پشتیبانی 24/7 :

031-36691964 | 021-88203003

جستجو

اولین آپدیت سه شنبه های مایکروسافت در سال 2023( ماه ژانویه) منتشر شد.

تیتر مطالب

دیروز سه شنبه، مایکروسافت وصله های سه شنبه ماه ژانویه را منتشر کرد و یک آسیب پذیری Zero-day که مورد بهره برداری قرار گرفته و جمعا 98 آسیب پذیری را رفع نموده است. 11 مورد از آنها در دسته آسیب پذیری های “حیاتی” قرار می گیرند.

تعداد هر آسیب پذیری در دسته بندی های زیر مشخص شده است:

  •  39 Elevation of Privilege Vulnerabilities
  •  4 Security Feature Bypass Vulnerabilities
  •  33 Remote Code Execution Vulnerabilities
  •  10 Information Disclosure Vulnerabilities
  •  10 Denial of Service Vulnerabilities
  •  2 Spoofing Vulnerabilities
 آسیب پذیری Zero-day

در بین وصله های این ماه، وصله ای برای آسیب پذیری Zero-day ای که مورد بهره برداری قرار گرفته و به صورت عمومی افشا شده نیز منتشر شده است.
مشخصات این آسیب پذیری به صورت زیر است:

CVE-2023-21674 – Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability

به گزارش مایکروسافت این یک آسیب پذیری فرار sandbox بوده و امکان بالا بردن مجوزهای دسترسی را به مهاجم می دهد.
مهاجمی که از این آسیب پذیری بهره برداری موفقیت آمیز داشته باشد، می تواند مجوزهای SYSTEM را به دست آورد. چگونگی استفاده آنها از آسیب مذکور در حملات هنوز مشخص نیست.
آسیب پذیری دیگری با شماره شناسایی CVE-2023-21549 گزارش شده و مایکروسافت معتقد است که به صورت عمومی نیز منتشر شده اما محققان امنیتی می گویند با توجه به بررسی های انجام شده، نمی توان این آسیب پذیری را افشا شده تلقی کرد.

آپدیتهای اخیر سایر شرکتها

 Adobe released security updates for numerous products.
 Cisco released security updates for Cisco IP Phone 7800 and 8800 phones.
 Citrix released security updates for Cisco Identity Services.
 Fortinet released security updates for various products.
 Intel released a security update for oneAPI Toolkits.
 SAP has released its January 2023 Patch Day updates.
 Synology released a security update for its Synology VPN Plus Server.

 

لیست کامل به روز رسانی مایکروسافت در جدول زیر ارائه شده است :

Tag CVE ID CVE Title Severity
.NET Core CVE-2023-21538 .NET Denial of Service Vulnerability Important
3D Builder CVE-2023-21782 3D Builder Remote Code Execution Vulnerability Important
3D Builder CVE-2023-21781 3D Builder Remote Code Execution Vulnerability Important
3D Builder CVE-2023-21783 3D Builder Remote Code Execution Vulnerability Important
3D Builder CVE-2023-21784 3D Builder Remote Code Execution Vulnerability Important
3D Builder CVE-2023-21791 3D Builder Remote Code Execution Vulnerability Important
3D Builder CVE-2023-21793 3D Builder Remote Code Execution Vulnerability Important
3D Builder CVE-2023-21786 3D Builder Remote Code Execution Vulnerability Important
3D Builder CVE-2023-21790 3D Builder Remote Code Execution Vulnerability Important
3D Builder CVE-2023-21780 3D Builder Remote Code Execution Vulnerability Important
3D Builder CVE-2023-21792 3D Builder Remote Code Execution Vulnerability Important
3D Builder CVE-2023-21789 3D Builder Remote Code Execution Vulnerability Important
3D Builder CVE-2023-21785 3D Builder Remote Code Execution Vulnerability Important
3D Builder CVE-2023-21787 3D Builder Remote Code Execution Vulnerability Important
3D Builder CVE-2023-21788 3D Builder Remote Code Execution Vulnerability Important
Azure Service Fabric Container CVE-2023-21531 Azure Service Fabric Container Elevation of Privilege Vulnerability Important
Microsoft Bluetooth Driver CVE-2023-21739 Windows Bluetooth Driver Elevation of Privilege Vulnerability Important
Microsoft Exchange Server CVE-2023-21764 Microsoft Exchange Server Elevation of Privilege Vulnerability Important
Microsoft Exchange Server CVE-2023-21763 Microsoft Exchange Server Elevation of Privilege Vulnerability Important
Microsoft Exchange Server CVE-2023-21762 Microsoft Exchange Server Spoofing Vulnerability Important
Microsoft Exchange Server CVE-2023-21761 Microsoft Exchange Server Information Disclosure Vulnerability Important
Microsoft Exchange Server CVE-2023-21745 Microsoft Exchange Server Spoofing Vulnerability Important
Microsoft Graphics Component CVE-2023-21680 Windows Win32k Elevation of Privilege Vulnerability Important
Microsoft Graphics Component CVE-2023-21532 Windows GDI Elevation of Privilege Vulnerability Important
Microsoft Graphics Component CVE-2023-21552 Windows GDI Elevation of Privilege Vulnerability Important
Microsoft Local Security Authority Server (lsasrv) CVE-2023-21728 Windows Netlogon Denial of Service Vulnerability Important
Microsoft Message Queuing CVE-2023-21537 Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability Important
Microsoft Office CVE-2023-21734 Microsoft Office Remote Code Execution Vulnerability Important
Microsoft Office CVE-2023-21735 Microsoft Office Remote Code Execution Vulnerability Important
Microsoft Office SharePoint CVE-2023-21742 Microsoft SharePoint Server Remote Code Execution Vulnerability Important
Microsoft Office SharePoint CVE-2023-21743 Microsoft SharePoint Server Security Feature Bypass Vulnerability Critical
Microsoft Office SharePoint CVE-2023-21744 Microsoft SharePoint Server Remote Code Execution Vulnerability Important
Microsoft Office Visio CVE-2023-21741 Microsoft Office Visio Information Disclosure Vulnerability Important
Microsoft Office Visio CVE-2023-21736 Microsoft Office Visio Remote Code Execution Vulnerability Important
Microsoft Office Visio CVE-2023-21737 Microsoft Office Visio Remote Code Execution Vulnerability Important
Microsoft Office Visio CVE-2023-21738 Microsoft Office Visio Remote Code Execution Vulnerability Important
Microsoft WDAC OLE DB provider for SQL CVE-2023-21681 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Important
Visual Studio Code CVE-2023-21779 Visual Studio Code Remote Code Execution Important
Windows ALPC CVE-2023-21674 Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability Important
Windows Ancillary Function Driver for WinSock CVE-2023-21768 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Important
Windows Authentication Methods CVE-2023-21539 Windows Authentication Remote Code Execution Vulnerability Important
Windows Backup Engine CVE-2023-21752 Windows Backup Service Elevation of Privilege Vulnerability Important
Windows Bind Filter Driver CVE-2023-21733 Windows Bind Filter Driver Elevation of Privilege Vulnerability Important
Windows BitLocker CVE-2023-21563 BitLocker Security Feature Bypass Vulnerability Important
Windows Boot Manager CVE-2023-21560 Windows Boot Manager Security Feature Bypass Vulnerability Important
Windows Credential Manager CVE-2023-21726 Windows Credential Manager User Interface Elevation of Privilege Vulnerability Important
Windows Cryptographic Services CVE-2023-21559 Windows Cryptographic Information Disclosure Vulnerability Important
Windows Cryptographic Services CVE-2023-21551 Microsoft Cryptographic Services Elevation of Privilege Vulnerability Critical
Windows Cryptographic Services CVE-2023-21561 Microsoft Cryptographic Services Elevation of Privilege Vulnerability Critical
Windows Cryptographic Services CVE-2023-21540 Windows Cryptographic Information Disclosure Vulnerability Important
Windows Cryptographic Services CVE-2023-21730 Microsoft Cryptographic Services Elevation of Privilege Vulnerability Critical
Windows Cryptographic Services CVE-2023-21550 Windows Cryptographic Information Disclosure Vulnerability Important
Windows DWM Core Library CVE-2023-21724 Microsoft DWM Core Library Elevation of Privilege Vulnerability Important
Windows Error Reporting CVE-2023-21558 Windows Error Reporting Service Elevation of Privilege Vulnerability Important
Windows Event Tracing CVE-2023-21536 Event Tracing for Windows Information Disclosure Vulnerability Important
Windows IKE Extension CVE-2023-21758 Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability Important
Windows IKE Extension CVE-2023-21683 Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability Important
Windows IKE Extension CVE-2023-21677 Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability Important
Windows Installer CVE-2023-21542 Windows Installer Elevation of Privilege Vulnerability Important
Windows Internet Key Exchange (IKE) Protocol CVE-2023-21547 Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability Important
Windows iSCSI CVE-2023-21527 Windows iSCSI Service Denial of Service Vulnerability Important
Windows Kernel CVE-2023-21755 Windows Kernel Elevation of Privilege Vulnerability Important
Windows Kernel CVE-2023-21753 Event Tracing for Windows Information Disclosure Vulnerability Important
Windows Layer 2 Tunneling Protocol CVE-2023-21556 Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability Critical
Windows Layer 2 Tunneling Protocol CVE-2023-21555 Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability Critical
Windows Layer 2 Tunneling Protocol CVE-2023-21543 Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability Critical
Windows Layer 2 Tunneling Protocol CVE-2023-21546 Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability Critical
Windows Layer 2 Tunneling Protocol CVE-2023-21679 Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability Critical
Windows LDAP – Lightweight Directory Access Protocol CVE-2023-21676 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability Important
Windows LDAP – Lightweight Directory Access Protocol CVE-2023-21557 Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability Important
Windows Local Security Authority (LSA) CVE-2023-21524 Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability Important
Windows Local Session Manager (LSM) CVE-2023-21771 Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability Important
Windows Malicious Software Removal Tool CVE-2023-21725 Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability Important
Windows Management Instrumentation CVE-2023-21754 Windows Kernel Elevation of Privilege Vulnerability Important
Windows NTLM CVE-2023-21746 Windows NTLM Elevation of Privilege Vulnerability Important
Windows ODBC Driver CVE-2023-21732 Microsoft ODBC Driver Remote Code Execution Vulnerability Important
Windows Overlay Filter CVE-2023-21766 Windows Overlay Filter Information Disclosure Vulnerability Important
Windows Overlay Filter CVE-2023-21767 Windows Overlay Filter Elevation of Privilege Vulnerability Important
Windows Point-to-Point Tunneling Protocol CVE-2023-21682 Windows Point-to-Point Protocol (PPP) Information Disclosure Vulnerability Important
Windows Print Spooler Components CVE-2023-21760 Windows Print Spooler Elevation of Privilege Vulnerability Important
Windows Print Spooler Components CVE-2023-21765 Windows Print Spooler Elevation of Privilege Vulnerability Important
Windows Print Spooler Components CVE-2023-21678 Windows Print Spooler Elevation of Privilege Vulnerability Important
Windows Remote Access Service L2TP Driver CVE-2023-21757 Windows Layer 2 Tunneling Protocol (L2TP) Denial of Service Vulnerability Important
Windows RPC API CVE-2023-21525 Remote Procedure Call Runtime Denial of Service Vulnerability Important
Windows Secure Socket Tunneling Protocol (SSTP) CVE-2023-21548 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability Critical
Windows Secure Socket Tunneling Protocol (SSTP) CVE-2023-21535 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability Critical
Windows Smart Card CVE-2023-21759 Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability Important
Windows Task Scheduler CVE-2023-21541 Windows Task Scheduler Elevation of Privilege Vulnerability Important
Windows Virtual Registry Provider CVE-2023-21772 Windows Kernel Elevation of Privilege Vulnerability Important
Windows Virtual Registry Provider CVE-2023-21748 Windows Kernel Elevation of Privilege Vulnerability Important
Windows Virtual Registry Provider CVE-2023-21773 Windows Kernel Elevation of Privilege Vulnerability Important
Windows Virtual Registry Provider CVE-2023-21747 Windows Kernel Elevation of Privilege Vulnerability Important
Windows Virtual Registry Provider CVE-2023-21776 Windows Kernel Information Disclosure Vulnerability Important
Windows Virtual Registry Provider CVE-2023-21774 Windows Kernel Elevation of Privilege Vulnerability Important
Windows Virtual Registry Provider CVE-2023-21750 Windows Kernel Elevation of Privilege Vulnerability Important
Windows Virtual Registry Provider CVE-2023-21675 Windows Kernel Elevation of Privilege Vulnerability Important
Windows Virtual Registry Provider CVE-2023-21749 Windows Kernel Elevation of Privilege Vulnerability Important
Windows Workstation Service CVE-2023-21549 Windows SMB Witness Service Elevation of Privilege Vulnerability Important

 

منبع: https://www.bleepingcomputer.com/