دیروز مایکروسافت بسته امنیتی سه شنبه ماه مارچ را منتشر کرد. در این به روز رسانی 82 آسیب پذیری رفع شده که 10 مورد از آنها از جمله آسیب پذیری های حیاتی هستند. این 82 مورد شامل 7 آسیب پذیری Exchange و 33 آسیب پذیری Chromium Edge که قبلا منتشر شده بود، نیست.
ضمنا دو آسیب پذیری Zero-day که به صورت عمومی منتشر شده و توسط مهاجمین استفاده شده اند، در این به روزرسانی رفع شده اند.
Microsoft Exchange ProxyLogon attacks
هفته پیش مایکروسافت یک آپدیت فوری بابت این آسیب پذیری منتشر کرد و ما نیز در خبرهای قبلی و کانال تلگرام این شرکت اطلاع رسانی های مربوطه را انجام دادیم.
مهاجمین از این آسیب پذیری ها بهره برداری کرده و Web Shellها و سایر بدافزارها را نصب می کنند.
کدهای شناسایی این آسیب پذیری ها :
CVE-2021-26854 – Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2021-26855 – Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2021-26857 – Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2021-26858 – Microsoft Exchange Server Remote Code Execution Vulnerability
مایکروسافت یک اسکریپ PowerShell نیز به نام Test-ProxyLogon.ps1 منتشر نموده که IOC ها را در لاگهای Exchange HttpProxy،Exchange log filesو Windows Application event بررسی می کند.
برای سه آسیب پذیری Microsoft Exchange که در حمله ای مورد بهره برداری قرار نگرفته اند، با کدهای شناسایی زیر نیز به روز رسانی هایی منتشر شده است :
“CVE-2021-26412 – Microsoft Exchange Server Remote Code Execution Vulnerability”
“CVE-2021-27065 – Microsoft Exchange Server Remote Code Execution Vulnerability”
“CVE-2021-27078 – Microsoft Exchange Server Remote Code Execution Vulnerability”
همچنین این کمپانی، Microsoft Defender را به منظور شناسایی Web shellها و IOCهای مرتبط با این حمله، آپدیت نموده است.
دو آسیب پذیری Zero-day
در ماه ژانویه گوگل کشف کرد که گروه Lazarus حملاتی را با استفاده از پروژه های Visual Studio در معرض خطر و اکسپلویت های Zero-day ناشناخته، هدایت می کنند.
در ماه فوریه محققین امنیتی کره جنوبی کشف کردن که مهاجمین از یک آسیب پذیری Zero-day در اینترنت اکسپلورر برای نصب Backdoorها بهره برداری می کنند.
آسیب پذیری مذکور با کد شناسایی CVE-2021-26411 (Internet Explorer Memory Corruption Vulnerability) در به روز رسانی ماه مارچ رفع شده است.
آسیب پذیری Zero-day دیگر با کد شناسایی CVE-2021-27077 (Windows Win32k Elevation of Privilege Vulnerability) نیز رفع شده است. این آسیب پذیری توسط Trend Micro افشا شده بود.
لیست کامل به روز رسانی های این ماه در جدول زیر ارائه می گردد :
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| Application Virtualization | CVE-2021-26890 | Application Virtualization Remote Code Execution Vulnerability | Important |
| Azure | CVE-2021-27075 | Azure Virtual Machine Information Disclosure Vulnerability | Important |
| Azure Sphere | CVE-2021-27074 | Azure Sphere Unsigned Code Execution Vulnerability | Critical |
| Azure Sphere | CVE-2021-27080 | Azure Sphere Unsigned Code Execution Vulnerability | Critical |
| Internet Explorer | CVE-2021-27085 | Internet Explorer Remote Code Execution Vulnerability | Important |
| Internet Explorer | CVE-2021-26411 | Internet Explorer Memory Corruption Vulnerability | Critical |
| Microsoft ActiveX | CVE-2021-26869 | Windows ActiveX Installer Service Information Disclosure Vulnerability | Important |
| Microsoft Edge on Chromium | CVE-2021-21173 | Chromium CVE-2021-21173: Side-channel information leakage in Network Internals | Unknown |
| Microsoft Edge on Chromium | CVE-2021-21172 | Chromium CVE-2021-21172: Insufficient policy enforcement in File System API | Unknown |
| Microsoft Edge on Chromium | CVE-2021-21169 | Chromium CVE-2021-21169: Out of bounds memory access in V8 | Unknown |
| Microsoft Edge on Chromium | CVE-2021-21170 | Chromium CVE-2021-21170: Incorrect security UI in Loader | Unknown |
| Microsoft Edge on Chromium | CVE-2021-21171 | Chromium CVE-2021-21171: Incorrect security UI in TabStrip and Navigation | Unknown |
| Microsoft Edge on Chromium | CVE-2021-21175 | Chromium CVE-2021-21175: Inappropriate implementation in Site isolation | Unknown |
| Microsoft Edge on Chromium | CVE-2021-21176 | Chromium CVE-2021-21176: Inappropriate implementation in full screen mode | Unknown |
| Microsoft Edge on Chromium | CVE-2021-21177 | Chromium CVE-2021-21177: Insufficient policy enforcement in Autofill | Unknown |
| Microsoft Edge on Chromium | CVE-2021-21174 | Chromium CVE-2021-21174: Inappropriate implementation in Referrer | Unknown |
| Microsoft Edge on Chromium | CVE-2021-21178 | Chromium CVE-2021-21178 : Inappropriate implementation in Compositing | Unknown |
| Microsoft Edge on Chromium | CVE-2021-21161 | Chromium CVE-2021-21161: Heap buffer overflow in TabStrip | Unknown |
| Microsoft Edge on Chromium | CVE-2021-21162 | Chromium CVE-2021-21162: Use after free in WebRTC | Unknown |
| Microsoft Edge on Chromium | CVE-2021-21160 | Chromium CVE-2021-21160: Heap buffer overflow in WebAudio | Unknown |
| Microsoft Edge on Chromium | CVE-2020-27844 | Chromium CVE-2020-27844: Heap buffer overflow in OpenJPEG | Unknown |
| Microsoft Edge on Chromium | CVE-2021-21159 | Chromium CVE-2021-21159: Heap buffer overflow in TabStrip | Unknown |
| Microsoft Edge on Chromium | CVE-2021-21163 | Chromium CVE-2021-21163: Insufficient data validation in Reader Mode | Unknown |
| Microsoft Edge on Chromium | CVE-2021-21167 | Chromium CVE-2021-21167: Use after free in bookmarks | Unknown |
| Microsoft Edge on Chromium | CVE-2021-21168 | Chromium CVE-2021-21168: Insufficient policy enforcement in appcache | Unknown |
| Microsoft Edge on Chromium | CVE-2021-21166 | Chromium CVE-2021-21166: Object lifecycle issue in audio | Unknown |
| Microsoft Edge on Chromium | CVE-2021-21164 | Chromium CVE-2021-21164: Insufficient data validation in Chrome for iOS | Unknown |
| Microsoft Edge on Chromium | CVE-2021-21165 | Chromium CVE-2021-21165: Object lifecycle issue in audio | Unknown |
| Microsoft Edge on Chromium | CVE-2021-21189 | Chromium CVE-2021-21189: Insufficient policy enforcement in payments | Unknown |
| Microsoft Edge on Chromium | CVE-2021-21181 | Chromium CVE-2021-21181: Side-channel information leakage in autofill | Unknown |
| Microsoft Edge on Chromium | CVE-2021-21186 | Chromium CVE-2021-21186: Insufficient policy enforcement in QR scanning | Unknown |
| Microsoft Edge on Chromium | CVE-2021-21190 | Chromium CVE-2021-21190 : Uninitialized Use in PDFium | Unknown |
| Microsoft Edge on Chromium | CVE-2021-21183 | Chromium CVE-2021-21183: Inappropriate implementation in performance APIs | Unknown |
| Microsoft Edge on Chromium | CVE-2021-21185 | Chromium CVE-2021-21185: Insufficient policy enforcement in extensions | Unknown |
| Microsoft Edge on Chromium | CVE-2021-21187 | Chromium CVE-2021-21187: Insufficient data validation in URL formatting | Unknown |
| Microsoft Edge on Chromium | CVE-2021-21182 | Chromium CVE-2021-21182: Insufficient policy enforcement in navigations | Unknown |
| Microsoft Edge on Chromium | CVE-2021-21180 | Chromium CVE-2021-21180: Use after free in tab search | Unknown |
| Microsoft Edge on Chromium | CVE-2021-21184 | Chromium CVE-2021-21184: Inappropriate implementation in performance APIs | Unknown |
| Microsoft Edge on Chromium | CVE-2021-21179 | Chromium CVE-2021-21179: Use after free in Network Internals | Unknown |
| Microsoft Edge on Chromium | CVE-2021-21188 | Chromium CVE-2021-21188: Use after free in Blink | Unknown |
| Microsoft Exchange Server | CVE-2021-26412 | Microsoft Exchange Server Remote Code Execution Vulnerability | Critical |
| Microsoft Exchange Server | CVE-2021-27065 | Microsoft Exchange Server Remote Code Execution Vulnerability | Critical |
| Microsoft Exchange Server | CVE-2021-27078 | Microsoft Exchange Server Remote Code Execution Vulnerability | Important |
| Microsoft Exchange Server | CVE-2021-26854 | Microsoft Exchange Server Remote Code Execution Vulnerability | Important |
| Microsoft Exchange Server | CVE-2021-26857 | Microsoft Exchange Server Remote Code Execution Vulnerability | Critical |
| Microsoft Exchange Server | CVE-2021-26855 | Microsoft Exchange Server Remote Code Execution Vulnerability | Critical |
| Microsoft Exchange Server | CVE-2021-26858 | Microsoft Exchange Server Remote Code Execution Vulnerability | Important |
| Microsoft Graphics Component | CVE-2021-26863 | Windows Win32k Elevation of Privilege Vulnerability | Important |
| Microsoft Graphics Component | CVE-2021-27077 | Windows Win32k Elevation of Privilege Vulnerability | Important |
| Microsoft Graphics Component | CVE-2021-26861 | Windows Graphics Component Remote Code Execution Vulnerability | Important |
| Microsoft Graphics Component | CVE-2021-26876 | OpenType Font Parsing Remote Code Execution Vulnerability | Critical |
| Microsoft Graphics Component | CVE-2021-26875 | Windows Win32k Elevation of Privilege Vulnerability | Important |
| Microsoft Graphics Component | CVE-2021-26868 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
| Microsoft Office | CVE-2021-24108 | Microsoft Office Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2021-27058 | Microsoft Office ClickToRun Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2021-27059 | Microsoft Office Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2021-27053 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2021-27054 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2021-27057 | Microsoft Office Remote Code Execution Vulnerability | Important |
| Microsoft Office PowerPoint | CVE-2021-27056 | Microsoft PowerPoint Remote Code Execution Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2021-27052 | Microsoft SharePoint Server Information Disclosure Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2021-24104 | Microsoft SharePoint Spoofing Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2021-27076 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
| Microsoft Office Visio | CVE-2021-27055 | Microsoft Visio Security Feature Bypass Vulnerability | Important |
| Microsoft Windows Codecs Library | CVE-2021-27050 | HEVC Video Extensions Remote Code Execution Vulnerability | Important |
| Microsoft Windows Codecs Library | CVE-2021-27049 | HEVC Video Extensions Remote Code Execution Vulnerability | Important |
| Microsoft Windows Codecs Library | CVE-2021-26884 | Windows Media Photo Codec Information Disclosure Vulnerability | Important |
| Microsoft Windows Codecs Library | CVE-2021-27051 | HEVC Video Extensions Remote Code Execution Vulnerability | Important |
| Microsoft Windows Codecs Library | CVE-2021-27062 | HEVC Video Extensions Remote Code Execution Vulnerability | Important |
| Microsoft Windows Codecs Library | CVE-2021-24110 | HEVC Video Extensions Remote Code Execution Vulnerability | Important |
| Microsoft Windows Codecs Library | CVE-2021-24089 | HEVC Video Extensions Remote Code Execution Vulnerability | Critical |
| Microsoft Windows Codecs Library | CVE-2021-27061 | HEVC Video Extensions Remote Code Execution Vulnerability | Critical |
| Microsoft Windows Codecs Library | CVE-2021-27048 | HEVC Video Extensions Remote Code Execution Vulnerability | Important |
| Microsoft Windows Codecs Library | CVE-2021-27047 | HEVC Video Extensions Remote Code Execution Vulnerability | Important |
| Microsoft Windows Codecs Library | CVE-2021-26902 | HEVC Video Extensions Remote Code Execution Vulnerability | Critical |
| Power BI | CVE-2021-26859 | Microsoft Power BI Information Disclosure Vulnerability | Important |
| Role: DNS Server | CVE-2021-27063 | Windows DNS Server Denial of Service Vulnerability | Important |
| Role: DNS Server | CVE-2021-26893 | Windows DNS Server Remote Code Execution Vulnerability | Important |
| Role: DNS Server | CVE-2021-26897 | Windows DNS Server Remote Code Execution Vulnerability | Critical |
| Role: DNS Server | CVE-2021-26894 | Windows DNS Server Remote Code Execution Vulnerability | Important |
| Role: DNS Server | CVE-2021-26895 | Windows DNS Server Remote Code Execution Vulnerability | Important |
| Role: DNS Server | CVE-2021-26896 | Windows DNS Server Denial of Service Vulnerability | Important |
| Role: DNS Server | CVE-2021-26877 | Windows DNS Server Remote Code Execution Vulnerability | Important |
| Role: Hyper-V | CVE-2021-26867 | Windows Hyper-V Remote Code Execution Vulnerability | Critical |
| Role: Hyper-V | CVE-2021-26879 | Windows NAT Denial of Service Vulnerability | Important |
| Visual Studio | CVE-2021-27084 | Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability | Important |
| Visual Studio | CVE-2021-21300 | Git for Visual Studio Remote Code Execution Vulnerability | Critical |
| Visual Studio Code | CVE-2021-27060 | Visual Studio Code Remote Code Execution Vulnerability | Important |
| Visual Studio Code | CVE-2021-27081 | Visual Studio Code ESLint Extension Remote Code Execution Vulnerability | Important |
| Visual Studio Code | CVE-2021-27083 | Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability | Important |
| Visual Studio Code | CVE-2021-27082 | Quantum Development Kit for Visual Studio Code Remote Code Execution Vulnerability | Important |
| Windows Admin Center | CVE-2021-27066 | Windows Admin Center Security Feature Bypass Vulnerability | Important |
| Windows Container Execution Agent | CVE-2021-26891 | Windows Container Execution Agent Elevation of Privilege Vulnerability | Important |
| Windows Container Execution Agent | CVE-2021-26865 | Windows Container Execution Agent Elevation of Privilege Vulnerability | Important |
| Windows DirectX | CVE-2021-24095 | DirectX Elevation of Privilege Vulnerability | Important |
| Windows Error Reporting | CVE-2021-24090 | Windows Error Reporting Elevation of Privilege Vulnerability | Important |
| Windows Event Tracing | CVE-2021-24107 | Windows Event Tracing Information Disclosure Vulnerability | Important |
| Windows Event Tracing | CVE-2021-26872 | Windows Event Tracing Elevation of Privilege Vulnerability | Important |
| Windows Event Tracing | CVE-2021-26901 | Windows Event Tracing Elevation of Privilege Vulnerability | Important |
| Windows Event Tracing | CVE-2021-26898 | Windows Event Tracing Elevation of Privilege Vulnerability | Important |
| Windows Extensible Firmware Interface | CVE-2021-26892 | Windows Extensible Firmware Interface Security Feature Bypass Vulnerability | Important |
| Windows Folder Redirection | CVE-2021-26887 | Microsoft Windows Folder Redirection Elevation of Privilege Vulnerability | Important |
| Windows Installer | CVE-2021-26862 | Windows Installer Elevation of Privilege Vulnerability | Important |
| Windows Media | CVE-2021-26881 | Microsoft Windows Media Foundation Remote Code Execution Vulnerability | Important |
| Windows Overlay Filter | CVE-2021-26874 | Windows Overlay Filter Elevation of Privilege Vulnerability | Important |
| Windows Overlay Filter | CVE-2021-26860 | Windows App-V Overlay Filter Elevation of Privilege Vulnerability | Important |
| Windows Print Spooler Components | CVE-2021-1640 | Windows Print Spooler Elevation of Privilege Vulnerability | Important |
| Windows Print Spooler Components | CVE-2021-26878 | Windows Print Spooler Elevation of Privilege Vulnerability | Important |
| Windows Projected File System Filter Driver | CVE-2021-26870 | Windows Projected File System Elevation of Privilege Vulnerability | Important |
| Windows Registry | CVE-2021-26864 | Windows Virtual Registry Provider Elevation of Privilege Vulnerability | Important |
| Windows Remote Access API | CVE-2021-26882 | Remote Access API Elevation of Privilege Vulnerability | Important |
| Windows Storage Spaces Controller | CVE-2021-26880 | Storage Spaces Controller Elevation of Privilege Vulnerability | Important |
| Windows Update Assistant | CVE-2021-27070 | Windows 10 Update Assistant Elevation of Privilege Vulnerability | Important |
| Windows Update Stack | CVE-2021-1729 | Windows Update Stack Setup Elevation of Privilege Vulnerability | Important |
| Windows Update Stack | CVE-2021-26889 | Windows Update Stack Elevation of Privilege Vulnerability | Important |
| Windows Update Stack | CVE-2021-26866 | Windows Update Service Elevation of Privilege Vulnerability | Important |
| Windows UPnP Device Host | CVE-2021-26899 | Windows UPnP Device Host Elevation of Privilege Vulnerability | Important |
| Windows User Profile Service | CVE-2021-26873 | Windows User Profile Service Elevation of Privilege Vulnerability | Important |
| Windows User Profile Service | CVE-2021-26886 | User Profile Service Denial of Service Vulnerability | Important |
| Windows WalletService | CVE-2021-26871 | Windows WalletService Elevation of Privilege Vulnerability | Important |
| Windows WalletService | CVE-2021-26885 | Windows WalletService Elevation of Privilege Vulnerability | Important |
| Windows Win32K | CVE-2021-26900 | Windows Win32k Elevation of Privilege Vulnerability | Important |
