پشتیبانی 24/7 :

031-36691964 | 021-88203003

جستجو

به روزسانی ماه مارس 2020 مایکروسافت و رفع 115 آسیب پذیری

تیتر مطالب

مایکروسافت وصله امنیتی روز سه شنبه این ماه را منتشر نمود. در این به روز رسانی وصله های مربوط به 115 آسیب پذیری وجود دارد و یکی از بزرگترین به روز رسانی های منتشر شده از طرف مایکروسافت است.

علی رقم این به روزرسانی گسترده، نگرانی اکثر متخصصان همچنان در مورد آسیب پذیری SMBv3 و امکان سواستفاده های دیگری از آن مانند EternalBlue است.
با این حال این ماه به روزرسانی های امنیتی خاص خود را دارد. از میان این 115 وصله امنیتی، 26 مورد در دسته وصله های امنیتی حیاتی قرار می گیرند.
این به روزرسانی به صورت یکجا عرضه شده بدین صورت که چنانچه شما اقدام به نصب نمایید کلیه به روزرسانی ها را به یکباره دریافت خواهید کرد.
در این میان اگر یک آسیب پذیری با احتمال سوءاستفاده و حمله بسیار زیاد وجود داشته باشد بدون شک آسیب پذیری CVE-2020-0684 است.
این آسیب پذیری یک باگ در فایل های میانبر .LNK است که به بدافزار اجازه میدهد زمانیکه فایل .LNK مخرب توسط ویندوز پردازش می شود، کدمخربی را روی سیستم اجرا کند.
مهاجم میتواند فایل آلوده .LNK و یک کد باینری مخرب را در یک درایور قابل حمل و فایل اشتراک از راه دور به کاربر ارائه می کند. زمانی که کاربر درایور را باز می کند فایل .LNK اجرا شده و کد مورد نظر مهاجم نیز روی سیستم کاربر اجرا می گردد.
براساس توضیحات مایکروسافت ، این اشکال برای فعالیت مجرمانه سودمند است و امکان نصب  بدافزار در دستگاه های کاربر را فراهم می کند.
جزییات به روزسانی ها و آسیب پذیری های رفع شده در جدول زیر قابل مشاهده می باشد.

Tag CVE ID CVE Title
Azure CVE-2020-0902 Service Fabric Elevation of Privilege
Azure DevOps CVE-2020-0758 Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability
Azure DevOps CVE-2020-0815 Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability
Azure DevOps CVE-2020-0700 Azure DevOps Server Cross-site Scripting Vulnerability
Internet Explorer CVE-2020-0824 Internet Explorer Memory Corruption Vulnerability
Microsoft Browsers CVE-2020-0768 Scripting Engine Memory Corruption Vulnerability
Microsoft Dynamics CVE-2020-0905 Dynamics Business Central Remote Code Execution Vulnerability
Microsoft Edge CVE-2020-0816 Microsoft Edge Memory Corruption Vulnerability
Microsoft Exchange Server CVE-2020-0903 Microsoft Exchange Server Spoofing Vulnerability
Microsoft Graphics Component CVE-2020-0774 Windows GDI Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2020-0788 Win32k Elevation of Privilege Vulnerability
Microsoft Graphics Component CVE-2020-0791 Windows Graphics Component Elevation of Privilege Vulnerability
Microsoft Graphics Component CVE-2020-0690 DirectX Elevation of Privilege Vulnerability
Microsoft Graphics Component CVE-2020-0853 Windows Imaging Component Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2020-0877 Win32k Elevation of Privilege Vulnerability
Microsoft Graphics Component CVE-2020-0882 Windows GDI Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2020-0883 GDI+ Remote Code Execution Vulnerability
Microsoft Graphics Component CVE-2020-0881 GDI+ Remote Code Execution Vulnerability
Microsoft Graphics Component CVE-2020-0880 Windows GDI Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2020-0887 Win32k Elevation of Privilege Vulnerability
Microsoft Graphics Component CVE-2020-0898 Windows Graphics Component Elevation of Privilege Vulnerability
Microsoft Graphics Component CVE-2020-0885 Windows Graphics Component Information Disclosure Vulnerability
Microsoft Office CVE-2020-0850 Microsoft Word Remote Code Execution Vulnerability
Microsoft Office CVE-2020-0852 Microsoft Word Remote Code Execution Vulnerability
Microsoft Office CVE-2020-0892 Microsoft Word Remote Code Execution Vulnerability
Microsoft Office CVE-2020-0851 Microsoft Word Remote Code Execution Vulnerability
Microsoft Office CVE-2020-0855 Microsoft Word Remote Code Execution Vulnerability
Microsoft Office SharePoint CVE-2020-0795 Microsoft SharePoint Reflective XSS Vulnerability
Microsoft Office SharePoint CVE-2020-0891 Microsoft SharePoint Reflective XSS Vulnerability
Microsoft Office SharePoint CVE-2020-0893 Microsoft Office SharePoint XSS Vulnerability
Microsoft Office SharePoint CVE-2020-0894 Microsoft Office SharePoint XSS Vulnerability
Microsoft Scripting Engine CVE-2020-0830 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2020-0829 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2020-0813 Scripting Engine Information Disclosure Vulnerability
Microsoft Scripting Engine CVE-2020-0826 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2020-0827 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2020-0825 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2020-0831 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2020-0847 VBScript Remote Code Execution Vulnerability
Microsoft Scripting Engine CVE-2020-0811 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2020-0828 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2020-0848 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2020-0823 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2020-0832 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2020-0812 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2020-0833 Scripting Engine Memory Corruption Vulnerability
Microsoft Windows CVE-2020-0897 Windows Work Folder Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0896 Windows Hard Link Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0871 Windows Network Connections Service Information Disclosure Vulnerability
Microsoft Windows CVE-2020-0874 Windows GDI Information Disclosure Vulnerability
Microsoft Windows CVE-2020-0876 Win32k Information Disclosure Vulnerability
Microsoft Windows CVE-2020-0775 Windows Error Reporting Information Disclosure Vulnerability
Microsoft Windows CVE-2020-0879 Windows GDI Information Disclosure Vulnerability
Microsoft Windows CVE-2020-0793 Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0776 Windows Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0869 Media Foundation Memory Corruption Vulnerability
Microsoft Windows CVE-2020-0861 Windows Network Driver Interface Specification (NDIS) Information Disclosure Vulnerability
Microsoft Windows CVE-2020-0863 Connected User Experiences and Telemetry Service Information Disclosure Vulnerability
Microsoft Windows CVE-2020-0860 Windows ActiveX Installer Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0857 Windows Search Indexer Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0858 Windows Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0865 Windows Work Folder Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0866 Windows Work Folder Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0864 Windows Work Folder Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0820 Media Foundation Information Disclosure Vulnerability
Microsoft Windows CVE-2020-0819 Windows Device Setup Manager Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0804 Windows Network Connections Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0779 Windows Installer Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0802 Windows Network Connections Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0803 Windows Network Connections Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0778 Windows Network Connections Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0809 Media Foundation Memory Corruption Vulnerability
Microsoft Windows CVE-2020-0810 Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0807 Media Foundation Memory Corruption Vulnerability
Microsoft Windows CVE-2020-0808 Provisioning Runtime Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0797 Windows Work Folder Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0785 Windows User Profile Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0786 Windows Tile Object Service Denial of Service Vulnerability
Microsoft Windows CVE-2020-0787 Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0783 Windows UPnP Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0800 Windows Work Folder Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0801 Media Foundation Memory Corruption Vulnerability
Microsoft Windows CVE-2020-0781 Windows UPnP Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0780 Windows Network List Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0777 Windows Work Folder Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0772 Windows Error Reporting Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0849 Windows Hard Link Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0845 Windows Network Connections Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0684 LNK Remote Code Execution Vulnerability
Microsoft Windows CVE-2020-0769 Windows CSC Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0771 Windows CSC Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0841 Windows Hard Link Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0840 Windows Hard Link Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0806 Windows Error Reporting Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0843 Windows Installer Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0844 Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0842 Windows Installer Elevation of Privilege Vulnerability
Open Source Software CVE-2020-0872 Remote Code Execution Vulnerability in Application Inspector
Other CVE-2020-0765 Remote Desktop Connection Manager Information Disclosure Vulnerability
Visual Studio CVE-2020-0789 Visual Studio Extension Installer Service Denial of Service Vulnerability
Visual Studio CVE-2020-0884 Microsoft Visual Studio Spoofing Vulnerability
Windows Defender CVE-2020-0763 Windows Defender Security Center Elevation of Privilege Vulnerability
Windows Defender CVE-2020-0762 Windows Defender Security Center Elevation of Privilege Vulnerability
Windows Diagnostic Hub CVE-2020-0854 Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability
Windows IIS CVE-2020-0645 Microsoft IIS Server Tampering Vulnerability
Windows Installer CVE-2020-0814 Windows Installer Elevation of Privilege Vulnerability
Windows Installer CVE-2020-0773 Windows ActiveX Installer Service Elevation of Privilege Vulnerability
Windows Installer CVE-2020-0770 Windows ActiveX Installer Service Elevation of Privilege Vulnerability
Windows Installer CVE-2020-0822 Windows Language Pack Installer Elevation of Privilege Vulnerability
Windows Installer CVE-2020-0859 Windows Modules Installer Service Information Disclosure Vulnerability
Windows Installer CVE-2020-0868 Windows Update Orchestrator Service Elevation of Privilege Vulnerability
Windows Installer CVE-2020-0798 Windows Installer Elevation of Privilege Vulnerability
Windows Installer CVE-2020-0867 Windows Update Orchestrator Service Elevation of Privilege Vulnerability
Windows Kernel CVE-2020-0834 Windows ALPC Elevation of Privilege Vulnerability
Windows Kernel CVE-2020-0799 Windows Kernel Elevation of Privilege Vulnerability

منبع:

https://www.zdnet.com