پشتیبانی 24/7 :

031-36691964 | 021-88203003

جستجو

بروزرسانی امنیتی سه شنبه ماه ژانویه مایکروسافت 2022(6 آسیب پذیری روز صفر و در مجموع 97 نقص را برطرف میکند.)

تیتر مطالب

در این بروزرسانی مایکروسافت 97 آسیب پذیری (بدون احتساب 29 آسیب پذیری Microsoft Edge)  9 موردآسیب پذیری به عنوان بحرانی و 88 مورد به عنوان مهم برطرف کرده است.

تعداد هر نوع آسیب پذیری شامل:

•    41 آسیب پذیری Elevation of Privilege
•    9 آسیب پذیری  Security Feature Bypass
•    29 آسیب پذیری Remote Code Execution
•    6 آسیب پذیری Information Disclosure
•    9 آسیب پذیری Denial of Service
•    3 آسیب پذیری Spoofing

شش آسیب پذیری Zero-day برطرف شد، که هیچ کدام از آنها به طور فعال مورد سوء استفاده قرار نگرفتند.

بروزرسانی سه شنبه این ماه شامل اصلاحاتی برای رفع شش آسیب‌پذیری روز صفر است که به طور عمومی فاش شده‌اند. خبر خوب این است که هیچ یک از آنها به طور فعال در حملات مورد سوء استفاده قرار نگرفته اند.
مایکروسافت آسیب پذیری هایی را که به صورت عمومی افشا می شود و به صورت فعال مورد سوء استفاده قرار می گیرد و هیچ بروزرسانی امنیتی برای آن منتشر نشده در دسته Zero-day طبقه بندی می کند.

مایکروسافت همچنین آسیب‌پذیری های  روز صفر دیگرکه به‌صورت عمومی فاش شده به عنوان بخشی از بروزرسانی سه شنبه دسامبر 2021 را برطرف کرد:

•    آسیب پذیری CVE-2021-22947 – Open Source Curl Remote Code Execution
•    آسیب پذیری CVE-2021-36976 – Libarchive Remote Code Execution
•    آسیب پذیری CVE-2022-21919 – Windows User Profile Service Elevation of Privilege
•    آسیب پذیری  CVE-2022-21836 – Windows Certificate Spoofing
•    آسیب پذیری CVE-2022-21839 – Windows Event Tracing Discretionary Access Control List Denial of Service
•    آسیب پذیری  CVE-2022-21874 – Windows Security Center API Remote Code Execution
هر دو آسیب‌پذیری Curl و Libarchive قبلاً رفع شده بود، اما تا امروز این اصلاحات به ویندوز اضافه نشده بود.

بروز رسانی های اخیر از سایر شرکت ها: سایر شرکت هایی که در ماه ژانویه بروزرسانی هایی را منتشر کردند عبارتند از:

•    بروز رسانی های ژانویه Adobe امروز منتشر شد.
•    بروزرسانی‌های امنیتی دسامبر اندروید هفته گذشته منتشر شد.
•    سیسکو در این ماه بروزرسانی‌های امنیتی را برای محصولات متعددی از جمله Cisco Prime Infrastructure و Cisco Common Services Platform Collector منتشر کرد.
•    SAP بروز رسانی های امنیتی ژانویه 2022 خود را منتشر کرد.

بروزرسانی‌های امنیتی سه‌شنبه ژانویه 2022

لیست کامل این بروز رسانی ها در جدول زیر قابل مشاهده می باشد:

 

Tag CVE ID CVE Title Severity
.NET Framework CVE-2022-21911 .NET Framework Denial of Service Vulnerability Important
Microsoft Dynamics CVE-2022-21932 Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability Important
Microsoft Dynamics CVE-2022-21891 Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability Important
Microsoft Edge (Chromium-based) CVE-2022-0105 Chromium: CVE-2022-0105 Use after free in PDF Unknown
Microsoft Edge (Chromium-based) CVE-2022-0102 Chromium: CVE-2022-0102 Type Confusion in V8 Unknown
Microsoft Edge (Chromium-based) CVE-2022-0104 Chromium: CVE-2022-0104 Heap buffer overflow in ANGLE Unknown
Microsoft Edge (Chromium-based) CVE-2022-0101 Chromium: CVE-2022-0101 Heap buffer overflow in Bookmarks Unknown
Microsoft Edge (Chromium-based) CVE-2022-0103 Chromium: CVE-2022-0103 Use after free in SwiftShader Unknown
Microsoft Edge (Chromium-based) CVE-2022-0109 Chromium: CVE-2022-0109 Inappropriate implementation in Autofill Unknown
Microsoft Edge (Chromium-based) CVE-2022-0110 Chromium: CVE-2022-0110 Incorrect security UI in Autofill Unknown
Microsoft Edge (Chromium-based) CVE-2022-0108 Chromium: CVE-2022-0108 Inappropriate implementation in Navigation Unknown
Microsoft Edge (Chromium-based) CVE-2022-0106 Chromium: CVE-2022-0106 Use after free in Autofill Unknown
Microsoft Edge (Chromium-based) CVE-2022-0107 Chromium: CVE-2022-0107 Use after free in File Manager API Unknown
Microsoft Edge (Chromium-based) CVE-2022-21954 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Important
Microsoft Edge (Chromium-based) CVE-2022-21970 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Important
Microsoft Edge (Chromium-based) CVE-2022-21931 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Important
Microsoft Edge (Chromium-based) CVE-2022-21929 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Moderate
Microsoft Edge (Chromium-based) CVE-2022-21930 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Important
Microsoft Edge (Chromium-based) CVE-2022-0099 Chromium: CVE-2022-0099 Use after free in Sign-in Unknown
Microsoft Edge (Chromium-based) CVE-2022-0100 Chromium: CVE-2022-0100 Heap buffer overflow in Media streams API Unknown
Microsoft Edge (Chromium-based) CVE-2022-0098 Chromium: CVE-2022-0098 Use after free in Screen Capture Unknown
Microsoft Edge (Chromium-based) CVE-2022-0096 Chromium: CVE-2022-0096 Use after free in Storage Unknown
Microsoft Edge (Chromium-based) CVE-2022-0097 Chromium: CVE-2022-0097 Inappropriate implementation in DevTools Unknown
Microsoft Edge (Chromium-based) CVE-2022-0116 Chromium: CVE-2022-0116 Inappropriate implementation in Compositing Unknown
Microsoft Edge (Chromium-based) CVE-2022-0117 Chromium: CVE-2022-0117 Policy bypass in Service Workers Unknown
Microsoft Edge (Chromium-based) CVE-2022-0115 Chromium: CVE-2022-0115 Uninitialized Use in File API Unknown
Microsoft Edge (Chromium-based) CVE-2022-0113 Chromium: CVE-2022-0113 Inappropriate implementation in Blink Unknown
Microsoft Edge (Chromium-based) CVE-2022-0114 Chromium: CVE-2022-0114 Out of bounds memory access in Web Serial Unknown
Microsoft Edge (Chromium-based) CVE-2022-0118 Chromium: CVE-2022-0118 Inappropriate implementation in WebShare Unknown
Microsoft Edge (Chromium-based) CVE-2022-0111 Chromium: CVE-2022-0111 Inappropriate implementation in Navigation Unknown
Microsoft Edge (Chromium-based) CVE-2022-0112 Chromium: CVE-2022-0112 Incorrect security UI in Browser UI Unknown
Microsoft Edge (Chromium-based) CVE-2022-0120 Chromium: CVE-2022-0120 Inappropriate implementation in Passwords Unknown
Microsoft Exchange Server CVE-2022-21969 Microsoft Exchange Server Remote Code Execution Vulnerability Important
Microsoft Exchange Server CVE-2022-21846 Microsoft Exchange Server Remote Code Execution Vulnerability Critical
Microsoft Exchange Server CVE-2022-21855 Microsoft Exchange Server Remote Code Execution Vulnerability Important
Microsoft Graphics Component CVE-2022-21904 Windows GDI Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2022-21903 Windows GDI Elevation of Privilege Vulnerability Important
Microsoft Graphics Component CVE-2022-21915 Windows GDI+ Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2022-21880 Windows GDI+ Information Disclosure Vulnerability Important
Microsoft Office CVE-2022-21840 Microsoft Office Remote Code Execution Vulnerability Critical
Microsoft Office Excel CVE-2022-21841 Microsoft Excel Remote Code Execution Vulnerability Important
Microsoft Office SharePoint CVE-2022-21837 Microsoft SharePoint Server Remote Code Execution Vulnerability Important
Microsoft Office Word CVE-2022-21842 Microsoft Word Remote Code Execution Vulnerability Important
Microsoft Windows Codecs Library CVE-2022-21917 HEVC Video Extensions Remote Code Execution Vulnerability Critical
Open Source Software CVE-2021-22947 Open Source Curl Remote Code Execution Vulnerability Critical
Role: Windows Hyper-V CVE-2022-21901 Windows Hyper-V Elevation of Privilege Vulnerability Important
Role: Windows Hyper-V CVE-2022-21900 Windows Hyper-V Security Feature Bypass Vulnerability Important
Role: Windows Hyper-V CVE-2022-21905 Windows Hyper-V Security Feature Bypass Vulnerability Important
Role: Windows Hyper-V CVE-2022-21847 Windows Hyper-V Denial of Service Vulnerability Important
Tablet Windows User Interface CVE-2022-21870 Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability Important
Windows Account Control CVE-2022-21859 Windows Accounts Control Elevation of Privilege Vulnerability Important
Windows Active Directory CVE-2022-21857 Active Directory Domain Services Elevation of Privilege Vulnerability Critical
Windows AppContracts API Server CVE-2022-21860 Windows AppContracts API Server Elevation of Privilege Vulnerability Important
Windows Application Model CVE-2022-21862 Windows Application Model Core API Elevation of Privilege Vulnerability Important
Windows BackupKey Remote Protocol CVE-2022-21925 Windows BackupKey Remote Protocol Security Feature Bypass Vulnerability Important
Windows Bind Filter Driver CVE-2022-21858 Windows Bind Filter Driver Elevation of Privilege Vulnerability Important
Windows Certificates CVE-2022-21836 Windows Certificate Spoofing Vulnerability Important
Windows Cleanup Manager CVE-2022-21838 Windows Cleanup Manager Elevation of Privilege Vulnerability Important
Windows Clipboard User Service CVE-2022-21869 Clipboard User Service Elevation of Privilege Vulnerability Important
Windows Cluster Port Driver CVE-2022-21910 Microsoft Cluster Port Driver Elevation of Privilege Vulnerability Important
Windows Common Log File System Driver CVE-2022-21897 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important
Windows Common Log File System Driver CVE-2022-21916 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important
Windows Connected Devices Platform Service CVE-2022-21865 Connected Devices Platform Service Elevation of Privilege Vulnerability Important
Windows Cryptographic Services CVE-2022-21835 Microsoft Cryptographic Services Elevation of Privilege Vulnerability Important
Windows Defender CVE-2022-21921 Windows Defender Credential Guard Security Feature Bypass Vulnerability Important
Windows Defender CVE-2022-21906 Windows Defender Application Control Security Feature Bypass Vulnerability Important
Windows Devices Human Interface CVE-2022-21868 Windows Devices Human Interface Elevation of Privilege Vulnerability Important
Windows Diagnostic Hub CVE-2022-21871 Microsoft Diagnostics Hub Standard Collector Runtime Elevation of Privilege Vulnerability Important
Windows DirectX CVE-2022-21898 DirectX Graphics Kernel Remote Code Execution Vulnerability Critical
Windows DirectX CVE-2022-21918 DirectX Graphics Kernel File Denial of Service Vulnerability Important
Windows DirectX CVE-2022-21912 DirectX Graphics Kernel Remote Code Execution Vulnerability Critical
Windows DWM Core Library CVE-2022-21852 Windows DWM Core Library Elevation of Privilege Vulnerability Important
Windows DWM Core Library CVE-2022-21902 Windows DWM Core Library Elevation of Privilege Vulnerability Important
Windows DWM Core Library CVE-2022-21896 Windows DWM Core Library Elevation of Privilege Vulnerability Important
Windows Event Tracing CVE-2022-21872 Windows Event Tracing Elevation of Privilege Vulnerability Important
Windows Event Tracing CVE-2022-21839 Windows Event Tracing Discretionary Access Control List Denial of Service Vulnerability Important
Windows Geolocation Service CVE-2022-21878 Windows Geolocation Service Remote Code Execution Vulnerability Important
Windows HTTP Protocol Stack CVE-2022-21907 HTTP Protocol Stack Remote Code Execution Vulnerability Critical
Windows IKE Extension CVE-2022-21843 Windows IKE Extension Denial of Service Vulnerability Important
Windows IKE Extension CVE-2022-21890 Windows IKE Extension Denial of Service Vulnerability Important
Windows IKE Extension CVE-2022-21883 Windows IKE Extension Denial of Service Vulnerability Important
Windows IKE Extension CVE-2022-21889 Windows IKE Extension Denial of Service Vulnerability Important
Windows IKE Extension CVE-2022-21848 Windows IKE Extension Denial of Service Vulnerability Important
Windows IKE Extension CVE-2022-21849 Windows IKE Extension Remote Code Execution Vulnerability Important
Windows Installer CVE-2022-21908 Windows Installer Elevation of Privilege Vulnerability Important
Windows Kerberos CVE-2022-21920 Windows Kerberos Elevation of Privilege Vulnerability Important
Windows Kernel CVE-2022-21881 Windows Kernel Elevation of Privilege Vulnerability Important
Windows Kernel CVE-2022-21879 Windows Kernel Elevation of Privilege Vulnerability Important
Windows Libarchive CVE-2021-36976 Libarchive Remote Code Execution Vulnerability Important
Windows Local Security Authority CVE-2022-21913 Local Security Authority (Domain Policy) Remote Protocol Security Feature Bypass Important
Windows Local Security Authority Subsystem Service CVE-2022-21884 Local Security Authority Subsystem Service Elevation of Privilege Vulnerability Important
Windows Modern Execution Server CVE-2022-21888 Windows Modern Execution Server Remote Code Execution Vulnerability Important
Windows Push Notifications CVE-2022-21867 Windows Push Notifications Apps Elevation Of Privilege Vulnerability Important
Windows RDP CVE-2022-21851 Remote Desktop Client Remote Code Execution Vulnerability Important
Windows RDP CVE-2022-21850 Remote Desktop Client Remote Code Execution Vulnerability Important
Windows RDP CVE-2022-21893 Remote Desktop Protocol Remote Code Execution Vulnerability Important
Windows Remote Access Connection Manager CVE-2022-21914 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Important
Windows Remote Access Connection Manager CVE-2022-21885 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Important
Windows Remote Desktop CVE-2022-21964 Remote Desktop Licensing Diagnoser Information Disclosure Vulnerability Important
Windows Remote Procedure Call Runtime CVE-2022-21922 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important
Windows Resilient File System (ReFS) CVE-2022-21961 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Important
Windows Resilient File System (ReFS) CVE-2022-21959 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Important
Windows Resilient File System (ReFS) CVE-2022-21958 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Important
Windows Resilient File System (ReFS) CVE-2022-21960 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Important
Windows Resilient File System (ReFS) CVE-2022-21963 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Important
Windows Resilient File System (ReFS) CVE-2022-21892 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Important
Windows Resilient File System (ReFS) CVE-2022-21962 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Important
Windows Resilient File System (ReFS) CVE-2022-21928 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Important
Windows Secure Boot CVE-2022-21894 Secure Boot Security Feature Bypass Vulnerability Important
Windows Security Center CVE-2022-21874 Windows Security Center API Remote Code Execution Vulnerability Important
Windows StateRepository API CVE-2022-21863 Windows StateRepository API Server file Elevation of Privilege Vulnerability Important
Windows Storage CVE-2022-21875 Windows Storage Elevation of Privilege Vulnerability Important
Windows Storage Spaces Controller CVE-2022-21877 Storage Spaces Controller Information Disclosure Vulnerability Important
Windows System Launcher CVE-2022-21866 Windows System Launcher Elevation of Privilege Vulnerability Important
Windows Task Flow Data Engine CVE-2022-21861 Task Flow Data Engine Elevation of Privilege Vulnerability Important
Windows Tile Data Repository CVE-2022-21873 Tile Data Repository Elevation of Privilege Vulnerability Important
Windows UEFI CVE-2022-21899 Windows Extensible Firmware Interface Security Feature Bypass Vulnerability Important
Windows UI Immersive Server CVE-2022-21864 Windows UI Immersive Server API Elevation of Privilege Vulnerability Important
Windows User Profile Service CVE-2022-21895 Windows User Profile Service Elevation of Privilege Vulnerability Important
Windows User Profile Service CVE-2022-21919 Windows User Profile Service Elevation of Privilege Vulnerability Important
Windows User-mode Driver Framework CVE-2022-21834 Windows User-mode Driver Framework Reflector Driver Elevation of Privilege Vulnerability Important
Windows Virtual Machine IDE Drive CVE-2022-21833 Virtual Machine IDE Drive Elevation of Privilege Vulnerability Critical
Windows Win32K CVE-2022-21882 Win32k Elevation of Privilege Vulnerability Important
Windows Win32K CVE-2022-21876 Win32k Information Disclosure Vulnerability Important
Windows Win32K CVE-2022-21887 Win32k Elevation of Privilege Vulnerability Important
Windows Workstation Service Remote Protocol CVE-2022-21924 Workstation Service Remote Protocol Security Feature Bypass Vulnerability Important

منبع:

https://www.bleepingcomputer.com