پشتیبانی 24/7 :

031-36691964 | 021-88203003

جستجو

بروزرسانی امنیتی سه شنبه ماه فوریه 2022مایکروسافت (یک آسیب پذیری روز صفر و در مجموع 48 نقص را برطرف می کند.)

تیتر مطالب

امروز بروزرسانی سه‌شنبه فوریه ۲۰۲۲ مایکروسافت منتشر شد و در این فهرست یک آسیب‌پذیری روز صفر و در مجموع ۴۸ نقص برطرف شده است.
در این بروزرسانی مایکروسافت 48 آسیب پذیری (بدون احتساب 22 آسیب پذیری Microsoft Edge ) که هیچ یک از آنها به عنوان بحرانی طبقه بندی نشده را برطرف کرده است.

تعداد هر نوع آسیب پذیری شامل:

•    16 آسیب پذیری Elevation of Privilege
•    3 آسیب پذیری Security Feature Bypass
•    16 آسیب پذیری Remote Code Execution
•    5 آسیب پذیری Information Disclosure
•    5 آسیب پذیری Denial of Service
•    3 آسیب پذیری Spoofing
•    22 آسیب پذیری Edge – Chromium

یک آسیب پذیری Zero-day برطرف شد، که به طور فعال مورد سوء استفاده قرار نگرفته است.

بروزرسانی سه شنبه این ماه شامل اصلاحاتی برای رفع یک آسیب‌پذیری Zero-day  است که به طور عمومی فاش شده‌. خبر خوب اینکه،  این آسیب پذیری به طور فعال در حملات مورد سوء استفاده قرار نگرفته است.
مایکروسافت آسیب‌پذیری های دیگری که به‌صورت عمومی فاش شده به عنوان بخشی از بروزرسانی سه شنبه فوریه 2022 برطرف کرد:
•    آسیب پذیری Windows Kernel Elevation of Privilege- CVE-2022-21989

بروز رسانی های اخیر از سایر شرکت ها: سایر شرکت هایی که در ماه فوریه بروزرسانی هایی را منتشر کردند عبارتند از:

•    آپدیت های امنیتی فوریه اندروید دیروز منتشر شد.
•    سیسکو بروزرسانی‌های امنیتی را برای بسیاری از محصولات در این ماه منتشر کرد، از جمله  Cisco Small Business RV routers وSnort و Cisco DNA Center.
•     SAP بروز رسانی های امنیتی فوریه 2022 خود را منتشر کرد.

بروزرسانی‌های امنیتی سه‌شنبه فوریه 2022:

لیست کامل این بروز رسانی ها در جدول زیر قابل مشاهده می باشد:

 

Tag CVE ID CVE Title Severity
Azure Data Explorer CVE-2022-23256 Azure Data Explorer Spoofing Vulnerability Important
Kestrel Web Server CVE-2022-21986 .NET Denial of Service Vulnerability Important
Microsoft Dynamics CVE-2022-21957 Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability Important
Microsoft Dynamics GP CVE-2022-23272 Microsoft Dynamics GP Elevation Of Privilege Vulnerability Important
Microsoft Dynamics GP CVE-2022-23271 Microsoft Dynamics GP Elevation Of Privilege Vulnerability Important
Microsoft Dynamics GP CVE-2022-23273 Microsoft Dynamics GP Elevation Of Privilege Vulnerability Important
Microsoft Dynamics GP CVE-2022-23274 Microsoft Dynamics GP Remote Code Execution Vulnerability Important
Microsoft Dynamics GP CVE-2022-23269 Microsoft Dynamics GP Spoofing Vulnerability Important
Microsoft Edge (Chromium-based) CVE-2022-0469 Chromium: CVE-2022-0469 Use after free in Cast Unknown
Microsoft Edge (Chromium-based) CVE-2022-0467 Chromium: CVE-2022-0467 Inappropriate implementation in Pointer Lock Unknown
Microsoft Edge (Chromium-based) CVE-2022-23261 Microsoft Edge (Chromium-based) Tampering Vulnerability Moderate
Microsoft Edge (Chromium-based) CVE-2022-0453 Chromium: CVE-2022-0453 Use after free in Reader Mode Unknown
Microsoft Edge (Chromium-based) CVE-2022-23262 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Important
Microsoft Edge (Chromium-based) CVE-2022-0468 Chromium: CVE-2022-0468 Use after free in Payments Unknown
Microsoft Edge (Chromium-based) CVE-2022-0452 Chromium: CVE-2022-0452 Use after free in Safe Browsing Unknown
Microsoft Edge (Chromium-based) CVE-2022-23263 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Important
Microsoft Edge (Chromium-based) CVE-2022-0462 Chromium: CVE-2022-0462 Inappropriate implementation in Scroll Unknown
Microsoft Edge (Chromium-based) CVE-2022-0461 Chromium: CVE-2022-0461 Policy bypass in COOP Unknown
Microsoft Edge (Chromium-based) CVE-2022-0460 Chromium: CVE-2022-0460 Use after free in Window Dialog Unknown
Microsoft Edge (Chromium-based) CVE-2022-0465 Chromium: CVE-2022-0465 Use after free in Extensions Unknown
Microsoft Edge (Chromium-based) CVE-2022-0464 Chromium: CVE-2022-0464 Use after free in Accessibility Unknown
Microsoft Edge (Chromium-based) CVE-2022-0463 Chromium: CVE-2022-0463 Use after free in Accessibility Unknown
Microsoft Edge (Chromium-based) CVE-2022-0459 Chromium: CVE-2022-0459 Use after free in Screen Capture Unknown
Microsoft Edge (Chromium-based) CVE-2022-0455 Chromium: CVE-2022-0455 Inappropriate implementation in Full Screen Mode Unknown
Microsoft Edge (Chromium-based) CVE-2022-0454 Chromium: CVE-2022-0454 Heap buffer overflow in ANGLE Unknown
Microsoft Edge (Chromium-based) CVE-2022-0466 Chromium: CVE-2022-0466 Inappropriate implementation in Extensions Platform Unknown
Microsoft Edge (Chromium-based) CVE-2022-0458 Chromium: CVE-2022-0458 Use after free in Thumbnail Tab Strip Unknown
Microsoft Edge (Chromium-based) CVE-2022-0457 Chromium: CVE-2022-0457 Type Confusion in V8 Unknown
Microsoft Edge (Chromium-based) CVE-2022-0456 Chromium: CVE-2022-0456 Use after free in Web Search Unknown
Microsoft Edge (Chromium-based) CVE-2022-0470 Chromium: CVE-2022-0470 Out of bounds memory access in V8 Unknown
Microsoft Office CVE-2022-22004 Microsoft Office ClickToRun Remote Code Execution Vulnerability Important
Microsoft Office CVE-2022-22003 Microsoft Office Graphics Remote Code Execution Vulnerability Important
Microsoft Office CVE-2022-23252 Microsoft Office Information Disclosure Vulnerability Important
Microsoft Office Excel CVE-2022-22716 Microsoft Excel Information Disclosure Vulnerability Important
Microsoft Office Outlook CVE-2022-23280 Microsoft Outlook for Mac Security Feature Bypass Vulnerability Important
Microsoft Office SharePoint CVE-2022-21987 Microsoft SharePoint Server Spoofing Vulnerability Important
Microsoft Office SharePoint CVE-2022-21968 Microsoft SharePoint Server Security Feature BypassVulnerability Important
Microsoft Office SharePoint CVE-2022-22005 Microsoft SharePoint Server Remote Code Execution Vulnerability Important
Microsoft Office Visio CVE-2022-21988 Microsoft Office Visio Remote Code Execution Vulnerability Important
Microsoft OneDrive CVE-2022-23255 Microsoft OneDrive for Android Security Feature Bypass Vulnerability Important
Microsoft Teams CVE-2022-21965 Microsoft Teams Denial of Service Vulnerability Important
Microsoft Windows Codecs Library CVE-2022-21844 HEVC Video Extensions Remote Code Execution Vulnerability Important
Microsoft Windows Codecs Library CVE-2022-21927 HEVC Video Extensions Remote Code Execution Vulnerability Important
Microsoft Windows Codecs Library CVE-2022-21926 HEVC Video Extensions Remote Code Execution Vulnerability Important
Microsoft Windows Codecs Library CVE-2022-22709 VP9 Video Extensions Remote Code Execution Vulnerability Important
Power BI CVE-2022-23254 Microsoft Power BI Elevation of Privilege Vulnerability Important
Roaming Security Rights Management Services CVE-2022-21974 Roaming Security Rights Management Services Remote Code Execution Vulnerability Important
Role: DNS Server CVE-2022-21984 Windows DNS Server Remote Code Execution Vulnerability Important
Role: Windows Hyper-V CVE-2022-21995 Windows Hyper-V Remote Code Execution Vulnerability Important
Role: Windows Hyper-V CVE-2022-22712 Windows Hyper-V Denial of Service Vulnerability Important
SQL Server CVE-2022-23276 SQL Server for Linux Containers Elevation of Privilege Vulnerability Important
Visual Studio Code CVE-2022-21991 Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability Important
Windows Common Log File System Driver CVE-2022-22000 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important
Windows Common Log File System Driver CVE-2022-22710 Windows Common Log File System Driver Denial of Service Vulnerability Important
Windows Common Log File System Driver CVE-2022-21981 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important
Windows Common Log File System Driver CVE-2022-21998 Windows Common Log File System Driver Information Disclosure Vulnerability Important
Windows DWM Core Library CVE-2022-21994 Windows DWM Core Library Elevation of Privilege Vulnerability Important
Windows Kernel CVE-2022-21989 Windows Kernel Elevation of Privilege Vulnerability Important
Windows Kernel CVE-2022-21992 Windows Mobile Device Management Remote Code Execution Vulnerability Important
Windows Kernel-Mode Drivers CVE-2022-21993 Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability Important
Windows Named Pipe File System CVE-2022-22715 Named Pipe File System Elevation of Privilege Vulnerability Important
Windows Print Spooler Components CVE-2022-22718 Windows Print Spooler Elevation of Privilege Vulnerability Important
Windows Print Spooler Components CVE-2022-22717 Windows Print Spooler Elevation of Privilege Vulnerability Important
Windows Print Spooler Components CVE-2022-21999 Windows Print Spooler Elevation of Privilege Vulnerability Important
Windows Print Spooler Components CVE-2022-21997 Windows Print Spooler Elevation of Privilege Vulnerability Important
Windows Remote Access Connection Manager CVE-2022-21985 Windows Remote Access Connection Manager Information Disclosure Vulnerability Important
Windows Remote Access Connection Manager CVE-2022-22001 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Important
Windows Remote Procedure Call Runtime CVE-2022-21971 Windows Runtime Remote Code Execution Vulnerability Important
Windows User Account Profile CVE-2022-22002 Windows User Account Profile Picture Denial of Service Vulnerability Important
Windows Win32K CVE-2022-21996 Win32k Elevation of Privilege Vulnerability Important

منبع:
https://www.bleepingcomputer.com