وصله امنیتی سه شنبه ماه اکتبر مایکروسافت منتشر شد. در این به روزرسانی 87 آسیب پذیری در محصولات مایکروسافت رفع شده است که 12 مورد از آنها در دسته بندی حیاتی و 74 مورد در دسته بندی مهم قرار گرفته اند.
آسیب پذیری هایی که به صورت عمومی اعلام شده اند :
این به روزرسانی شامل 6 آسیب پذیری خطرناک که به صورت عمومی اعلام شده اند، است و خبر خوب اینکه طبق گفته مایکروسافت هیچ یک از این آسیب پذیری مورد سوءاستفاده عمومی قرار نگرفته اند.
- CVE-2020-16938 – Windows Kernel Information Disclosure Vulnerability
- CVE-2020-16885 – Windows Storage VSP Driver Elevation of Privilege Vulnerability
- CVE-2020-16901 – Windows Kernel Information Disclosure Vulnerability
- CVE-2020-16908 – Windows Setup Elevation of Privilege Vulnerability
- CVE-2020-16909 – Windows Error Reporting Elevation of Privilege Vulnerability
- CVE-2020-16937 – .NET Framework Information Disclosure Vulnerability
با اینکه این ماه آسیب پذیری Zero-day ای نبوده اما چند آسیب پذیری با امکان سوءاستفاده از راه راه دور وجود دارد :
“CVE-2020-16911 – GDI+ Remote Code Execution Vulnerability”
این آسیب پذیری به مهاجم اجازه ایجاد وبسایتهای تخصصی ای میدهد که می توانند دستوراتی با امتیازات بالا را روی سیستم بازدید کننده اجرا کنند.
“CVE-2020-16947 – Microsoft Outlook Remote Code Execution Vulnerability”
به مهاجم اجازه ارسال ایمیل های خاصی را میدهد که وقتی ایمیل در اوت لوک باز شد، دستورات موردنظر مهاجم اجرا می شود. این حمله حتی وقتی ایمیل در حالت Perview pane هم دیده شود، کار خواهد کرد.
“CVE-2020-16898 – Windows TCP/IP Remote Code Execution Vulnerability”
این آسیب پذیری می تواند از طریق ارسال بسته تبلیغاتی روتر ICMPv6 به یک سیستم از راه دور، مورد بهره برداری قرار بگیرد، اگر امکان بهره برداری موفق فراهم شود، مهاجم می تواند از راه دور کدهای دلخواهد خود را بر روی سیستم هدف اجرا کند.
“CVE-2020-16891 – Windows Hyper-V Remote Code Execution Vulnerability”
این آسیب پذیری به مهاجم یا بدافزار اجازه اجرای دستورات در ماشین مجازی Hyper-V میهمان روی میزبان سیستم عامل را می دهد.
“CVE-2020-16915 – Media Foundation Memory Corruption Vulnerability”
برای اجرای کد از راه دور از طریق دنبال کردن یک کاربر هنگام مشاهده وبسایت آلوده مورد بهره برداری قرار می گیرد.
لیست کامل این به روزرسانی ها در جدول زیر قابل مشاهده است :
جهت مشاهده گزارش کاملتر کلیک نمایید.
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| .NET Framework | CVE-2020-16937 | .NET Framework Information Disclosure Vulnerability | Important |
| Adobe Flash Player | ADV200012 | October 2020 Adobe Flash Security Update | Critical |
| Azure | CVE-2020-16995 | Network Watcher Agent Virtual Machine Extension for Linux Elevation of Privilege Vulnerability | Important |
| Azure | CVE-2020-16904 | Azure Functions Elevation of Privilege Vulnerability | Important |
| Group Policy | CVE-2020-16939 | Group Policy Elevation of Privilege Vulnerability | Important |
| Microsoft Dynamics | CVE-2020-16978 | Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability | Important |
| Microsoft Dynamics | CVE-2020-16956 | Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability | Important |
| Microsoft Dynamics | CVE-2020-16943 | Dynamics 365 Commerce Elevation of Privilege Vulnerability | Important |
| Microsoft Exchange Server | CVE-2020-16969 | Microsoft Exchange Information Disclosure Vulnerability | Important |
| Microsoft Graphics Component | CVE-2020-16911 | GDI+ Remote Code Execution Vulnerability | Critical |
| Microsoft Graphics Component | CVE-2020-16914 | Windows GDI+ Information Disclosure Vulnerability | Important |
| Microsoft Graphics Component | CVE-2020-16923 | Microsoft Graphics Components Remote Code Execution Vulnerability | Critical |
| Microsoft Graphics Component | CVE-2020-1167 | Microsoft Graphics Components Remote Code Execution Vulnerability | Important |
| Microsoft NTFS | CVE-2020-16938 | Windows Kernel Information Disclosure Vulnerability | Important |
| Microsoft Office | CVE-2020-16933 | Microsoft Word Security Feature Bypass Vulnerability | Important |
| Microsoft Office | CVE-2020-16929 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2020-16934 | Microsoft Office Click-to-Run Elevation of Privilege Vulnerability | Important |
| Microsoft Office | CVE-2020-16932 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2020-16930 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2020-16955 | Microsoft Office Click-to-Run Elevation of Privilege Vulnerability | Important |
| Microsoft Office | CVE-2020-16928 | Microsoft Office Click-to-Run Elevation of Privilege Vulnerability | Important |
| Microsoft Office | CVE-2020-16957 | Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2020-16918 | Base3D Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2020-16949 | Microsoft Outlook Denial of Service Vulnerability | Moderate |
| Microsoft Office | CVE-2020-16947 | Microsoft Outlook Remote Code Execution Vulnerability | Critical |
| Microsoft Office | CVE-2020-16931 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2020-16954 | Microsoft Office Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2020-17003 | Base3D Remote Code Execution Vulnerability | Critical |
| Microsoft Office SharePoint | CVE-2020-16948 | Microsoft SharePoint Information Disclosure Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2020-16953 | Microsoft SharePoint Information Disclosure Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2020-16942 | Microsoft SharePoint Information Disclosure Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2020-16951 | Microsoft SharePoint Remote Code Execution Vulnerability | Critical |
| Microsoft Office SharePoint | CVE-2020-16944 | Microsoft SharePoint Reflective XSS Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2020-16945 | Microsoft Office SharePoint XSS Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2020-16946 | Microsoft Office SharePoint XSS Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2020-16941 | Microsoft SharePoint Information Disclosure Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2020-16950 | Microsoft SharePoint Information Disclosure Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2020-16952 | Microsoft SharePoint Remote Code Execution Vulnerability | Critical |
| Microsoft Windows | CVE-2020-16900 | Windows Event System Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-16901 | Windows Kernel Information Disclosure Vulnerability | Important |
| Microsoft Windows | CVE-2020-16899 | Windows TCP/IP Denial of Service Vulnerability | Important |
| Microsoft Windows | CVE-2020-16908 | Windows Setup Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-16909 | Windows Error Reporting Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-16912 | Windows Backup Service Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-16940 | Windows – User Profile Service Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-16907 | Win32k Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-16936 | Windows Backup Service Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-16898 | Windows TCP/IP Remote Code Execution Vulnerability | Critical |
| Microsoft Windows | CVE-2020-16897 | NetBT Information Disclosure Vulnerability | Important |
| Microsoft Windows | CVE-2020-16895 | Windows Error Reporting Manager Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-16919 | Windows Enterprise App Management Service Information Disclosure Vulnerability | Important |
| Microsoft Windows | CVE-2020-16921 | Windows Text Services Framework Information Disclosure Vulnerability | Important |
| Microsoft Windows | CVE-2020-16920 | Windows Application Compatibility Client Library Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-16972 | Windows Backup Service Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-16877 | Windows Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-16876 | Windows Application Compatibility Client Library Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-16975 | Windows Backup Service Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-16973 | Windows Backup Service Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-16974 | Windows Backup Service Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-16922 | Windows Spoofing Vulnerability | Important |
| Microsoft Windows | CVE-2020-0764 | Windows Storage Services Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-16980 | Windows iSCSI Target Service Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1080 | Windows Hyper-V Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-16887 | Windows Network Connections Service Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-16885 | Windows Storage VSP Driver Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-16924 | Jet Database Engine Remote Code Execution Vulnerability | Important |
| Microsoft Windows | CVE-2020-16976 | Windows Backup Service Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-16935 | Windows COM Server Elevation of Privilege Vulnerability | Important |
| Microsoft Windows Codecs Library | CVE-2020-16967 | Windows Camera Codec Pack Remote Code Execution Vulnerability | Critical |
| Microsoft Windows Codecs Library | CVE-2020-16968 | Windows Camera Codec Pack Remote Code Execution Vulnerability | Critical |
| PowerShellGet | CVE-2020-16886 | PowerShellGet Module WDAC Security Feature Bypass Vulnerability | Important |
| Visual Studio | CVE-2020-16977 | Visual Studio Code Python Extension Remote Code Execution Vulnerability | Important |
| Windows COM | CVE-2020-16916 | Windows COM Server Elevation of Privilege Vulnerability | Important |
| Windows Error Reporting | CVE-2020-16905 | Windows Error Reporting Elevation of Privilege Vulnerability | Important |
| Windows Hyper-V | CVE-2020-16894 | Windows NAT Remote Code Execution Vulnerability | Important |
| Windows Hyper-V | CVE-2020-1243 | Windows Hyper-V Denial of Service Vulnerability | Important |
| Windows Hyper-V | CVE-2020-16891 | Windows Hyper-V Remote Code Execution Vulnerability | Critical |
| Windows Installer | CVE-2020-16902 | Windows Installer Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2020-16889 | Windows KernelStream Information Disclosure Vulnerability | Important |
| Windows Kernel | CVE-2020-16892 | Windows Image Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2020-16913 | Win32k Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2020-1047 | Windows Hyper-V Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2020-16910 | Windows Security Feature Bypass Vulnerability | Important |
| Windows Media Player | CVE-2020-16915 | Media Foundation Memory Corruption Vulnerability | Critical |
| Windows RDP | CVE-2020-16863 | Windows Remote Desktop Service Denial of Service Vulnerability | Important |
| Windows RDP | CVE-2020-16927 | Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability | Important |
| Windows RDP | CVE-2020-16896 | Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability | Important |
| Windows Secure Kernel Mode | CVE-2020-16890 | Windows Kernel Elevation of Privilege Vulnerability | Important |
منبع :
