پشتیبانی 24/7 :

031-36691964 | 021-88203003

جستجو

بروزرسانی امنیتی سه شنبه ماه آگوست 2022 مایکروسافت

تیتر مطالب

مایکروسافت وصله امنیتی این ماه خود را با برطرف کردن آسیب پذیری Zero-day” DogWalk” و جمعا 121 آسیب پذیری منتشر نموده است.

17 مورد از آسیب پذیری های  رفع شده در این به روز رسانی در دسته آسیب پذیری های حیاتی قرار گرفته و اجازه اجرای کد از راه دور یا مجوز دسترسی به سیستم را می دهند.

این آسیب پذیری ها به صورت زیر دسته بندی می شوند:

*64 Elevation of Privilege Vulnerabilities
*6 Security Feature Bypass Vulnerabilities
*31 Remote Code Execution Vulnerabilities
*12 Information Disclosure Vulnerabilities
*7 Denial of Service Vulnerabilities
*1 Spoofing Vulnerability

دو آسیب پذیری Zero-day

آسیب پذیری DogWalk که مورد سوء استفاده هم قرار گرفته با شماره شناسایی CVE-2022-34713  (Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution) توسط مایکروسافت ردیابی شده است.
محققان امنیتی این آسیب پذیری را در ژانویه 2020 شناسایی کرده بودن اما مایکروسافت پس از آنکه تشخیص داد این آسیب پذیری امنیتی نیست، تصمیم گرفت آن را رفع نکند.
در هر صورت بعد از کشف آسیب پذیری  Microsoft Office MSDT محققان یکبار دیگر نسبت به رفع اسیب پذیری DogWalk تاکید کردن تا اینکه در به روز رسانی این ماه، آسیب پذیری مذکور رفع گردید.
آسیب پذیری Zero-day دیگر با شماره شناسایی CVE-2022-30134 (Microsoft Exchange Information Disclosure) بوده و به ماهجم اجازه ی خواندن ایمیل های هدف را می دهند. به گفته مایکروسافت این آسیب پذیری به صورت عمومی منتشر شده اما توسط مهاجمین شناسایی نشده بوده است.

در جدول لیست لیست کامل این آسیب پذیری ها به طور کامل قابل مشاهده است :

Tag CVE ID CVE Title Severity
.NET Core CVE-2022-34716 .NET Spoofing Vulnerability Important
Active Directory Domain Services CVE-2022-34691 Active Directory Domain Services Elevation of Privilege Vulnerability Critical
Azure Batch Node Agent CVE-2022-33646 Azure Batch Node Agent Elevation of Privilege Vulnerability Critical
Azure Real Time Operating System CVE-2022-34685 Azure RTOS GUIX Studio Information Disclosure Vulnerability Important
Azure Real Time Operating System CVE-2022-34686 Azure RTOS GUIX Studio Information Disclosure Vulnerability Important
Azure Real Time Operating System CVE-2022-35773 Azure RTOS GUIX Studio Remote Code Execution Vulnerability Important
Azure Real Time Operating System CVE-2022-35779 Azure RTOS GUIX Studio Remote Code Execution Vulnerability Important
Azure Real Time Operating System CVE-2022-35806 Azure RTOS GUIX Studio Remote Code Execution Vulnerability Important
Azure Real Time Operating System CVE-2022-34687 Azure RTOS GUIX Studio Remote Code Execution Vulnerability Important
Azure Real Time Operating System CVE-2022-30176 Azure RTOS GUIX Studio Remote Code Execution Vulnerability Important
Azure Real Time Operating System CVE-2022-30175 Azure RTOS GUIX Studio Remote Code Execution Vulnerability Important
Azure Site Recovery CVE-2022-35791 Azure Site Recovery Elevation of Privilege Vulnerability Important
Azure Site Recovery CVE-2022-35818 Azure Site Recovery Elevation of Privilege Vulnerability Important
Azure Site Recovery CVE-2022-35809 Azure Site Recovery Elevation of Privilege Vulnerability Important
Azure Site Recovery CVE-2022-35789 Azure Site Recovery Elevation of Privilege Vulnerability Important
Azure Site Recovery CVE-2022-35815 Azure Site Recovery Elevation of Privilege Vulnerability Important
Azure Site Recovery CVE-2022-35817 Azure Site Recovery Elevation of Privilege Vulnerability Important
Azure Site Recovery CVE-2022-35816 Azure Site Recovery Elevation of Privilege Vulnerability Important
Azure Site Recovery CVE-2022-35814 Azure Site Recovery Elevation of Privilege Vulnerability Important
Azure Site Recovery CVE-2022-35785 Azure Site Recovery Elevation of Privilege Vulnerability Important
Azure Site Recovery CVE-2022-35812 Azure Site Recovery Elevation of Privilege Vulnerability Important
Azure Site Recovery CVE-2022-35811 Azure Site Recovery Elevation of Privilege Vulnerability Important
Azure Site Recovery CVE-2022-35784 Azure Site Recovery Elevation of Privilege Vulnerability Important
Azure Site Recovery CVE-2022-35810 Azure Site Recovery Elevation of Privilege Vulnerability Important
Azure Site Recovery CVE-2022-35813 Azure Site Recovery Elevation of Privilege Vulnerability Important
Azure Site Recovery CVE-2022-35788 Azure Site Recovery Elevation of Privilege Vulnerability Important
Azure Site Recovery CVE-2022-35783 Azure Site Recovery Elevation of Privilege Vulnerability Important
Azure Site Recovery CVE-2022-35786 Azure Site Recovery Elevation of Privilege Vulnerability Important
Azure Site Recovery CVE-2022-35787 Azure Site Recovery Elevation of Privilege Vulnerability Important
Azure Site Recovery CVE-2022-35819 Azure Site Recovery Elevation of Privilege Vulnerability Important
Azure Site Recovery CVE-2022-35781 Azure Site Recovery Elevation of Privilege Vulnerability Important
Azure Site Recovery CVE-2022-35775 Azure Site Recovery Elevation of Privilege Vulnerability Important
Azure Site Recovery CVE-2022-35790 Azure Site Recovery Elevation of Privilege Vulnerability Important
Azure Site Recovery CVE-2022-35780 Azure Site Recovery Elevation of Privilege Vulnerability Important
Azure Site Recovery CVE-2022-35799 Azure Site Recovery Elevation of Privilege Vulnerability Important
Azure Site Recovery CVE-2022-35772 Azure Site Recovery Remote Code Execution Vulnerability Important
Azure Site Recovery CVE-2022-35800 Azure Site Recovery Elevation of Privilege Vulnerability Important
Azure Site Recovery CVE-2022-35774 Azure Site Recovery Elevation of Privilege Vulnerability Important
Azure Site Recovery CVE-2022-35802 Azure Site Recovery Elevation of Privilege Vulnerability Important
Azure Site Recovery CVE-2022-35782 Azure Site Recovery Elevation of Privilege Vulnerability Important
Azure Site Recovery CVE-2022-35824 Azure Site Recovery Remote Code Execution Vulnerability Important
Azure Site Recovery CVE-2022-35801 Azure Site Recovery Elevation of Privilege Vulnerability Important
Azure Site Recovery CVE-2022-35808 Azure Site Recovery Elevation of Privilege Vulnerability Important
Azure Site Recovery CVE-2022-35776 Azure Site Recovery Denial of Service Vulnerability Important
Azure Site Recovery CVE-2022-35807 Azure Site Recovery Elevation of Privilege Vulnerability Important
Azure Sphere CVE-2022-35821 Azure Sphere Information Disclosure Vulnerability Important
Microsoft ATA Port Driver CVE-2022-35760 Microsoft ATA Port Driver Elevation of Privilege Vulnerability Important
Microsoft Bluetooth Driver CVE-2022-35820 Windows Bluetooth Driver Elevation of Privilege Vulnerability Important
Microsoft Edge (Chromium-based) CVE-2022-35796 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Low
Microsoft Edge (Chromium-based) CVE-2022-33649 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability Important
Microsoft Edge (Chromium-based) CVE-2022-2618 Chromium: CVE-2022-2618 Insufficient validation of untrusted input in Internals Unknown
Microsoft Edge (Chromium-based) CVE-2022-2616 Chromium: CVE-2022-2616 Inappropriate implementation in Extensions API Unknown
Microsoft Edge (Chromium-based) CVE-2022-2617 Chromium: CVE-2022-2617 Use after free in Extensions API Unknown
Microsoft Edge (Chromium-based) CVE-2022-2619 Chromium: CVE-2022-2619 Insufficient validation of untrusted input in Settings Unknown
Microsoft Edge (Chromium-based) CVE-2022-2622 Chromium: CVE-2022-2622 Insufficient validation of untrusted input in Safe Browsing Unknown
Microsoft Edge (Chromium-based) CVE-2022-2623 Chromium: CVE-2022-2623 Use after free in Offline Unknown
Microsoft Edge (Chromium-based) CVE-2022-33636 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Moderate
Microsoft Edge (Chromium-based) CVE-2022-2621 Chromium: CVE-2022-2621 Use after free in Extensions Unknown
Microsoft Edge (Chromium-based) CVE-2022-2615 Chromium: CVE-2022-2615 Insufficient policy enforcement in Cookies Unknown
Microsoft Edge (Chromium-based) CVE-2022-2604 Chromium: CVE-2022-2604 Use after free in Safe Browsing Unknown
Microsoft Edge (Chromium-based) CVE-2022-2605 Chromium: CVE-2022-2605 Out of bounds read in Dawn Unknown
Microsoft Edge (Chromium-based) CVE-2022-2624 Chromium: CVE-2022-2624 Heap buffer overflow in PDF Unknown
Microsoft Edge (Chromium-based) CVE-2022-2603 Chromium: CVE-2022-2603 Use after free in Omnibox Unknown
Microsoft Edge (Chromium-based) CVE-2022-2606 Chromium: CVE-2022-2606 Use after free in Managed devices API Unknown
Microsoft Edge (Chromium-based) CVE-2022-2612 Chromium: CVE-2022-2612 Side-channel information leakage in Keyboard input Unknown
Microsoft Edge (Chromium-based) CVE-2022-2614 Chromium: CVE-2022-2614 Use after free in Sign-In Flow Unknown
Microsoft Edge (Chromium-based) CVE-2022-2610 Chromium: CVE-2022-2610 Insufficient policy enforcement in Background Fetch Unknown
Microsoft Edge (Chromium-based) CVE-2022-2611 Chromium: CVE-2022-2611 Inappropriate implementation in Fullscreen API Unknown
Microsoft Exchange Server CVE-2022-34692 Microsoft Exchange Information Disclosure Vulnerability Important
Microsoft Exchange Server CVE-2022-21980 Microsoft Exchange Server Elevation of Privilege Vulnerability Critical
Microsoft Exchange Server CVE-2022-21979 Microsoft Exchange Information Disclosure Vulnerability Important
Microsoft Exchange Server CVE-2022-24516 Microsoft Exchange Server Elevation of Privilege Vulnerability Critical
Microsoft Exchange Server CVE-2022-30134 Microsoft Exchange Information Disclosure Vulnerability Important
Microsoft Exchange Server CVE-2022-24477 Microsoft Exchange Server Elevation of Privilege Vulnerability Critical
Microsoft Office CVE-2022-34717 Microsoft Office Remote Code Execution Vulnerability Important
Microsoft Office Excel CVE-2022-33648 Microsoft Excel Remote Code Execution Vulnerability Important
Microsoft Office Excel CVE-2022-33631 Microsoft Excel Security Feature Bypass Vulnerability Important
Microsoft Office Outlook CVE-2022-35742 Microsoft Outlook Denial of Service Vulnerability Important
Microsoft Windows Support Diagnostic Tool (MSDT) CVE-2022-34713 Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability Important
Microsoft Windows Support Diagnostic Tool (MSDT) CVE-2022-35743 Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability Important
Remote Access Service Point-to-Point Tunneling Protocol CVE-2022-35752 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability Critical
Remote Access Service Point-to-Point Tunneling Protocol CVE-2022-35753 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability Critical
Remote Access Service Point-to-Point Tunneling Protocol CVE-2022-35769 Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability Important
Role: Windows Fax Service CVE-2022-34690 Windows Fax Service Elevation of Privilege Vulnerability Important
Role: Windows Hyper-V CVE-2022-34696 Windows Hyper-V Remote Code Execution Vulnerability Critical
Role: Windows Hyper-V CVE-2022-35751 Windows Hyper-V Elevation of Privilege Vulnerability Important
System Center Operations Manager CVE-2022-33640 System Center Operations Manager: Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability Important
Visual Studio CVE-2022-35827 Visual Studio Remote Code Execution Vulnerability Important
Visual Studio CVE-2022-35777 Visual Studio Remote Code Execution Vulnerability Important
Visual Studio CVE-2022-35825 Visual Studio Remote Code Execution Vulnerability Important
Visual Studio CVE-2022-35826 Visual Studio Remote Code Execution Vulnerability Important
Windows Bluetooth Service CVE-2022-30144 Windows Bluetooth Service Remote Code Execution Vulnerability Important
Windows Canonical Display Driver CVE-2022-35750 Win32k Elevation of Privilege Vulnerability Important
Windows Cloud Files Mini Filter Driver CVE-2022-35757 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Important
Windows Defender Credential Guard CVE-2022-35771 Windows Defender Credential Guard Elevation of Privilege Vulnerability Important
Windows Defender Credential Guard CVE-2022-34705 Windows Defender Credential Guard Elevation of Privilege Vulnerability Important
Windows Defender Credential Guard CVE-2022-34710 Windows Defender Credential Guard Information Disclosure Vulnerability Important
Windows Defender Credential Guard CVE-2022-34709 Windows Defender Credential Guard Security Feature Bypass Vulnerability Important
Windows Defender Credential Guard CVE-2022-34704 Windows Defender Credential Guard Information Disclosure Vulnerability Important
Windows Defender Credential Guard CVE-2022-34712 Windows Defender Credential Guard Information Disclosure Vulnerability Important
Windows Digital Media CVE-2022-35746 Windows Digital Media Receiver Elevation of Privilege Vulnerability Important
Windows Digital Media CVE-2022-35749 Windows Digital Media Receiver Elevation of Privilege Vulnerability Important
Windows Error Reporting CVE-2022-35795 Windows Error Reporting Service Elevation of Privilege Vulnerability Important
Windows Hello CVE-2022-35797 Windows Hello Security Feature Bypass Vulnerability Important
Windows Internet Information Services CVE-2022-35748 HTTP.sys Denial of Service Vulnerability Important
Windows Kerberos CVE-2022-35756 Windows Kerberos Elevation of Privilege Vulnerability Important
Windows Kernel CVE-2022-35761 Windows Kernel Elevation of Privilege Vulnerability Important
Windows Kernel CVE-2022-35768 Windows Kernel Elevation of Privilege Vulnerability Important
Windows Kernel CVE-2022-34708 Windows Kernel Information Disclosure Vulnerability Important
Windows Kernel CVE-2022-34707 Windows Kernel Elevation of Privilege Vulnerability Important
Windows Kernel CVE-2022-35804 SMB Client and Server Remote Code Execution Vulnerability Critical
Windows Kernel CVE-2022-30197 Windows Kernel Information Disclosure Vulnerability Important
Windows Kernel CVE-2022-35758 Windows Kernel Memory Information Disclosure Vulnerability Important
Windows Local Security Authority (LSA) CVE-2022-34706 Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability Important
Windows Local Security Authority (LSA) CVE-2022-35759 Windows Local Security Authority (LSA) Denial of Service Vulnerability Important
Windows Network File System CVE-2022-34715 Windows Network File System Remote Code Execution Vulnerability Important
Windows Partition Management Driver CVE-2022-33670 Windows Partition Management Driver Elevation of Privilege Vulnerability Important
Windows Partition Management Driver CVE-2022-34703 Windows Partition Management Driver Elevation of Privilege Vulnerability Important
Windows Point-to-Point Tunneling Protocol CVE-2022-30133 Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability Critical
Windows Point-to-Point Tunneling Protocol CVE-2022-35747 Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability Important
Windows Point-to-Point Tunneling Protocol CVE-2022-35744 Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability Critical
Windows Print Spooler Components CVE-2022-35793 Windows Print Spooler Elevation of Privilege Vulnerability Important
Windows Print Spooler Components CVE-2022-35755 Windows Print Spooler Elevation of Privilege Vulnerability Important
Windows Secure Boot CVE-2022-34301 CERT/CC: CVE-2022-34301 Eurosoft Boot Loader Bypass Important
Windows Secure Boot CVE-2022-34302 CERT/CC: CVE-2022-34302 New Horizon Data Systems Inc Boot Loader Bypass Important
Windows Secure Boot CVE-2022-34303 CERT/CC: CVE-20220-34303 Crypto Pro Boot Loader Bypass Important
Windows Secure Socket Tunneling Protocol (SSTP) CVE-2022-35745 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability Critical
Windows Secure Socket Tunneling Protocol (SSTP) CVE-2022-35766 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability Critical
Windows Secure Socket Tunneling Protocol (SSTP) CVE-2022-35794 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability Critical
Windows Secure Socket Tunneling Protocol (SSTP) CVE-2022-34701 Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability Important
Windows Secure Socket Tunneling Protocol (SSTP) CVE-2022-34714 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability Critical
Windows Secure Socket Tunneling Protocol (SSTP) CVE-2022-34702 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability Critical
Windows Secure Socket Tunneling Protocol (SSTP) CVE-2022-35767 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability Critical
Windows Storage Spaces Direct CVE-2022-35762 Storage Spaces Direct Elevation of Privilege Vulnerability Important
Windows Storage Spaces Direct CVE-2022-35765 Storage Spaces Direct Elevation of Privilege Vulnerability Important
Windows Storage Spaces Direct CVE-2022-35792 Storage Spaces Direct Elevation of Privilege Vulnerability Important
Windows Storage Spaces Direct CVE-2022-35763 Storage Spaces Direct Elevation of Privilege Vulnerability Important
Windows Storage Spaces Direct CVE-2022-35764 Storage Spaces Direct Elevation of Privilege Vulnerability Important
Windows Unified Write Filter CVE-2022-35754 Unified Write Filter Elevation of Privilege Vulnerability Important
Windows WebBrowser Control CVE-2022-30194 Windows WebBrowser Control Remote Code Execution Vulnerability Important
Windows Win32K CVE-2022-34699 Windows Win32k Elevation of Privilege Vulnerability Important

 

منبع :

https://www.bleepingcomputer.com