پشتیبانی 24/7 :

031-36691964 | 021-88203003

جستجو

آپدیت آخرین ماه سال 2024 مایکروسافت و رفع 71 آسیب پذیری

تیتر مطالب

آپدیت ماهیانه ماه دسامبر 2024 مایکروسافت با رفع 71 آسیب پذیری امنیتی که یکی از آنها یک آسیب پذیری Zero-day تحت بهره برداری است، منتشر گردید.
در این به روز رسانی 16 آسیب پذیری حیاتی اجرای کد از راه دور رفع شده است. تعداد آسیب پذیری ها در هر دسته به شکل زیر است:

  • 27 Elevation of Privilege Vulnerabilities
  • 30 Remote Code Execution Vulnerabilities
  • 7 Information Disclosure Vulnerabilities
  • 5 Denial of Service Vulnerabilities
  • 1 Spoofing Vulnerabilities

یک آسیب پذیری Zero-day تحت بهره برداری


این آسیب پذیری به صورت عمومی افشا و در حال بهره برداری توسط مهاجمان بوده است.
آسیب پذیری CVE-2024-79138 یک آسیب پذیری ارتقا مجوز در Windows Common Log File System Driver است که به مهاجم امکان دستیابی به مجوزهای SYSTEM را میدهد.
جزییات بیشتری از نحوه بهره برداری از این آسیب پذیری در حملات منتشر نشده است.


آپدیت های منتشر شده توسط سایر شرکتها

  • Adobe released security updates for numerous products, including Photoshop, Commerce, Illustrator, InDesign, After Effects, Bridge, and more.
  • CISA released advisories on industrial control system vulnerabilities in MOBATIME, Schneider Electric, National Instruments, Horner Automation, Rockwell Automation, and Ruijie.
  • Cleo security file transfer is impacted by an actively exploited zero-day used in data theft attacks.
  • Cisco releases security updates for multiple products, including Cisco NX-OS and Cisco ASA.
  • IO-Data zero-day router flaws exploited in attacks to take over devices.
  • 0patch released an unofficial patch for a Windows zero-day vulnerability that allows attackers to capture NTLM credentials.
  •  OpenWrt releases security updates for a Sysupgrade flaw that allowed attackers to distribute malicious firmware images.
  • SAP releases security updates for multiple products as part of December Patch Day.
  •  Veeam released security updates for a critical RCE bug in Service Provider Console.

 

لیست کامل به روز رسانی های ماه دسامبر 2024 مایکروسافت

TagCVE IDCVE TitleSeverity
GitHubCVE-2024-49063Microsoft/Muzic Remote Code Execution VulnerabilityImportant
Microsoft Defender for EndpointCVE-2024-49057Microsoft Defender for Endpoint on Android Spoofing VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2024-12053Chromium: CVE-2024-12053 Type Confusion in V8Unknown
Microsoft Edge (Chromium-based)CVE-2024-49041Microsoft Edge (Chromium-based) Spoofing VulnerabilityModerate
Microsoft OfficeADV240002Microsoft Office Defense in Depth UpdateModerate
Microsoft OfficeCVE-2024-49059Microsoft Office Elevation of Privilege VulnerabilityImportant
Microsoft OfficeCVE-2024-43600Microsoft Office Elevation of Privilege VulnerabilityImportant
Microsoft Office AccessCVE-2024-49142Microsoft Access Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2024-49069Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office PublisherCVE-2024-49079Input Method Editor (IME) Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2024-49064Microsoft SharePoint Information Disclosure VulnerabilityImportant
Microsoft Office SharePointCVE-2024-49062Microsoft SharePoint Information Disclosure VulnerabilityImportant
Microsoft Office SharePointCVE-2024-49068Microsoft SharePoint Elevation of Privilege VulnerabilityImportant
Microsoft Office SharePointCVE-2024-49070Microsoft SharePoint Remote Code Execution VulnerabilityImportant
Microsoft Office WordCVE-2024-49065Microsoft Office Remote Code Execution VulnerabilityImportant
Role: DNS ServerCVE-2024-49091Windows Domain Name Service Remote Code Execution VulnerabilityImportant
Role: Windows Hyper-VCVE-2024-49117Windows Hyper-V Remote Code Execution VulnerabilityCritical
System Center Operations ManagerCVE-2024-43594System Center Operations Manager Elevation of Privilege VulnerabilityImportant
Windows Cloud Files Mini Filter DriverCVE-2024-49114Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityImportant
Windows Common Log File System DriverCVE-2024-49088Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
Windows Common Log File System DriverCVE-2024-49138Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
Windows Common Log File System DriverCVE-2024-49090Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
Windows File ExplorerCVE-2024-49082Windows File Explorer Information Disclosure VulnerabilityImportant
Windows IP Routing Management SnapinCVE-2024-49080Windows IP Routing Management Snapin Remote Code Execution VulnerabilityImportant
Windows KernelCVE-2024-49084Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows Kernel-Mode DriversCVE-2024-49074Windows Kernel-Mode Driver Elevation of Privilege VulnerabilityImportant
Windows LDAP – Lightweight Directory Access ProtocolCVE-2024-49121Windows Lightweight Directory Access Protocol (LDAP) Denial of Service VulnerabilityImportant
Windows LDAP – Lightweight Directory Access ProtocolCVE-2024-49124Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution VulnerabilityCritical
Windows LDAP – Lightweight Directory Access ProtocolCVE-2024-49112Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution VulnerabilityCritical
Windows LDAP – Lightweight Directory Access ProtocolCVE-2024-49113Windows Lightweight Directory Access Protocol (LDAP) Denial of Service VulnerabilityImportant
Windows LDAP – Lightweight Directory Access ProtocolCVE-2024-49127Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution VulnerabilityCritical
Windows Local Security Authority Subsystem Service (LSASS)CVE-2024-49126Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution VulnerabilityCritical
Windows Message QueuingCVE-2024-49118Microsoft Message Queuing (MSMQ) Remote Code Execution VulnerabilityCritical
Windows Message QueuingCVE-2024-49122Microsoft Message Queuing (MSMQ) Remote Code Execution VulnerabilityCritical
Windows Message QueuingCVE-2024-49096Microsoft Message Queuing (MSMQ) Denial of Service VulnerabilityImportant
Windows Mobile BroadbandCVE-2024-49073Windows Mobile Broadband Driver Elevation of Privilege VulnerabilityImportant
Windows Mobile BroadbandCVE-2024-49077Windows Mobile Broadband Driver Elevation of Privilege VulnerabilityImportant
Windows Mobile BroadbandCVE-2024-49083Windows Mobile Broadband Driver Elevation of Privilege VulnerabilityImportant
Windows Mobile BroadbandCVE-2024-49092Windows Mobile Broadband Driver Elevation of Privilege VulnerabilityImportant
Windows Mobile BroadbandCVE-2024-49087Windows Mobile Broadband Driver Information Disclosure VulnerabilityImportant
Windows Mobile BroadbandCVE-2024-49110Windows Mobile Broadband Driver Elevation of Privilege VulnerabilityImportant
Windows Mobile BroadbandCVE-2024-49078Windows Mobile Broadband Driver Elevation of Privilege VulnerabilityImportant
Windows PrintWorkflowUserSvcCVE-2024-49095Windows PrintWorkflowUserSvc Elevation of Privilege VulnerabilityImportant
Windows PrintWorkflowUserSvcCVE-2024-49097Windows PrintWorkflowUserSvc Elevation of Privilege VulnerabilityImportant
Windows Remote DesktopCVE-2024-49132Windows Remote Desktop Services Remote Code Execution VulnerabilityCritical
Windows Remote Desktop ServicesCVE-2024-49115Windows Remote Desktop Services Remote Code Execution VulnerabilityCritical
Windows Remote Desktop ServicesCVE-2024-49116Windows Remote Desktop Services Remote Code Execution VulnerabilityCritical
Windows Remote Desktop ServicesCVE-2024-49123Windows Remote Desktop Services Remote Code Execution VulnerabilityCritical
Windows Remote Desktop ServicesCVE-2024-49129Windows Remote Desktop Gateway (RD Gateway) Denial of Service VulnerabilityImportant
Windows Remote Desktop ServicesCVE-2024-49075Windows Remote Desktop Services Denial of Service VulnerabilityImportant
Windows Remote Desktop ServicesCVE-2024-49128Windows Remote Desktop Services Remote Code Execution VulnerabilityCritical
Windows Remote Desktop ServicesCVE-2024-49106Windows Remote Desktop Services Remote Code Execution VulnerabilityCritical
Windows Remote Desktop ServicesCVE-2024-49108Windows Remote Desktop Services Remote Code Execution VulnerabilityCritical
Windows Remote Desktop ServicesCVE-2024-49119Windows Remote Desktop Services Remote Code Execution VulnerabilityCritical
Windows Remote Desktop ServicesCVE-2024-49120Windows Remote Desktop Services Remote Code Execution VulnerabilityCritical
Windows Resilient File System (ReFS)CVE-2024-49093Windows Resilient File System (ReFS) Elevation of Privilege VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2024-49085Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2024-49086Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2024-49089Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2024-49125Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2024-49104Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2024-49102Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Task SchedulerCVE-2024-49072Windows Task Scheduler Elevation of Privilege VulnerabilityImportant
Windows Virtualization-Based Security (VBS) EnclaveCVE-2024-49076Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege VulnerabilityImportant
Windows Wireless Wide Area Network ServiceCVE-2024-49081Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege VulnerabilityImportant
Windows Wireless Wide Area Network ServiceCVE-2024-49103Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure VulnerabilityImportant
Windows Wireless Wide Area Network ServiceCVE-2024-49111Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege VulnerabilityImportant
Windows Wireless Wide Area Network ServiceCVE-2024-49109Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege VulnerabilityImportant
Windows Wireless Wide Area Network ServiceCVE-2024-49101Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege VulnerabilityImportant
Windows Wireless Wide Area Network ServiceCVE-2024-49094Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege VulnerabilityImportant
Windows Wireless Wide Area Network ServiceCVE-2024-49098Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure VulnerabilityImportant
Windows Wireless Wide Area Network ServiceCVE-2024-49099Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure VulnerabilityImportant
WmsRepair ServiceCVE-2024-49107WmsRepair Service Elevation of Privilege VulnerabilityImportant

 

 

منبع: 

bleepingcomputer.com

 

شرکت فنی مهندسی ارتباط پانا

از سال ۱۳۸۴ به عنوان شرکتی پیشرو در زمینه “امنیت شبکه” فعالیت خود را آغاز کرد و با اخذ مجوزهای مربوطه و همچنین با بهره گیری از تیمی متخصص و حرفه ای در جایگاه یکی از معتبرترین فعالان این صنعت قرار گرفته است. 

دسترسی سریع

امنیت حرفه ای

عضویت در خبرنامه

شبکه اجتماعی