پشتیبانی 24/7 :

031-36691964 | 021-88203003

جستجو

بروزرسانی امنیتی سه شنبه ماه آپریل 2022مایکروسافت

تیتر مطالب

مایکروسافت، وصله های به روز رسانی سه شنبه ماه آپریل خود را منتشر کرد، این به روز رسانی شامل رفع 119 آسیب پذیری (بجز 26 آسیب پذیری موجود در Microsoft Edge) است که 2 آسیب پذیری Zero-day و 10 آسیب پذیری حیاتی مربوطه به اجرای کد از راه دور را نیز در برمیگیرد.

آسیب پذیری های Zero-Day

یکی از این آسیب پذیری های Zero-day به صورت عمومی منتشر شده و دیگری به صورت فعال در حملات سایبری مورد سواستفاده قرار میگیرد.

  • CVE-2022-26904 – Windows User Profile Service Elevation of Privilege Vulnerability

این آسیب پذیری به صورت عمومی منتشر شده و یک باگ در امتیازات دسترسی است که توسط  CrowdStrike  و NSA کشف شده است.

  • CVE-2022-24521 – Windows Common Log File System Driver Elevation of Privilege Vulnerability

با توجه به اینکه مایکروسافت وصله های این آسیب پذیری ها را منتشر کرده است و در خصوص آنها اطلاع رسانی نموده است، انتظار می رود که مهاجمان این آسیب پذیری ها را مورد تجزیه و تحلیل قرار دهند و به دنبال نحوه سوء استفاده از آنها در سیستم هایی که به روز نیستند، باشند. بنابراین توصیه می کنیم بلافاصله این به روز رسانی ها را دریافت و نصب نمایید.

 

در جدول زیر آسیب پذیری های این ماه مایکروسافت به صورت کامل لیست شده است:

Tag CVE ID CVE Title Severity
.NET Framework CVE-2022-26832 .NET Framework Denial of Service Vulnerability Important
Active Directory Domain Services CVE-2022-26814 Windows DNS Server Remote Code Execution Vulnerability Important
Active Directory Domain Services CVE-2022-26817 Windows DNS Server Remote Code Execution Vulnerability Important
Azure SDK CVE-2022-26907 Azure SDK for .NET Information Disclosure Vulnerability Important
Azure Site Recovery CVE-2022-26898 Azure Site Recovery Remote Code Execution Vulnerability Important
Azure Site Recovery CVE-2022-26897 Azure Site Recovery Information Disclosure Vulnerability Important
Azure Site Recovery CVE-2022-26896 Azure Site Recovery Information Disclosure Vulnerability Important
LDAP – Lightweight Directory Access Protocol CVE-2022-26831 Windows LDAP Denial of Service Vulnerability Important
LDAP – Lightweight Directory Access Protocol CVE-2022-26919 Windows LDAP Remote Code Execution Vulnerability Critical
Microsoft Bluetooth Driver CVE-2022-26828 Windows Bluetooth Driver Elevation of Privilege Vulnerability Important
Microsoft Dynamics CVE-2022-23259 Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability Critical
Microsoft Edge (Chromium-based) CVE-2022-26909 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Moderate
Microsoft Edge (Chromium-based) CVE-2022-1139 Chromium: CVE-2022-1139 Inappropriate implementation in Background Fetch API Unknown
Microsoft Edge (Chromium-based) CVE-2022-26912 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Moderate
Microsoft Edge (Chromium-based) CVE-2022-26908 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Important
Microsoft Edge (Chromium-based) CVE-2022-1146 Chromium: CVE-2022-1146 Inappropriate implementation in Resource Timing Unknown
Microsoft Edge (Chromium-based) CVE-2022-26895 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Important
Microsoft Edge (Chromium-based) CVE-2022-26900 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Important
Microsoft Edge (Chromium-based) CVE-2022-26894 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Important
Microsoft Edge (Chromium-based) CVE-2022-1232 Chromium: CVE-2022-1232 Type Confusion in V8 Unknown
Microsoft Edge (Chromium-based) CVE-2022-26891 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Important
Microsoft Edge (Chromium-based) CVE-2022-1125 Chromium: CVE-2022-1125 Use after free in Portals Unknown
Microsoft Edge (Chromium-based) CVE-2022-1136 Chromium: CVE-2022-1136 Use after free in Tab Strip Unknown
Microsoft Edge (Chromium-based) CVE-2022-24475 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Important
Microsoft Edge (Chromium-based) CVE-2022-1145 Chromium: CVE-2022-1145 Use after free in Extensions Unknown
Microsoft Edge (Chromium-based) CVE-2022-1135 Chromium: CVE-2022-1135 Use after free in Shopping Cart Unknown
Microsoft Edge (Chromium-based) CVE-2022-1138 Chromium: CVE-2022-1138 Inappropriate implementation in Web Cursor Unknown
Microsoft Edge (Chromium-based) CVE-2022-1143 Chromium: CVE-2022-1143 Heap buffer overflow in WebUI Unknown
Microsoft Edge (Chromium-based) CVE-2022-24523 Microsoft Edge (Chromium-based) Spoofing Vulnerability Moderate
Microsoft Edge (Chromium-based) CVE-2022-1137 Chromium: CVE-2022-1137 Inappropriate implementation in Extensions Unknown
Microsoft Edge (Chromium-based) CVE-2022-1134 Chromium: CVE-2022-1134 Type Confusion in V8 Unknown
Microsoft Edge (Chromium-based) CVE-2022-1127 Chromium: CVE-2022-1127 Use after free in QR Code Generator Unknown
Microsoft Edge (Chromium-based) CVE-2022-1128 Chromium: CVE-2022-1128 Inappropriate implementation in Web Share API Unknown
Microsoft Edge (Chromium-based) CVE-2022-1133 Chromium: CVE-2022-1133 Use after free in WebRTC Unknown
Microsoft Edge (Chromium-based) CVE-2022-1130 Chromium: CVE-2022-1130 Insufficient validation of untrusted input in WebOTP Unknown
Microsoft Edge (Chromium-based) CVE-2022-1129 Chromium: CVE-2022-1129 Inappropriate implementation in Full Screen Mode Unknown
Microsoft Edge (Chromium-based) CVE-2022-1131 Chromium: CVE-2022-1131 Use after free in Cast UI Unknown
Microsoft Graphics Component CVE-2022-26920 Windows Graphics Component Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2022-26903 Windows Graphics Component Remote Code Execution Vulnerability Important
Microsoft Local Security Authority Server (lsasrv) CVE-2022-24493 Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability Important
Microsoft Office Excel CVE-2022-24473 Microsoft Excel Remote Code Execution Vulnerability Important
Microsoft Office Excel CVE-2022-26901 Microsoft Excel Remote Code Execution Vulnerability Important
Microsoft Office SharePoint CVE-2022-24472 Microsoft SharePoint Server Spoofing Vulnerability Important
Microsoft Windows ALPC CVE-2022-24482 Windows ALPC Elevation of Privilege Vulnerability Important
Microsoft Windows ALPC CVE-2022-24540 Windows ALPC Elevation of Privilege Vulnerability Important
Microsoft Windows Codecs Library CVE-2022-24532 HEVC Video Extensions Remote Code Execution Vulnerability Important
Microsoft Windows Media Foundation CVE-2022-24495 Windows Direct Show – Remote Code Execution Vulnerability Important
Power BI CVE-2022-23292 Microsoft Power BI Spoofing Vulnerability Important
Role: DNS Server CVE-2022-26815 Windows DNS Server Remote Code Execution Vulnerability Important
Role: DNS Server CVE-2022-26816 Windows DNS Server Information Disclosure Vulnerability Important
Role: DNS Server CVE-2022-24536 Windows DNS Server Remote Code Execution Vulnerability Important
Role: DNS Server CVE-2022-26824 Windows DNS Server Remote Code Execution Vulnerability Important
Role: DNS Server CVE-2022-26823 Windows DNS Server Remote Code Execution Vulnerability Important
Role: DNS Server CVE-2022-26822 Windows DNS Server Remote Code Execution Vulnerability Important
Role: DNS Server CVE-2022-26829 Windows DNS Server Remote Code Execution Vulnerability Important
Role: DNS Server CVE-2022-26826 Windows DNS Server Remote Code Execution Vulnerability Important
Role: DNS Server CVE-2022-26825 Windows DNS Server Remote Code Execution Vulnerability Important
Role: DNS Server CVE-2022-26821 Windows DNS Server Remote Code Execution Vulnerability Important
Role: DNS Server CVE-2022-26820 Windows DNS Server Remote Code Execution Vulnerability Important
Role: DNS Server CVE-2022-26813 Windows DNS Server Remote Code Execution Vulnerability Important
Role: DNS Server CVE-2022-26818 Windows DNS Server Remote Code Execution Vulnerability Important
Role: DNS Server CVE-2022-26819 Windows DNS Server Remote Code Execution Vulnerability Important
Role: DNS Server CVE-2022-26811 Windows DNS Server Remote Code Execution Vulnerability Important
Role: DNS Server CVE-2022-26812 Windows DNS Server Remote Code Execution Vulnerability Important
Role: Windows Hyper-V CVE-2022-22008 Windows Hyper-V Remote Code Execution Vulnerability Critical
Role: Windows Hyper-V CVE-2022-24490 Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability Important
Role: Windows Hyper-V CVE-2022-24539 Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability Important
Role: Windows Hyper-V CVE-2022-26785 Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability Important
Role: Windows Hyper-V CVE-2022-26783 Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability Important
Role: Windows Hyper-V CVE-2022-24537 Windows Hyper-V Remote Code Execution Vulnerability Critical
Role: Windows Hyper-V CVE-2022-23268 Windows Hyper-V Denial of Service Vulnerability Important
Role: Windows Hyper-V CVE-2022-23257 Windows Hyper-V Remote Code Execution Vulnerability Critical
Role: Windows Hyper-V CVE-2022-22009 Windows Hyper-V Remote Code Execution Vulnerability Important
Skype for Business CVE-2022-26911 Skype for Business Information Disclosure Vulnerability Important
Skype for Business CVE-2022-26910 Skype for Business and Lync Spoofing Vulnerability Important
Visual Studio CVE-2022-24767 GitHub: Git for Windows’ uninstaller vulnerable to DLL hijacking when run under the SYSTEM user account Important
Visual Studio CVE-2022-24765 GitHub: Uncontrolled search for the Git directory in Git for Windows Important
Visual Studio CVE-2022-24513 Visual Studio Elevation of Privilege Vulnerability Important
Visual Studio Code CVE-2022-26921 Visual Studio Code Elevation of Privilege Vulnerability Important
Windows Ancillary Function Driver for WinSock CVE-2022-24494 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Important
Windows App Store CVE-2022-24488 Windows Desktop Bridge Elevation of Privilege Vulnerability Important
Windows AppX Package Manager CVE-2022-24549 Windows AppX Package Manager Elevation of Privilege Vulnerability Important
Windows Cluster Client Failover CVE-2022-24489 Cluster Client Failover (CCF) Elevation of Privilege Vulnerability Important
Windows Cluster Shared Volume (CSV) CVE-2022-24538 Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability Important
Windows Cluster Shared Volume (CSV) CVE-2022-26784 Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability Important
Windows Cluster Shared Volume (CSV) CVE-2022-24484 Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability Important
Windows Common Log File System Driver CVE-2022-24521 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important
Windows Common Log File System Driver CVE-2022-24481 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important
Windows Defender CVE-2022-24548 Microsoft Defender Denial of Service Vulnerability Important
Windows DWM Core Library CVE-2022-24546 Windows DWM Core Library Elevation of Privilege Vulnerability Important
Windows Endpoint Configuration Manager CVE-2022-24527 Windows Endpoint Configuration Manager Elevation of Privilege Vulnerability Important
Windows Fax Compose Form CVE-2022-26917 Windows Fax Compose Form Remote Code Execution Vulnerability Important
Windows Fax Compose Form CVE-2022-26916 Windows Fax Compose Form Remote Code Execution Vulnerability Important
Windows Fax Compose Form CVE-2022-26918 Windows Fax Compose Form Remote Code Execution Vulnerability Important
Windows Feedback Hub CVE-2022-24479 Connected User Experiences and Telemetry Elevation of Privilege Vulnerability Important
Windows File Explorer CVE-2022-26808 Windows File Explorer Elevation of Privilege Vulnerability Important
Windows File Server CVE-2022-26827 Windows File Server Resource Management Service Elevation of Privilege Vulnerability Important
Windows File Server CVE-2022-26810 Windows File Server Resource Management Service Elevation of Privilege Vulnerability Important
Windows Installer CVE-2022-24499 Windows Installer Elevation of Privilege Vulnerability Important
Windows Installer CVE-2022-24530 Windows Installer Elevation of Privilege Vulnerability Important
Windows iSCSI Target Service CVE-2022-24498 Windows iSCSI Target Service Information Disclosure Vulnerability Important
Windows Kerberos CVE-2022-24545 Windows Kerberos Remote Code Execution Vulnerability Important
Windows Kerberos CVE-2022-24486 Windows Kerberos Elevation of Privilege Vulnerability Important
Windows Kerberos CVE-2022-24544 Windows Kerberos Elevation of Privilege Vulnerability Important
Windows Kernel CVE-2022-24483 Windows Kernel Information Disclosure Vulnerability Important
Windows Local Security Authority Subsystem Service CVE-2022-24487 Windows Local Security Authority (LSA) Remote Code Execution Vulnerability Important
Windows Local Security Authority Subsystem Service CVE-2022-24496 Local Security Authority (LSA) Elevation of Privilege Vulnerability Important
Windows Media CVE-2022-24547 Windows Digital Media Receiver Elevation of Privilege Vulnerability Important
Windows Network File System CVE-2022-24491 Windows Network File System Remote Code Execution Vulnerability Critical
Windows Network File System CVE-2022-24497 Windows Network File System Remote Code Execution Vulnerability Critical
Windows PowerShell CVE-2022-26788 PowerShell Elevation of Privilege Vulnerability Important
Windows Print Spooler Components CVE-2022-26789 Windows Print Spooler Elevation of Privilege Vulnerability Important
Windows Print Spooler Components CVE-2022-26787 Windows Print Spooler Elevation of Privilege Vulnerability Important
Windows Print Spooler Components CVE-2022-26786 Windows Print Spooler Elevation of Privilege Vulnerability Important
Windows Print Spooler Components CVE-2022-26796 Windows Print Spooler Elevation of Privilege Vulnerability Important
Windows Print Spooler Components CVE-2022-26790 Windows Print Spooler Elevation of Privilege Vulnerability Important
Windows Print Spooler Components CVE-2022-26803 Windows Print Spooler Elevation of Privilege Vulnerability Important
Windows Print Spooler Components CVE-2022-26802 Windows Print Spooler Elevation of Privilege Vulnerability Important
Windows Print Spooler Components CVE-2022-26794 Windows Print Spooler Elevation of Privilege Vulnerability Important
Windows Print Spooler Components CVE-2022-26795 Windows Print Spooler Elevation of Privilege Vulnerability Important
Windows Print Spooler Components CVE-2022-26797 Windows Print Spooler Elevation of Privilege Vulnerability Important
Windows Print Spooler Components CVE-2022-26798 Windows Print Spooler Elevation of Privilege Vulnerability Important
Windows Print Spooler Components CVE-2022-26791 Windows Print Spooler Elevation of Privilege Vulnerability Important
Windows Print Spooler Components CVE-2022-26801 Windows Print Spooler Elevation of Privilege Vulnerability Important
Windows Print Spooler Components CVE-2022-26793 Windows Print Spooler Elevation of Privilege Vulnerability Important
Windows Print Spooler Components CVE-2022-26792 Windows Print Spooler Elevation of Privilege Vulnerability Important
Windows RDP CVE-2022-24533 Remote Desktop Protocol Remote Code Execution Vulnerability Important
Windows Remote Procedure Call Runtime CVE-2022-26809 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical
Windows Remote Procedure Call Runtime CVE-2022-24528 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important
Windows Remote Procedure Call Runtime CVE-2022-24492 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important
Windows schannel CVE-2022-26915 Windows Secure Channel Denial of Service Vulnerability Important
Windows SMB CVE-2022-24485 Win32 File Enumeration Remote Code Execution Vulnerability Important
Windows SMB CVE-2022-26830 DiskUsage.exe Remote Code Execution Vulnerability Important
Windows SMB CVE-2022-21983 Win32 Stream Enumeration Remote Code Execution Vulnerability Important
Windows SMB CVE-2022-24541 Windows Server Service Remote Code Execution Vulnerability Critical
Windows SMB CVE-2022-24500 Windows SMB Remote Code Execution Vulnerability Critical
Windows SMB CVE-2022-24534 Win32 Stream Enumeration Remote Code Execution Vulnerability Important
Windows Telephony Server CVE-2022-24550 Windows Telephony Server Elevation of Privilege Vulnerability Important
Windows Upgrade Assistant CVE-2022-24543 Windows Upgrade Assistant Remote Code Execution Vulnerability Important
Windows User Profile Service CVE-2022-26904 Windows User Profile Service Elevation of Privilege Vulnerability Important
Windows Win32K CVE-2022-24474 Windows Win32k Elevation of Privilege Vulnerability Important
Windows Win32K CVE-2022-26914 Win32k Elevation of Privilege Vulnerability Important
Windows Win32K CVE-2022-24542 Windows Win32k Elevation of Privilege Vulnerability Important
Windows Work Folder Service CVE-2022-26807 Windows Work Folder Service Elevation of Privilege Vulnerability Important
YARP reverse proxy CVE-2022-26924 YARP Denial of Service Vulnerability Important

 

منبع :

https://www.bleepingcomputer.com