulnerabilityImportant
Windows iSCSI Target ServiceCVE-2023-24945Windows iSCSI Target Service Information Disclosure VulnerabilityImportant
Windows KernelCVE-2023-24949Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows LDAP – Lightweight Directory Access ProtocolCVE-2023-28283Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution VulnerabilityCritical
Windows MSHTML PlatformCVE-2023-29324Windows MSHTML Platform Security Feature Bypass VulnerabilityImportant
Windows Network File SystemCVE-2023-24941Windows Network File System Remote Code Execution VulnerabilityCritical
Windows NFS PortmapperCVE-2023-24901Windows NFS Portmapper Information Disclosure VulnerabilityImportant
Windows NFS PortmapperCVE-2023-24939Server for NFS Denial of Service VulnerabilityImportant
Windows NTLMCVE-2023-24900Windows NTLM Security Support Provider Information Disclosure VulnerabilityImportant
Windows OLECVE-2023-29325Windows OLE Remote Code Execution VulnerabilityCritical
Windows PGMCVE-2023-24940Windows Pragmatic General Multicast (PGM) Denial of Service VulnerabilityImportant
Windows PGMCVE-2023-24943Windows Pragmatic General Multicast (PGM) Remote Code Execution VulnerabilityCritical
Windows RDP ClientCVE-2023-28290Microsoft Remote Desktop app for Windows Information Disclosure VulnerabilityImportant
Windows Remote Procedure Call RuntimeCVE-2023-24942Remote Procedure Call Runtime Denial of Service VulnerabilityImportant
Windows Secure BootCVE-2023-28251Windows Driver Revocation List Security Feature Bypass VulnerabilityImportant
Windows Secure BootCVE-2023-24932Secure Boot Security Feature Bypass VulnerabilityImportant
Windows Secure Socket Tunneling Protocol (SSTP)CVE-2023-24903Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution VulnerabilityCritical
Windows SMBCVE-2023-24898Windows SMB Denial of Service VulnerabilityImportant
Windows Win32KCVE-2023-29336Win32k Elevation of Privilege VulnerabilityImportant
Windows Win32KCVE-2023-24902Win32k Elevation of Privilege VulnerabilityImportant

Kaynak: bleepingcomputer.com

İlgili Makaleler

Bir yanıt yazın

E-posta adresiniz yayınlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir

Başa dön tuşu