پشتیبانی 24/7 :

031-36691964 | 021-88203003

جستجو

آپدیت ماه July 2024 مایکروسافت با رفع 4 آسیب پذیری Zero-day منتشر شد.

تیتر مطالب

مایکروسافت به روز رسانی امنیتی سه شنبه های ماه جولای خود را با رفع 142 آسیب پذیری از جمله 2 آسیب پذیری فعال و 2 آسیب پذیری افشا شده Zero-day منتشر کرد.
در این به روز رسانی 5 آسیب پذیری حیاتی که امکان اجرای کد از راه دور دارند، نیز رفع شده است.


چهار آسیب پذیری Zero-day

این ماه 2 آسیب پذیری Zero-day که به صورت فعال مورد بهره برداری قرار گرفته اند و 2 آسیب پذیری Zero-day که به صورت عمومی افشا شده اند، رفع شده است.


CVE-2024-38080 – Windows Hyper-V Elevation of Privilege Vulnerability


این آسیب پذیری که به طور فعال مورد بهره برداری قرار گرفته است یک آسیب پذیری ارتقا امتیازات Hyper-V است که به مهاجم امکان داشتن مجوزهای SYSTEM را میدهد. مایکروسافت اطلاعات بیشتری از جزییات این آسیب پذیری منتشر نکرده است.


CVE-2024-38112  – Windows MSHTML Platform Spoofing Vulnerability


این آسیب پذیری نیز به طول فعال مورد بهره برداری قرار گرفته و یک آسیب پذیری جعل windows MSHTML است. برای بهره برداری موفق از این آسیب پذیری مهاجم لازم است اقدامات اولیه ای را انجام دهد و باید فایل مخربی را برای قربانی ارسال کرده تا قربانی آن را اجرا کند. جزییات بیشتری از این آسیب پذیری منتشر نشده است.


CVE-2024-35264 – .NET and Visual Studio Remote Code Execution Vulnerability

این آسیب پذیری در .NET و Visual Studio به طور عمومی افشا شده است.
مهاجم از طریق بستن یک استریم http/3 می تواند از این آسیب پذیری بهره برداری کند و در نتیجه موفق به اجرای کد از راه دور شود.


CVE-2024-37985 – Arm: CVE-2024-37985 Systematic Identification and Characterization of Proprietary Prefetchers

مایکروسافت حمله کانال جانبی FetchBench را که قبلا افشا شده بود را رفع نموده است.
یک مهاجم با بهره برداری از این آسیب پذیری می تواند حافظه heap را از یک فرآیند ممتاز در حال اجرا بر روی سرور، مشاهده کند. بهره برداری از این آسیب پذیری نیازمند آماده سازی شرایط اولیه توسط مهاجم است.

 

لیست کامل به روز رسانی های ماه july 2024

TagCVE IDCVE TitleSeverity
.NET and Visual StudioCVE-2024-30105.NET Core and Visual Studio Denial of Service VulnerabilityImportant
.NET and Visual StudioCVE-2024-38081.NET, .NET Framework, and Visual Studio Elevation of Privilege VulnerabilityImportant
.NET and Visual StudioCVE-2024-35264.NET and Visual Studio Remote Code Execution VulnerabilityImportant
.NET and Visual StudioCVE-2024-38095.NET and Visual Studio Denial of Service VulnerabilityImportant
Active Directory Rights Management ServicesCVE-2024-39684Github: CVE-2024-39684 TenCent RapidJSON Elevation of Privilege VulnerabilityModerate
Active Directory Rights Management ServicesCVE-2024-38517Github: CVE-2024-38517 TenCent RapidJSON Elevation of Privilege VulnerabilityModerate
Azure CycleCloudCVE-2024-38092Azure CycleCloud Elevation of Privilege VulnerabilityImportant
Azure DevOpsCVE-2024-35266Azure DevOps Server Spoofing VulnerabilityImportant
Azure DevOpsCVE-2024-35267Azure DevOps Server Spoofing VulnerabilityImportant
Azure Kinect SDKCVE-2024-38086Azure Kinect SDK Remote Code Execution VulnerabilityImportant
Azure Network WatcherCVE-2024-35261Azure Network Watcher VM Extension Elevation of Privilege VulnerabilityImportant
IntelCVE-2024-37985Arm: CVE-2024-37985 Systematic Identification and Characterization of Proprietary PrefetchersImportant
Line Printer Daemon Service (LPD)CVE-2024-38027Windows Line Printer Daemon Service Denial of Service VulnerabilityImportant
Microsoft Defender for IoTCVE-2024-38089Microsoft Defender for IoT Elevation of Privilege VulnerabilityImportant
Microsoft DynamicsCVE-2024-30061Microsoft Dynamics 365 (On-Premises) Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2024-38079Windows Graphics Component Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2024-38051Windows Graphics Component Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2024-38021Microsoft Office Remote Code Execution VulnerabilityImportant
Microsoft Office OutlookCVE-2024-38020Microsoft Outlook Spoofing VulnerabilityModerate
Microsoft Office SharePointCVE-2024-38024Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2024-38023Microsoft SharePoint Server Remote Code Execution VulnerabilityCritical
Microsoft Office SharePointCVE-2024-32987Microsoft SharePoint Server Information Disclosure VulnerabilityImportant
Microsoft Office SharePointCVE-2024-38094Microsoft SharePoint Remote Code Execution VulnerabilityImportant
Microsoft Streaming ServiceCVE-2024-38057Kernel Streaming WOW Thunk Service Driver Elevation of Privilege VulnerabilityImportant
Microsoft Streaming ServiceCVE-2024-38054Kernel Streaming WOW Thunk Service Driver Elevation of Privilege VulnerabilityImportant
Microsoft Streaming ServiceCVE-2024-38052Kernel Streaming WOW Thunk Service Driver Elevation of Privilege VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2024-38055Microsoft Windows Codecs Library Information Disclosure VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2024-38056Microsoft Windows Codecs Library Information Disclosure VulnerabilityImportant
Microsoft WS-DiscoveryCVE-2024-38091Microsoft WS-Discovery Denial of Service VulnerabilityImportant
NDISCVE-2024-38048Windows Network Driver Interface Specification (NDIS) Denial of Service VulnerabilityImportant
NPS RADIUS ServerCVE-2024-3596CERT/CC: CVE-2024-3596 RADIUS Protocol Spoofing VulnerabilityImportant
Role: Active Directory Certificate Services; Active Directory Domain ServicesCVE-2024-38061DCOM Remote Cross-Session Activation Elevation of Privilege VulnerabilityImportant
Role: Windows Hyper-VCVE-2024-38080Windows Hyper-V Elevation of Privilege VulnerabilityImportant
SQL ServerCVE-2024-28928SQL Server Native Client OLE DB Provider Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-38088SQL Server Native Client OLE DB Provider Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-20701SQL Server Native Client OLE DB Provider Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-21317SQL Server Native Client OLE DB Provider Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-21331SQL Server Native Client OLE DB Provider Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-21308SQL Server Native Client OLE DB Provider Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-21333SQL Server Native Client OLE DB Provider Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-35256SQL Server Native Client OLE DB Provider Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-21303SQL Server Native Client OLE DB Provider Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-21335SQL Server Native Client OLE DB Provider Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-35271SQL Server Native Client OLE DB Provider Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-35272SQL Server Native Client OLE DB Provider Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-21332SQL Server Native Client OLE DB Provider Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-38087SQL Server Native Client OLE DB Provider Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-21425SQL Server Native Client OLE DB Provider Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-21449SQL Server Native Client OLE DB Provider Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-37324SQL Server Native Client OLE DB Provider Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-37330SQL Server Native Client OLE DB Provider Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-37326SQL Server Native Client OLE DB Provider Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-37329SQL Server Native Client OLE DB Provider Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-37328SQL Server Native Client OLE DB Provider Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-37327SQL Server Native Client OLE DB Provider Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-37334Microsoft OLE DB Driver for SQL Server Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-37321SQL Server Native Client OLE DB Provider Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-37320SQL Server Native Client OLE DB Provider Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-37319SQL Server Native Client OLE DB Provider Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-37322SQL Server Native Client OLE DB Provider Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-37333SQL Server Native Client OLE DB Provider Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-37336SQL Server Native Client OLE DB Provider Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-37323SQL Server Native Client OLE DB Provider Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-37331SQL Server Native Client OLE DB Provider Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-21398SQL Server Native Client OLE DB Provider Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-21373SQL Server Native Client OLE DB Provider Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-37318SQL Server Native Client OLE DB Provider Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-21428SQL Server Native Client OLE DB Provider Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-21415SQL Server Native Client OLE DB Provider Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-37332SQL Server Native Client OLE DB Provider Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-21414SQL Server Native Client OLE DB Provider Remote Code Execution VulnerabilityImportant
Windows BitLockerCVE-2024-38058BitLocker Security Feature Bypass VulnerabilityImportant
Windows COM SessionCVE-2024-38100Windows File Explorer Elevation of Privilege VulnerabilityImportant
Windows CoreMessagingCVE-2024-21417Windows Text Services Framework Elevation of Privilege VulnerabilityImportant
Windows Cryptographic ServicesCVE-2024-30098Windows Cryptographic Services Security Feature Bypass VulnerabilityImportant
Windows DHCP ServerCVE-2024-38044DHCP Server Service Remote Code Execution VulnerabilityImportant
Windows Distributed Transaction CoordinatorCVE-2024-38049Windows Distributed Transaction Coordinator Remote Code Execution VulnerabilityImportant
Windows Enroll EngineCVE-2024-38069Windows Enroll Engine Security Feature Bypass VulnerabilityImportant
Windows Fax and Scan ServiceCVE-2024-38104Windows Fax Service Remote Code Execution VulnerabilityImportant
Windows FilteringCVE-2024-38034Windows Filtering Platform Elevation of Privilege VulnerabilityImportant
Windows Image AcquisitionCVE-2024-38022Windows Image Acquisition Elevation of Privilege VulnerabilityImportant
Windows Imaging ComponentCVE-2024-38060Windows Imaging Component Remote Code Execution VulnerabilityCritical
Windows Internet Connection Sharing (ICS)CVE-2024-38105Windows Layer-2 Bridge Network Driver Denial of Service VulnerabilityImportant
Windows Internet Connection Sharing (ICS)CVE-2024-38053Windows Layer-2 Bridge Network Driver Remote Code Execution VulnerabilityImportant
Windows Internet Connection Sharing (ICS)CVE-2024-38102Windows Layer-2 Bridge Network Driver Denial of Service VulnerabilityImportant
Windows Internet Connection Sharing (ICS)CVE-2024-38101Windows Layer-2 Bridge Network Driver Denial of Service VulnerabilityImportant
Windows iSCSICVE-2024-35270Windows iSCSI Service Denial of Service VulnerabilityImportant
Windows KernelCVE-2024-38041Windows Kernel Information Disclosure VulnerabilityImportant
Windows Kernel-Mode DriversCVE-2024-38062Windows Kernel-Mode Driver Elevation of Privilege VulnerabilityImportant
Windows LockDown Policy (WLDP)CVE-2024-38070Windows LockDown Policy (WLDP) Security Feature Bypass VulnerabilityImportant
Windows Message QueuingCVE-2024-38017Microsoft Message Queuing Information Disclosure VulnerabilityImportant
Windows MSHTML PlatformCVE-2024-38112Windows MSHTML Platform Spoofing VulnerabilityImportant
Windows MultiPoint ServicesCVE-2024-30013Windows MultiPoint Services Remote Code Execution VulnerabilityImportant
Windows NTLMCVE-2024-30081Windows NTLM Spoofing VulnerabilityImportant
Windows Online Certificate Status Protocol (OCSP)CVE-2024-38068Windows Online Certificate Status Protocol (OCSP) Server Denial of Service VulnerabilityImportant
Windows Online Certificate Status Protocol (OCSP)CVE-2024-38067Windows Online Certificate Status Protocol (OCSP) Server Denial of Service VulnerabilityImportant
Windows Online Certificate Status Protocol (OCSP)CVE-2024-38031Windows Online Certificate Status Protocol (OCSP) Server Denial of Service VulnerabilityImportant
Windows Performance MonitorCVE-2024-38028Microsoft Windows Performance Data Helper Library Remote Code Execution VulnerabilityImportant
Windows Performance MonitorCVE-2024-38019Microsoft Windows Performance Data Helper Library Remote Code Execution VulnerabilityImportant
Windows Performance MonitorCVE-2024-38025Microsoft Windows Performance Data Helper Library Remote Code Execution VulnerabilityImportant
Windows PowerShellCVE-2024-38043PowerShell Elevation of Privilege VulnerabilityImportant
Windows PowerShellCVE-2024-38047PowerShell Elevation of Privilege VulnerabilityImportant
Windows PowerShellCVE-2024-38033PowerShell Elevation of Privilege VulnerabilityImportant
Windows Remote Access Connection ManagerCVE-2024-30071Windows Remote Access Connection Manager Information Disclosure VulnerabilityImportant
Windows Remote Access Connection ManagerCVE-2024-30079Windows Remote Access Connection Manager Elevation of Privilege VulnerabilityImportant
Windows Remote DesktopCVE-2024-38076Windows Remote Desktop Licensing Service Remote Code Execution VulnerabilityCritical
Windows Remote DesktopCVE-2024-38015Windows Remote Desktop Gateway (RD Gateway) Denial of Service VulnerabilityImportant
Windows Remote Desktop Licensing ServiceCVE-2024-38071Windows Remote Desktop Licensing Service Denial of Service VulnerabilityImportant
Windows Remote Desktop Licensing ServiceCVE-2024-38073Windows Remote Desktop Licensing Service Denial of Service VulnerabilityImportant
Windows Remote Desktop Licensing ServiceCVE-2024-38074Windows Remote Desktop Licensing Service Remote Code Execution VulnerabilityCritical
Windows Remote Desktop Licensing ServiceCVE-2024-38072Windows Remote Desktop Licensing Service Denial of Service VulnerabilityImportant
Windows Remote Desktop Licensing ServiceCVE-2024-38077Windows Remote Desktop Licensing Service Remote Code Execution VulnerabilityCritical
Windows Remote Desktop Licensing ServiceCVE-2024-38099Windows Remote Desktop Licensing Service Denial of Service VulnerabilityImportant
Windows Secure BootCVE-2024-38065Secure Boot Security Feature Bypass VulnerabilityImportant
Windows Secure BootCVE-2024-37986Secure Boot Security Feature Bypass VulnerabilityImportant
Windows Secure BootCVE-2024-37981Secure Boot Security Feature Bypass VulnerabilityImportant
Windows Secure BootCVE-2024-37987Secure Boot Security Feature Bypass VulnerabilityImportant
Windows Secure BootCVE-2024-28899Secure Boot Security Feature Bypass VulnerabilityImportant
Windows Secure BootCVE-2024-26184Secure Boot Security Feature Bypass VulnerabilityImportant
Windows Secure BootCVE-2024-38011Secure Boot Security Feature Bypass VulnerabilityImportant
Windows Secure BootCVE-2024-37984Secure Boot Security Feature Bypass VulnerabilityImportant
Windows Secure BootCVE-2024-37988Secure Boot Security Feature Bypass VulnerabilityImportant
Windows Secure BootCVE-2024-37977Secure Boot Security Feature Bypass VulnerabilityImportant
Windows Secure BootCVE-2024-37978Secure Boot Security Feature Bypass VulnerabilityImportant
Windows Secure BootCVE-2024-37974Secure Boot Security Feature Bypass VulnerabilityImportant
Windows Secure BootCVE-2024-38010Secure Boot Security Feature Bypass VulnerabilityImportant
Windows Secure BootCVE-2024-37989Secure Boot Security Feature Bypass VulnerabilityImportant
Windows Secure BootCVE-2024-37970Secure Boot Security Feature Bypass VulnerabilityImportant
Windows Secure BootCVE-2024-37975Secure Boot Security Feature Bypass VulnerabilityImportant
Windows Secure BootCVE-2024-37972Secure Boot Security Feature Bypass VulnerabilityImportant
Windows Secure BootCVE-2024-37973Secure Boot Security Feature Bypass VulnerabilityImportant
Windows Secure BootCVE-2024-37971Secure Boot Security Feature Bypass VulnerabilityImportant
Windows Secure BootCVE-2024-37969Secure Boot Security Feature Bypass VulnerabilityImportant
Windows Server BackupCVE-2024-38013Microsoft Windows Server Backup Elevation of Privilege VulnerabilityImportant
Windows TCP/IPCVE-2024-38064Windows TCP/IP Information Disclosure VulnerabilityImportant
Windows ThemesCVE-2024-38030Windows Themes Spoofing VulnerabilityImportant
Windows Win32 Kernel SubsystemCVE-2024-38085Windows Graphics Component Elevation of Privilege VulnerabilityImportant
Windows Win32K – GRFXCVE-2024-38066Windows Win32k Elevation of Privilege VulnerabilityImportant
Windows Win32K – ICOMPCVE-2024-38059Win32k Elevation of Privilege VulnerabilityImportant
Windows Workstation ServiceCVE-2024-38050Windows Workstation Service Elevation of Privilege VulnerabilityImportant
XBox Crypto Graphic ServicesCVE-2024-38032Microsoft Xbox Remote Code Execution VulnerabilityImportant
XBox Crypto Graphic ServicesCVE-2024-38078Xbox Wireless Adapter Remote Code Execution VulnerabilityImportant

 

منبع:

bleepingcomputer.com