دیروز به روزرسانی های امنیتی سه شنبه ماه سپتامبر مایکروسافت با رفع 129 آسیب پذیری منتشر شد.از این 129 آسیب پذیری، 23 مورد حیاتی و 105 مورد مهم دسته بندی شده اند.
با اینکه در این ماه آسیب پذیری Zero-Day وجود ندارد اما چند آسیب پذیری هست که می تواند از راه دور مورد سواستفاده قرار بگیرد و همه آسیب پذیریهای رفع شده مهم و حیانی هستند پس لازم است در اسرع وقت این به روزرسانی ها انجام شود.
سه مورد زیر جالب توجه ترین آسیب پذیری های رفع شده در این ماه هستند:
• CVE-2020-16875 – Microsoft Exchange Memory Corruption Vulnerability این آسیب پذیری می تواند به مهاجم از راه دور، اجازه اجرای کد دلخواه خود را از طریق ارسال یک ایمیل به سرورهای Exchange بدهد.
• CVE-2020-0922 – Microsoft COM for Windows Remote Code Execution Vulnerability این آسیب پذیری از طریق فریب کاربر برای بازدید از یک سایت با کدهای مخرب جاوا اسکریپ مورد بهره برداری مهاجمین قرار می گیرد.
• CVE-2020-0908 – Windows Text Service Module Remote Code Execution Vulnerability این آسیب پذیری نیز از طریق ترغیب کاربر به مشاهده سایت های حاوی تبلیغات آلوده، مورد سواستفاده قرار می گیرد.
به روز رسانی های امنیتی منتشر شده شرکت های دیگر :
شرکت Adobe برای محصولات Adobe Acrobat, Reader و Lightstream.
شرکت Apple در ابتدای این ماه به روز رسانی امنیتی iOS 13.7 .
انتشار Google Chrome نسخه 85.0.4183.83 و رفع 20 آسیب پذیری.
Intel و رفع 4 آسیب پذیری در این ماه.
SAP هم دیروز به روز رسانی امنیتی این ماه خود را منتشر کرد.
لیست کامل آسیب پذیری های این ماه را در جدول زیر مشاهده خواهید کرد :
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| Active Directory | CVE-2020-0761 | Active Directory Remote Code Execution Vulnerability | Important |
| Active Directory | CVE-2020-0856 | Active Directory Information Disclosure Vulnerability | Important |
| Active Directory | CVE-2020-0718 | Active Directory Remote Code Execution Vulnerability | Important |
| Active Directory | CVE-2020-0664 | Active Directory Information Disclosure Vulnerability | Important |
| Active Directory Federation Services | CVE-2020-0837 | ADFS Spoofing Vulnerability | Important |
| ASP.NET | CVE-2020-1045 | Microsoft ASP.NET Core Security Feature Bypass Vulnerability | Important |
| Common Log File System Driver | CVE-2020-1115 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important |
| Internet Explorer | CVE-2020-1012 | WinINet API Elevation of Privilege Vulnerability | Important |
| Internet Explorer | CVE-2020-16884 | Internet Explorer Browser Helper Object (BHO) Memory Corruption Vulnerability | Important |
| Internet Explorer | CVE-2020-1506 | Windows Start-Up Application Elevation of Privilege Vulnerability | Important |
| Microsoft Browsers | CVE-2020-0878 | Microsoft Browser Memory Corruption Vulnerability | Critical |
| Microsoft Dynamics | CVE-2020-16857 | Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability | Critical |
| Microsoft Dynamics | CVE-2020-16858 | Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability | Important |
| Microsoft Dynamics | CVE-2020-16860 | Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability | Important |
| Microsoft Dynamics | CVE-2020-16859 | Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability | Important |
| Microsoft Dynamics | CVE-2020-16861 | Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability | Important |
| Microsoft Dynamics | CVE-2020-16872 | Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability | Important |
| Microsoft Dynamics | CVE-2020-16864 | Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability | Important |
| Microsoft Dynamics | CVE-2020-16878 | Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability | Important |
| Microsoft Dynamics | CVE-2020-16862 | Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability | Critical |
| Microsoft Dynamics | CVE-2020-16871 | Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability | Important |
| Microsoft Exchange Server | CVE-2020-16875 | Microsoft Exchange Memory Corruption Vulnerability | Critical |
| Microsoft Graphics Component | CVE-2020-0921 | Microsoft Graphics Component Information Disclosure Vulnerability | Important |
| Microsoft Graphics Component | CVE-2020-0998 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
| Microsoft Graphics Component | CVE-2020-1091 | Windows Graphics Component Information Disclosure Vulnerability | Important |
| Microsoft Graphics Component | CVE-2020-1152 | Windows Win32k Elevation of Privilege Vulnerability | Important |
| Microsoft Graphics Component | CVE-2020-1097 | Windows Graphics Component Information Disclosure Vulnerability | Important |
| Microsoft Graphics Component | CVE-2020-1083 | Microsoft Graphics Component Information Disclosure Vulnerability | Important |
| Microsoft Graphics Component | CVE-2020-1053 | DirectX Elevation of Privilege Vulnerability | Important |
| Microsoft Graphics Component | CVE-2020-1308 | DirectX Elevation of Privilege Vulnerability | Important |
| Microsoft Graphics Component | CVE-2020-1245 | Win32k Elevation of Privilege Vulnerability | Important |
| Microsoft Graphics Component | CVE-2020-1285 | GDI+ Remote Code Execution Vulnerability | Critical |
| Microsoft Graphics Component | CVE-2020-1256 | Windows GDI Information Disclosure Vulnerability | Important |
| Microsoft Graphics Component | CVE-2020-1250 | Win32k Information Disclosure Vulnerability | Important |
| Microsoft JET Database Engine | CVE-2020-1039 | Jet Database Engine Remote Code Execution Vulnerability | Important |
| Microsoft JET Database Engine | CVE-2020-1074 | Jet Database Engine Remote Code Execution Vulnerability | Important |
| Microsoft NTFS | CVE-2020-0838 | NTFS Elevation of Privilege Vulnerability | Important |
| Microsoft Office | CVE-2020-1594 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2020-1335 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2020-16855 | Microsoft Office Information Disclosure Vulnerability | Important |
| Microsoft Office | CVE-2020-1338 | Microsoft Word Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2020-1332 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2020-1224 | Microsoft Excel Information Disclosure Vulnerability | Important |
| Microsoft Office | CVE-2020-1218 | Microsoft Word Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2020-1193 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2020-1345 | Microsoft Office SharePoint XSS Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2020-1205 | Microsoft SharePoint Spoofing Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2020-1210 | Microsoft SharePoint Remote Code Execution Vulnerability | Critical |
| Microsoft Office SharePoint | CVE-2020-1514 | Microsoft Office SharePoint XSS Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2020-1595 | Microsoft SharePoint Remote Code Execution Vulnerability | Critical |
| Microsoft Office SharePoint | CVE-2020-1523 | Microsoft SharePoint Server Tampering Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2020-1440 | Microsoft SharePoint Server Tampering Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2020-1200 | Microsoft SharePoint Remote Code Execution Vulnerability | Critical |
| Microsoft Office SharePoint | CVE-2020-1482 | Microsoft Office SharePoint XSS Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2020-1198 | Microsoft Office SharePoint XSS Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2020-1227 | Microsoft Office SharePoint XSS Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2020-1576 | Microsoft SharePoint Remote Code Execution Vulnerability | Critical |
| Microsoft Office SharePoint | CVE-2020-1452 | Microsoft SharePoint Remote Code Execution Vulnerability | Critical |
| Microsoft Office SharePoint | CVE-2020-1575 | Microsoft Office SharePoint XSS Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2020-1453 | Microsoft SharePoint Remote Code Execution Vulnerability | Critical |
| Microsoft Office SharePoint | CVE-2020-1460 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Critical |
| Microsoft OneDrive | CVE-2020-16853 | OneDrive for Windows Elevation of Privilege Vulnerability | Important |
| Microsoft OneDrive | CVE-2020-16851 | OneDrive for Windows Elevation of Privilege Vulnerability | Important |
| Microsoft OneDrive | CVE-2020-16852 | OneDrive for Windows Elevation of Privilege Vulnerability | Important |
| Microsoft Scripting Engine | CVE-2020-1057 | Scripting Engine Memory Corruption Vulnerability | Critical |
| Microsoft Scripting Engine | CVE-2020-1180 | Scripting Engine Memory Corruption Vulnerability | Important |
| Microsoft Scripting Engine | CVE-2020-1172 | Scripting Engine Memory Corruption Vulnerability | Critical |
| Microsoft Windows | CVE-2020-1596 | TLS Information Disclosure Vulnerability | Important |
| Microsoft Windows | CVE-2020-1169 | Windows Runtime Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1593 | Windows Media Audio Decoder Remote Code Execution Vulnerability | Critical |
| Microsoft Windows | CVE-2020-1159 | Windows Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1598 | Windows UPnP Service Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-0790 | Microsoft splwow64 Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-0922 | Microsoft COM for Windows Remote Code Execution Vulnerability | Critical |
| Microsoft Windows | CVE-2020-0782 | Windows Cryptographic Catalog Services Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-0648 | Windows RSoP Service Application Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-0766 | Microsoft Store Runtime Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1590 | Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1376 | Windows Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1471 | Windows CloudExperienceHost Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-16879 | Projected Filesystem Information Disclosure Vulnerability | Important |
| Microsoft Windows | CVE-2020-1013 | Group Policy Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1532 | Windows InstallService Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1491 | Windows Function Discovery Service Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1303 | Windows Runtime Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1252 | Windows Remote Code Execution Vulnerability | Critical |
| Microsoft Windows | CVE-2020-1559 | Windows Storage Services Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1507 | Microsoft COM for Windows Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1508 | Windows Media Audio Decoder Remote Code Execution Vulnerability | Critical |
| Microsoft Windows | CVE-2020-0914 | Windows State Repository Service Information Disclosure Vulnerability | Important |
| Microsoft Windows | CVE-2020-0886 | Windows Storage Services Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-0989 | Windows Mobile Device Management Diagnostics Information Disclosure Vulnerability | Important |
| Microsoft Windows | CVE-2020-0875 | Microsoft splwow64 Information Disclosure Vulnerability | Important |
| Microsoft Windows | CVE-2020-0912 | Windows Function Discovery SSDP Provider Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1038 | Windows Routing Utilities Denial of Service | Important |
| Microsoft Windows | CVE-2020-0908 | Windows Text Service Module Remote Code Execution Vulnerability | Critical |
| Microsoft Windows | CVE-2020-1052 | Windows Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-0911 | Windows Modules Installer Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-0805 | Projected Filesystem Security Feature Bypass Vulnerability | Important |
| Microsoft Windows | CVE-2020-1119 | Windows Information Disclosure Vulnerability | Important |
| Microsoft Windows | CVE-2020-1146 | Microsoft Store Runtime Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-0951 | Windows Defender Application Control Security Feature Bypass Vulnerability | Important |
| Microsoft Windows | CVE-2020-1122 | Windows Language Pack Installer Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1098 | Windows Shell Infrastructure Component Elevation of Privilege Vulnerability | Important |
| Microsoft Windows Codecs Library | CVE-2020-1319 | Microsoft Windows Codecs Library Remote Code Execution Vulnerability | Critical |
| Microsoft Windows Codecs Library | CVE-2020-0997 | Windows Camera Codec Pack Remote Code Execution Vulnerability | Critical |
| Microsoft Windows Codecs Library | CVE-2020-1129 | Microsoft Windows Codecs Library Remote Code Execution Vulnerability | Critical |
| Microsoft Windows DNS | CVE-2020-0839 | Windows dnsrslvr.dll Elevation of Privilege Vulnerability | Important |
| Microsoft Windows DNS | CVE-2020-1228 | Windows DNS Denial of Service Vulnerability | Important |
| Microsoft Windows DNS | CVE-2020-0836 | Windows DNS Denial of Service Vulnerability | Important |
| Open Source Software | CVE-2020-16873 | Xamarin.Forms Spoofing Vulnerability | Important |
| SQL Server | CVE-2020-1044 | SQL Server Reporting Services Security Feature Bypass Vulnerability | Moderate |
| Visual Studio | CVE-2020-16874 | Visual Studio Remote Code Execution Vulnerability | Critical |
| Visual Studio | CVE-2020-16856 | Visual Studio Remote Code Execution Vulnerability | Important |
| Visual Studio | CVE-2020-16881 | Visual Studio JSON Remote Code Execution Vulnerability | Important |
| Windows DHCP Server | CVE-2020-1031 | Windows DHCP Server Information Disclosure Vulnerability | Important |
| Windows Diagnostic Hub | CVE-2020-1130 | Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability | Important |
| Windows Diagnostic Hub | CVE-2020-1133 | Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability | Important |
| Windows Hyper-V | CVE-2020-0904 | Windows Hyper-V Denial of Service Vulnerability | Important |
| Windows Hyper-V | CVE-2020-0890 | Windows Hyper-V Denial of Service Vulnerability | Important |
| Windows Kernel | CVE-2020-0941 | Win32k Information Disclosure Vulnerability | Important |
| Windows Kernel | CVE-2020-0928 | Windows Kernel Information Disclosure Vulnerability | Important |
| Windows Kernel | CVE-2020-16854 | Windows Kernel Information Disclosure Vulnerability | Important |
| Windows Kernel | CVE-2020-1034 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2020-1033 | Windows Kernel Information Disclosure Vulnerability | Important |
| Windows Kernel | CVE-2020-1589 | Windows Kernel Information Disclosure Vulnerability | Important |
| Windows Kernel | CVE-2020-1592 | Windows Kernel Information Disclosure Vulnerability | Important |
| Windows Print Spooler Components | CVE-2020-1030 | Windows Print Spooler Elevation of Privilege Vulnerability | Important |
| Windows Shell | CVE-2020-0870 | Shell infrastructure component Elevation of Privilege Vulnerability | Important |
منبع :
