مایکروسافت وصله امنیتی این ماه خود را با برطرف کردن آسیب پذیری Zero-day” DogWalk” و جمعا 121 آسیب پذیری منتشر نموده است.
17 مورد از آسیب پذیری های رفع شده در این به روز رسانی در دسته آسیب پذیری های حیاتی قرار گرفته و اجازه اجرای کد از راه دور یا مجوز دسترسی به سیستم را می دهند.
این آسیب پذیری ها به صورت زیر دسته بندی می شوند:
*64 Elevation of Privilege Vulnerabilities
*6 Security Feature Bypass Vulnerabilities
*31 Remote Code Execution Vulnerabilities
*12 Information Disclosure Vulnerabilities
*7 Denial of Service Vulnerabilities
*1 Spoofing Vulnerability
دو آسیب پذیری Zero-day
آسیب پذیری DogWalk که مورد سوء استفاده هم قرار گرفته با شماره شناسایی CVE-2022-34713 (Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution) توسط مایکروسافت ردیابی شده است.
محققان امنیتی این آسیب پذیری را در ژانویه 2020 شناسایی کرده بودن اما مایکروسافت پس از آنکه تشخیص داد این آسیب پذیری امنیتی نیست، تصمیم گرفت آن را رفع نکند.
در هر صورت بعد از کشف آسیب پذیری Microsoft Office MSDT محققان یکبار دیگر نسبت به رفع اسیب پذیری DogWalk تاکید کردن تا اینکه در به روز رسانی این ماه، آسیب پذیری مذکور رفع گردید.
آسیب پذیری Zero-day دیگر با شماره شناسایی CVE-2022-30134 (Microsoft Exchange Information Disclosure) بوده و به ماهجم اجازه ی خواندن ایمیل های هدف را می دهند. به گفته مایکروسافت این آسیب پذیری به صورت عمومی منتشر شده اما توسط مهاجمین شناسایی نشده بوده است.
در جدول لیست لیست کامل این آسیب پذیری ها به طور کامل قابل مشاهده است :
Tag | CVE ID | CVE Title | Severity |
---|---|---|---|
.NET Core | CVE-2022-34716 | .NET Spoofing Vulnerability | Important |
Active Directory Domain Services | CVE-2022-34691 | Active Directory Domain Services Elevation of Privilege Vulnerability | Critical |
Azure Batch Node Agent | CVE-2022-33646 | Azure Batch Node Agent Elevation of Privilege Vulnerability | Critical |
Azure Real Time Operating System | CVE-2022-34685 | Azure RTOS GUIX Studio Information Disclosure Vulnerability | Important |
Azure Real Time Operating System | CVE-2022-34686 | Azure RTOS GUIX Studio Information Disclosure Vulnerability | Important |
Azure Real Time Operating System | CVE-2022-35773 | Azure RTOS GUIX Studio Remote Code Execution Vulnerability | Important |
Azure Real Time Operating System | CVE-2022-35779 | Azure RTOS GUIX Studio Remote Code Execution Vulnerability | Important |
Azure Real Time Operating System | CVE-2022-35806 | Azure RTOS GUIX Studio Remote Code Execution Vulnerability | Important |
Azure Real Time Operating System | CVE-2022-34687 | Azure RTOS GUIX Studio Remote Code Execution Vulnerability | Important |
Azure Real Time Operating System | CVE-2022-30176 | Azure RTOS GUIX Studio Remote Code Execution Vulnerability | Important |
Azure Real Time Operating System | CVE-2022-30175 | Azure RTOS GUIX Studio Remote Code Execution Vulnerability | Important |
Azure Site Recovery | CVE-2022-35791 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
Azure Site Recovery | CVE-2022-35818 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
Azure Site Recovery | CVE-2022-35809 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
Azure Site Recovery | CVE-2022-35789 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
Azure Site Recovery | CVE-2022-35815 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
Azure Site Recovery | CVE-2022-35817 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
Azure Site Recovery | CVE-2022-35816 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
Azure Site Recovery | CVE-2022-35814 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
Azure Site Recovery | CVE-2022-35785 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
Azure Site Recovery | CVE-2022-35812 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
Azure Site Recovery | CVE-2022-35811 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
Azure Site Recovery | CVE-2022-35784 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
Azure Site Recovery | CVE-2022-35810 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
Azure Site Recovery | CVE-2022-35813 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
Azure Site Recovery | CVE-2022-35788 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
Azure Site Recovery | CVE-2022-35783 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
Azure Site Recovery | CVE-2022-35786 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
Azure Site Recovery | CVE-2022-35787 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
Azure Site Recovery | CVE-2022-35819 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
Azure Site Recovery | CVE-2022-35781 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
Azure Site Recovery | CVE-2022-35775 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
Azure Site Recovery | CVE-2022-35790 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
Azure Site Recovery | CVE-2022-35780 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
Azure Site Recovery | CVE-2022-35799 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
Azure Site Recovery | CVE-2022-35772 | Azure Site Recovery Remote Code Execution Vulnerability | Important |
Azure Site Recovery | CVE-2022-35800 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
Azure Site Recovery | CVE-2022-35774 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
Azure Site Recovery | CVE-2022-35802 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
Azure Site Recovery | CVE-2022-35782 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
Azure Site Recovery | CVE-2022-35824 | Azure Site Recovery Remote Code Execution Vulnerability | Important |
Azure Site Recovery | CVE-2022-35801 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
Azure Site Recovery | CVE-2022-35808 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
Azure Site Recovery | CVE-2022-35776 | Azure Site Recovery Denial of Service Vulnerability | Important |
Azure Site Recovery | CVE-2022-35807 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
Azure Sphere | CVE-2022-35821 | Azure Sphere Information Disclosure Vulnerability | Important |
Microsoft ATA Port Driver | CVE-2022-35760 | Microsoft ATA Port Driver Elevation of Privilege Vulnerability | Important |
Microsoft Bluetooth Driver | CVE-2022-35820 | Windows Bluetooth Driver Elevation of Privilege Vulnerability | Important |
Microsoft Edge (Chromium-based) | CVE-2022-35796 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | Low |
Microsoft Edge (Chromium-based) | CVE-2022-33649 | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | Important |
Microsoft Edge (Chromium-based) | CVE-2022-2618 | Chromium: CVE-2022-2618 Insufficient validation of untrusted input in Internals | Unknown |
Microsoft Edge (Chromium-based) | CVE-2022-2616 | Chromium: CVE-2022-2616 Inappropriate implementation in Extensions API | Unknown |
Microsoft Edge (Chromium-based) | CVE-2022-2617 | Chromium: CVE-2022-2617 Use after free in Extensions API | Unknown |
Microsoft Edge (Chromium-based) | CVE-2022-2619 | Chromium: CVE-2022-2619 Insufficient validation of untrusted input in Settings | Unknown |
Microsoft Edge (Chromium-based) | CVE-2022-2622 | Chromium: CVE-2022-2622 Insufficient validation of untrusted input in Safe Browsing | Unknown |
Microsoft Edge (Chromium-based) | CVE-2022-2623 | Chromium: CVE-2022-2623 Use after free in Offline | Unknown |
Microsoft Edge (Chromium-based) | CVE-2022-33636 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | Moderate |
Microsoft Edge (Chromium-based) | CVE-2022-2621 | Chromium: CVE-2022-2621 Use after free in Extensions | Unknown |
Microsoft Edge (Chromium-based) | CVE-2022-2615 | Chromium: CVE-2022-2615 Insufficient policy enforcement in Cookies | Unknown |
Microsoft Edge (Chromium-based) | CVE-2022-2604 | Chromium: CVE-2022-2604 Use after free in Safe Browsing | Unknown |
Microsoft Edge (Chromium-based) | CVE-2022-2605 | Chromium: CVE-2022-2605 Out of bounds read in Dawn | Unknown |
Microsoft Edge (Chromium-based) | CVE-2022-2624 | Chromium: CVE-2022-2624 Heap buffer overflow in PDF | Unknown |
Microsoft Edge (Chromium-based) | CVE-2022-2603 | Chromium: CVE-2022-2603 Use after free in Omnibox | Unknown |
Microsoft Edge (Chromium-based) | CVE-2022-2606 | Chromium: CVE-2022-2606 Use after free in Managed devices API | Unknown |
Microsoft Edge (Chromium-based) | CVE-2022-2612 | Chromium: CVE-2022-2612 Side-channel information leakage in Keyboard input | Unknown |
Microsoft Edge (Chromium-based) | CVE-2022-2614 | Chromium: CVE-2022-2614 Use after free in Sign-In Flow | Unknown |
Microsoft Edge (Chromium-based) | CVE-2022-2610 | Chromium: CVE-2022-2610 Insufficient policy enforcement in Background Fetch | Unknown |
Microsoft Edge (Chromium-based) | CVE-2022-2611 | Chromium: CVE-2022-2611 Inappropriate implementation in Fullscreen API | Unknown |
Microsoft Exchange Server | CVE-2022-34692 | Microsoft Exchange Information Disclosure Vulnerability | Important |
Microsoft Exchange Server | CVE-2022-21980 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Critical |
Microsoft Exchange Server | CVE-2022-21979 | Microsoft Exchange Information Disclosure Vulnerability | Important |
Microsoft Exchange Server | CVE-2022-24516 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Critical |
Microsoft Exchange Server | CVE-2022-30134 | Microsoft Exchange Information Disclosure Vulnerability | Important |
Microsoft Exchange Server | CVE-2022-24477 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Critical |
Microsoft Office | CVE-2022-34717 | Microsoft Office Remote Code Execution Vulnerability | Important |
Microsoft Office Excel | CVE-2022-33648 | Microsoft Excel Remote Code Execution Vulnerability | Important |
Microsoft Office Excel | CVE-2022-33631 | Microsoft Excel Security Feature Bypass Vulnerability | Important |
Microsoft Office Outlook | CVE-2022-35742 | Microsoft Outlook Denial of Service Vulnerability | Important |
Microsoft Windows Support Diagnostic Tool (MSDT) | CVE-2022-34713 | Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability | Important |
Microsoft Windows Support Diagnostic Tool (MSDT) | CVE-2022-35743 | Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability | Important |
Remote Access Service Point-to-Point Tunneling Protocol | CVE-2022-35752 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | Critical |
Remote Access Service Point-to-Point Tunneling Protocol | CVE-2022-35753 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | Critical |
Remote Access Service Point-to-Point Tunneling Protocol | CVE-2022-35769 | Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability | Important |
Role: Windows Fax Service | CVE-2022-34690 | Windows Fax Service Elevation of Privilege Vulnerability | Important |
Role: Windows Hyper-V | CVE-2022-34696 | Windows Hyper-V Remote Code Execution Vulnerability | Critical |
Role: Windows Hyper-V | CVE-2022-35751 | Windows Hyper-V Elevation of Privilege Vulnerability | Important |
System Center Operations Manager | CVE-2022-33640 | System Center Operations Manager: Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability | Important |
Visual Studio | CVE-2022-35827 | Visual Studio Remote Code Execution Vulnerability | Important |
Visual Studio | CVE-2022-35777 | Visual Studio Remote Code Execution Vulnerability | Important |
Visual Studio | CVE-2022-35825 | Visual Studio Remote Code Execution Vulnerability | Important |
Visual Studio | CVE-2022-35826 | Visual Studio Remote Code Execution Vulnerability | Important |
Windows Bluetooth Service | CVE-2022-30144 | Windows Bluetooth Service Remote Code Execution Vulnerability | Important |
Windows Canonical Display Driver | CVE-2022-35750 | Win32k Elevation of Privilege Vulnerability | Important |
Windows Cloud Files Mini Filter Driver | CVE-2022-35757 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | Important |
Windows Defender Credential Guard | CVE-2022-35771 | Windows Defender Credential Guard Elevation of Privilege Vulnerability | Important |
Windows Defender Credential Guard | CVE-2022-34705 | Windows Defender Credential Guard Elevation of Privilege Vulnerability | Important |
Windows Defender Credential Guard | CVE-2022-34710 | Windows Defender Credential Guard Information Disclosure Vulnerability | Important |
Windows Defender Credential Guard | CVE-2022-34709 | Windows Defender Credential Guard Security Feature Bypass Vulnerability | Important |
Windows Defender Credential Guard | CVE-2022-34704 | Windows Defender Credential Guard Information Disclosure Vulnerability | Important |
Windows Defender Credential Guard | CVE-2022-34712 | Windows Defender Credential Guard Information Disclosure Vulnerability | Important |
Windows Digital Media | CVE-2022-35746 | Windows Digital Media Receiver Elevation of Privilege Vulnerability | Important |
Windows Digital Media | CVE-2022-35749 | Windows Digital Media Receiver Elevation of Privilege Vulnerability | Important |
Windows Error Reporting | CVE-2022-35795 | Windows Error Reporting Service Elevation of Privilege Vulnerability | Important |
Windows Hello | CVE-2022-35797 | Windows Hello Security Feature Bypass Vulnerability | Important |
Windows Internet Information Services | CVE-2022-35748 | HTTP.sys Denial of Service Vulnerability | Important |
Windows Kerberos | CVE-2022-35756 | Windows Kerberos Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2022-35761 | Windows Kernel Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2022-35768 | Windows Kernel Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2022-34708 | Windows Kernel Information Disclosure Vulnerability | Important |
Windows Kernel | CVE-2022-34707 | Windows Kernel Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2022-35804 | SMB Client and Server Remote Code Execution Vulnerability | Critical |
Windows Kernel | CVE-2022-30197 | Windows Kernel Information Disclosure Vulnerability | Important |
Windows Kernel | CVE-2022-35758 | Windows Kernel Memory Information Disclosure Vulnerability | Important |
Windows Local Security Authority (LSA) | CVE-2022-34706 | Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability | Important |
Windows Local Security Authority (LSA) | CVE-2022-35759 | Windows Local Security Authority (LSA) Denial of Service Vulnerability | Important |
Windows Network File System | CVE-2022-34715 | Windows Network File System Remote Code Execution Vulnerability | Important |
Windows Partition Management Driver | CVE-2022-33670 | Windows Partition Management Driver Elevation of Privilege Vulnerability | Important |
Windows Partition Management Driver | CVE-2022-34703 | Windows Partition Management Driver Elevation of Privilege Vulnerability | Important |
Windows Point-to-Point Tunneling Protocol | CVE-2022-30133 | Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability | Critical |
Windows Point-to-Point Tunneling Protocol | CVE-2022-35747 | Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability | Important |
Windows Point-to-Point Tunneling Protocol | CVE-2022-35744 | Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability | Critical |
Windows Print Spooler Components | CVE-2022-35793 | Windows Print Spooler Elevation of Privilege Vulnerability | Important |
Windows Print Spooler Components | CVE-2022-35755 | Windows Print Spooler Elevation of Privilege Vulnerability | Important |
Windows Secure Boot | CVE-2022-34301 | CERT/CC: CVE-2022-34301 Eurosoft Boot Loader Bypass | Important |
Windows Secure Boot | CVE-2022-34302 | CERT/CC: CVE-2022-34302 New Horizon Data Systems Inc Boot Loader Bypass | Important |
Windows Secure Boot | CVE-2022-34303 | CERT/CC: CVE-20220-34303 Crypto Pro Boot Loader Bypass | Important |
Windows Secure Socket Tunneling Protocol (SSTP) | CVE-2022-35745 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | Critical |
Windows Secure Socket Tunneling Protocol (SSTP) | CVE-2022-35766 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | Critical |
Windows Secure Socket Tunneling Protocol (SSTP) | CVE-2022-35794 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | Critical |
Windows Secure Socket Tunneling Protocol (SSTP) | CVE-2022-34701 | Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability | Important |
Windows Secure Socket Tunneling Protocol (SSTP) | CVE-2022-34714 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | Critical |
Windows Secure Socket Tunneling Protocol (SSTP) | CVE-2022-34702 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | Critical |
Windows Secure Socket Tunneling Protocol (SSTP) | CVE-2022-35767 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | Critical |
Windows Storage Spaces Direct | CVE-2022-35762 | Storage Spaces Direct Elevation of Privilege Vulnerability | Important |
Windows Storage Spaces Direct | CVE-2022-35765 | Storage Spaces Direct Elevation of Privilege Vulnerability | Important |
Windows Storage Spaces Direct | CVE-2022-35792 | Storage Spaces Direct Elevation of Privilege Vulnerability | Important |
Windows Storage Spaces Direct | CVE-2022-35763 | Storage Spaces Direct Elevation of Privilege Vulnerability | Important |
Windows Storage Spaces Direct | CVE-2022-35764 | Storage Spaces Direct Elevation of Privilege Vulnerability | Important |
Windows Unified Write Filter | CVE-2022-35754 | Unified Write Filter Elevation of Privilege Vulnerability | Important |
Windows WebBrowser Control | CVE-2022-30194 | Windows WebBrowser Control Remote Code Execution Vulnerability | Important |
Windows Win32K | CVE-2022-34699 | Windows Win32k Elevation of Privilege Vulnerability | Important |
منبع :