پشتیبانی 24/7 :

031-36691964 | 021-88203003

جستجو
انتشار آپدیت های امنیتی ماه جولای 2025 مایکروسافت و رفع 137 آسیب پذیری

انتشار آپدیت های امنیتی ماه جولای 2025 مایکروسافت و رفع 137 آسیب پذیری

تیتر مطالب

مایکروسافت آپدیت امنیتی ماه جولای 2025 را که شامل رفع 137 آسیب پذیری و یک آسیب پذیری افشا شده عمومی Zero-day در Microsoft SQL Server است، منتشر کرد.
این آپدیت امنیتی دربرگیرنده وصله برای 14 آسیب پذیری حیاتی که 10 مورد از آنها آسیب پذیری اجرای کد از راه دور، یک مورد افشای اطلاعات و 2 مورد آسیب پذیری حمله AMD side channel هستند.
تعداد آسیب پذیری ها در هر دسته به ترتیب زیر است:

  •  53 Elevation of Privilege Vulnerabilities
  • 8 Security Feature Bypass Vulnerabilities
  • 41 Remote Code Execution Vulnerabilities
  • 18 Information Disclosure Vulnerabilities
  • 6 Denial of Service Vulnerabilities
  • 4 Spoofing Vulnerabilities

آسیب پذیری Zero-day و آسیب پذیری های حیاتی در Microsoft Office

این ماه مایکروسافت یک آسیب پذیری Zero-day افشا شده عمومی در Microsoft SQL Server را برطرف کرده است.


CVE-2025-49719 – Microsoft SQL Server Information Disclosure Vulnerability

مایکروسافت این آسیب پذیری در Microsoft SQL Server که به مهاجم احراز هویت نشده از راه دور امکان دسترسی به داده های مقداردهی اولیه نشده در حافظه را میدهد را وصله کرده است.
به گفته مایکروسافت، اعتبارسنجی نادرست ورودی در SQL Server به یک مهاجم غیرمجاز اجازه می‌دهد تا اطلاعات را از طریق شبکه افشا کند.
مدیران سیستم می‌توانند با نصب آخرین نسخه Microsoft SQL Server و با نصب Microsoft OLE DB Driver نسخه‌های 18 یا 19، این نقص را برطرف کنند.
اگرچه در این آپدیت امنیتی فقط یک آسیب‌پذیری Zero-day وجود داشت اما مایکروسافت نقص‌های متعدد و حیاتی اجرای کد از راه دور را در مایکروسافت آفیس برطرف کرد که می‌توانند به سادگی با باز کردن یک سند خاص یا هنگام مشاهده از طریق صفحه پیش‌نمایش مورد سوءاستفاده قرار گیرند.
مایکروسافت اظهار داشت که به‌روزرسانی‌های امنیتی برای این نقص‌ها هنوز برای مایکروسافت آفیس LTSC برای مک 2021 و 2024 در دسترس نیستند و به زودی منتشر خواهند شد.
این شرکت همچنین یک آسیب‌پذیری اجرای کد از راه دور حیاتی دیگر را در Microsoft Sharepoint با شناسه CVE-2025-49704 برطرف کرد که می‌تواند از راه دور و از طریق اینترنت مورد سوءاستفاده قرار گیرد، مادامی که کاربر در پلتفرم حساب کاربری داشته باشد.

به روز رسانی های اخیر از سایر شرکتها:


AMD disclosed new Transient Scheduler Attacks based on a Microsoft report titled “Enter, Exit, Page Fault, Leak: Testing Isolation Boundaries for Microarchitectural Leaks.”
Cisco released numerous patches this month, including one for hardcoded root SSH credentials in Unified CM.
Fortinet released security updates today for multiple products, including FortiOS, FortiManager, FortiSandbox, FortiIsolator, and FortiProxy.
Google’s released security updates for Google Chrome to fix an actively exploited zero-day tracked as CVE-2025-6554. Google has not released any Android security patches in its July 2025 Android Security Bulletin.
• Grafana has released security fixes for four Chromium vulnerabilities in Grafana Image Renderer plugin and Synthetic Monitoring Agent.
Ivanti released security updates for flaws in Ivanti Connect Secure and Policy Secure, Ivanti EPMM, and Ivanti EPM. None of these vulnerabilities has been reported as actively exploited.
SAP released the July security updates for multiple products, including upgrading a previous flaw (CVE-2025-30012) in SAP Supplier Relationship Management to a rating of 10/10.

 

لیست کامل آپدیت های ماه جولای 2025 مایکروسافت

TagCVE IDCVE TitleSeverity
AMD L1 Data QueueCVE-2025-36357AMD: CVE-2025-36357 Transient Scheduler Attack in L1 Data QueueCritical
AMD Store QueueCVE-2025-36350AMD: CVE-2024-36350 Transient Scheduler Attack in Store QueueCritical
Azure Monitor AgentCVE-2025-47988Azure Monitor Agent Remote Code Execution VulnerabilityImportant
Capability Access Management Service (camsvc)CVE-2025-49690Capability Access Management Service (camsvc) Elevation of Privilege VulnerabilityImportant
HID class driverCVE-2025-48816HID Class Driver Elevation of Privilege VulnerabilityImportant
Kernel Streaming WOW Thunk Service DriverCVE-2025-49675Kernel Streaming WOW Thunk Service Driver Elevation of Privilege VulnerabilityImportant
Microsoft Brokering File SystemCVE-2025-49677Microsoft Brokering File System Elevation of Privilege VulnerabilityImportant
Microsoft Brokering File SystemCVE-2025-49694Microsoft Brokering File System Elevation of Privilege VulnerabilityImportant
Microsoft Brokering File SystemCVE-2025-49693Microsoft Brokering File System Elevation of Privilege VulnerabilityImportant
Microsoft Configuration ManagerCVE-2025-47178Microsoft Configuration Manager Remote Code Execution VulnerabilityImportant
Microsoft Graphics ComponentCVE-2025-49732Windows Graphics Component Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2025-49742Windows Graphics Component Remote Code Execution VulnerabilityImportant
Microsoft Graphics ComponentCVE-2025-49744Windows Graphics Component Elevation of Privilege VulnerabilityImportant
Microsoft Input Method Editor (IME)CVE-2025-49687Windows Input Method Editor (IME) Elevation of Privilege VulnerabilityImportant
Microsoft Input Method Editor (IME)CVE-2025-47991Windows Input Method Editor (IME) Elevation of Privilege VulnerabilityImportant
Microsoft Input Method Editor (IME)CVE-2025-47972Windows Input Method Editor (IME) Elevation of Privilege VulnerabilityImportant
Microsoft MPEG-2 Video ExtensionCVE-2025-48806Microsoft MPEG-2 Video Extension Remote Code Execution VulnerabilityImportant
Microsoft MPEG-2 Video ExtensionCVE-2025-48805Microsoft MPEG-2 Video Extension Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2025-47994Microsoft Office Elevation of Privilege VulnerabilityImportant
Microsoft OfficeCVE-2025-49697Microsoft Office Remote Code Execution VulnerabilityCritical
Microsoft OfficeCVE-2025-49695Microsoft Office Remote Code Execution VulnerabilityCritical
Microsoft OfficeCVE-2025-49696Microsoft Office Remote Code Execution VulnerabilityCritical
Microsoft OfficeCVE-2025-49699Microsoft Office Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2025-49702Microsoft Office Remote Code Execution VulnerabilityCritical
Microsoft Office ExcelCVE-2025-48812Microsoft Excel Information Disclosure VulnerabilityImportant
Microsoft Office ExcelCVE-2025-49711Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office PowerPointCVE-2025-49705Microsoft PowerPoint Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2025-49701Microsoft SharePoint Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2025-49704Microsoft SharePoint Remote Code Execution VulnerabilityCritical
Microsoft Office SharePointCVE-2025-49706Microsoft SharePoint Server Spoofing VulnerabilityImportant
Microsoft Office WordCVE-2025-49703Microsoft Word Remote Code Execution VulnerabilityCritical
Microsoft Office WordCVE-2025-49698Microsoft Word Remote Code Execution VulnerabilityCritical
Microsoft Office WordCVE-2025-49700Microsoft Word Remote Code Execution VulnerabilityImportant
Microsoft PC ManagerCVE-2025-47993Microsoft PC Manager Elevation of Privilege VulnerabilityImportant
Microsoft PC ManagerCVE-2025-49738Microsoft PC Manager Elevation of Privilege VulnerabilityImportant
Microsoft TeamsCVE-2025-49731Microsoft Teams Elevation of Privilege VulnerabilityImportant
Microsoft TeamsCVE-2025-49737Microsoft Teams Elevation of Privilege VulnerabilityImportant
Microsoft Windows QoS schedulerCVE-2025-49730Microsoft Windows QoS Scheduler Driver Elevation of Privilege VulnerabilityImportant
Microsoft Windows Search ComponentCVE-2025-49685Windows Search Service Elevation of Privilege VulnerabilityImportant
Office Developer PlatformCVE-2025-49756Office Developer Platform Security Feature Bypass VulnerabilityImportant
Remote Desktop ClientCVE-2025-48817Remote Desktop Client Remote Code Execution VulnerabilityImportant
Remote Desktop ClientCVE-2025-33054Remote Desktop Spoofing VulnerabilityImportant
Role: Windows Hyper-VCVE-2025-48822Windows Hyper-V Discrete Device Assignment (DDA) Remote Code Execution VulnerabilityCritical
Role: Windows Hyper-VCVE-2025-47999Windows Hyper-V Denial of Service VulnerabilityImportant
Role: Windows Hyper-VCVE-2025-48002Windows Hyper-V Information Disclosure VulnerabilityImportant
Service FabricCVE-2025-21195Azure Service Fabric Runtime Elevation of Privilege VulnerabilityImportant
SQL ServerCVE-2025-49719Microsoft SQL Server Information Disclosure VulnerabilityImportant
SQL ServerCVE-2025-49718Microsoft SQL Server Information Disclosure VulnerabilityImportant
SQL ServerCVE-2025-49717Microsoft SQL Server Remote Code Execution VulnerabilityCritical
Storage Port DriverCVE-2025-49684Windows Storage Port Driver Information Disclosure VulnerabilityImportant
Universal Print Management ServiceCVE-2025-47986Universal Print Management Service Elevation of Privilege VulnerabilityImportant
Virtual Hard Disk (VHDX)CVE-2025-47971Microsoft Virtual Hard Disk Elevation of Privilege VulnerabilityImportant
Virtual Hard Disk (VHDX)CVE-2025-49689Microsoft Virtual Hard Disk Elevation of Privilege VulnerabilityImportant
Virtual Hard Disk (VHDX)CVE-2025-49683Microsoft Virtual Hard Disk Remote Code Execution VulnerabilityLow
Virtual Hard Disk (VHDX)CVE-2025-47973Microsoft Virtual Hard Disk Elevation of Privilege VulnerabilityImportant
Visual StudioCVE-2025-49739Visual Studio Elevation of Privilege VulnerabilityImportant
Visual StudioCVE-2025-27614MITRE: CVE-2025-27614 Gitk Arbitrary Code Execution VulnerabilityUnknown
Visual StudioCVE-2025-27613MITRE: CVE-2025-27613 Gitk Arguments VulnerabilityUnknown
Visual StudioCVE-2025-46334MITRE: CVE-2025-46334 Git Malicious Shell VulnerabilityUnknown
Visual StudioCVE-2025-46835MITRE: CVE-2025-46835 Git File Overwrite VulnerabilityUnknown
Visual StudioCVE-2025-48384MITRE: CVE-2025-48384 Git Symlink VulnerabilityUnknown
Visual StudioCVE-2025-48386MITRE: CVE-2025-48386 Git Credential Helper VulnerabilityUnknown
Visual StudioCVE-2025-48385MITRE: CVE-2025-48385 Git Protocol Injection VulnerabilityUnknown
Visual Studio Code – Python extensionCVE-2025-49714Visual Studio Code Python Extension Remote Code Execution VulnerabilityImportant
Windows Ancillary Function Driver for WinSockCVE-2025-49661Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityImportant
Windows AppX Deployment ServiceCVE-2025-48820Windows AppX Deployment Service Elevation of Privilege VulnerabilityImportant
Windows BitLockerCVE-2025-48818BitLocker Security Feature Bypass VulnerabilityImportant
Windows BitLockerCVE-2025-48001BitLocker Security Feature Bypass VulnerabilityImportant
Windows BitLockerCVE-2025-48804BitLocker Security Feature Bypass VulnerabilityImportant
Windows BitLockerCVE-2025-48003BitLocker Security Feature Bypass VulnerabilityImportant
Windows BitLockerCVE-2025-48800BitLocker Security Feature Bypass VulnerabilityImportant
Windows Connected Devices Platform ServiceCVE-2025-48000Windows Connected Devices Platform Service Elevation of Privilege VulnerabilityImportant
Windows Connected Devices Platform ServiceCVE-2025-49724Windows Connected Devices Platform Service Remote Code Execution VulnerabilityImportant
Windows Cred SSProvider ProtocolCVE-2025-47987Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege VulnerabilityImportant
Windows Cryptographic ServicesCVE-2025-48823Windows Cryptographic Services Information Disclosure VulnerabilityImportant
Windows Event TracingCVE-2025-47985Windows Event Tracing Elevation of Privilege VulnerabilityImportant
Windows Event TracingCVE-2025-49660Windows Event Tracing Elevation of Privilege VulnerabilityImportant
Windows Fast FAT DriverCVE-2025-49721Windows Fast FAT File System Driver Elevation of Privilege VulnerabilityImportant
Windows GDICVE-2025-47984Windows GDI Information Disclosure VulnerabilityImportant
Windows Imaging ComponentCVE-2025-47980Windows Imaging Component Information Disclosure VulnerabilityCritical
Windows KDC Proxy Service (KPSSVC)CVE-2025-49735Windows KDC Proxy Service (KPSSVC) Remote Code Execution VulnerabilityCritical
Windows KerberosCVE-2025-47978Windows Kerberos Denial of Service VulnerabilityImportant
Windows KernelCVE-2025-49666Windows Server Setup and Boot Event Collection Remote Code Execution VulnerabilityImportant
Windows KernelCVE-2025-26636Windows Kernel Information Disclosure VulnerabilityImportant
Windows KernelCVE-2025-48809Windows Secure Kernel Mode Information Disclosure VulnerabilityImportant
Windows KernelCVE-2025-48808Windows Kernel Information Disclosure VulnerabilityImportant
Windows MBT Transport driverCVE-2025-47996Windows MBT Transport Driver Elevation of Privilege VulnerabilityImportant
Windows MediaCVE-2025-49682Windows Media Elevation of Privilege VulnerabilityImportant
Windows MediaCVE-2025-49691Windows Miracast Wireless Display Remote Code Execution VulnerabilityImportant
Windows NetlogonCVE-2025-49716Windows Netlogon Denial of Service VulnerabilityImportant
Windows NotificationCVE-2025-49726Windows Notification Elevation of Privilege VulnerabilityImportant
Windows NotificationCVE-2025-49725Windows Notification Elevation of Privilege VulnerabilityImportant
Windows NTFSCVE-2025-49678NTFS Elevation of Privilege VulnerabilityImportant
Windows Performance RecorderCVE-2025-49680Windows Performance Recorder (WPR) Denial of Service VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2025-49722Windows Print Spooler Denial of Service VulnerabilityImportant
Windows Remote Desktop Licensing ServiceCVE-2025-48814Remote Desktop Licensing Service Security Feature Bypass VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-49688Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-49676Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-49672Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-49670Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-49671Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-49753Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-49729Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-49673Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-49674Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-49669Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-49663Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-49668Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-49681Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-49657Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-47998Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-48824Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Secure Kernel ModeCVE-2025-48810Windows Secure Kernel Mode Information Disclosure VulnerabilityImportant
Windows ShellCVE-2025-49679Windows Shell Elevation of Privilege VulnerabilityImportant
Windows SmartScreenCVE-2025-49740Windows SmartScreen Security Feature Bypass VulnerabilityImportant
Windows SMBCVE-2025-48802Windows SMB Server Spoofing VulnerabilityImportant
Windows SPNEGO Extended NegotiationCVE-2025-47981SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution VulnerabilityCritical
Windows SSDP ServiceCVE-2025-47976Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege VulnerabilityImportant
Windows SSDP ServiceCVE-2025-47975Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege VulnerabilityImportant
Windows SSDP ServiceCVE-2025-48815Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege VulnerabilityImportant
Windows StateRepository APICVE-2025-49723Windows StateRepository API Server file Tampering VulnerabilityImportant
Windows StorageCVE-2025-49760Windows Storage Spoofing VulnerabilityModerate
Windows Storage VSP DriverCVE-2025-47982Windows Storage VSP Driver Elevation of Privilege VulnerabilityImportant
Windows TCP/IPCVE-2025-49686Windows TCP/IP Driver Elevation of Privilege VulnerabilityImportant
Windows TDX.sysCVE-2025-49658Windows Transport Driver Interface (TDI) Translation Driver Information Disclosure VulnerabilityImportant
Windows TDX.sysCVE-2025-49659Windows Transport Driver Interface (TDI) Translation Driver Elevation of Privilege VulnerabilityImportant
Windows Universal Plug and Play (UPnP) Device HostCVE-2025-48821Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege VulnerabilityImportant
Windows Universal Plug and Play (UPnP) Device HostCVE-2025-48819Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege VulnerabilityImportant
Windows Update ServiceCVE-2025-48799Windows Update Service Elevation of Privilege VulnerabilityImportant
Windows User-Mode Driver Framework HostCVE-2025-49664Windows User-Mode Driver Framework Host Information Disclosure VulnerabilityImportant
Windows Virtualization-Based Security (VBS) EnclaveCVE-2025-47159Windows Virtualization-Based Security (VBS) Elevation of Privilege VulnerabilityImportant
Windows Virtualization-Based Security (VBS) EnclaveCVE-2025-48811Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege VulnerabilityImportant
Windows Virtualization-Based Security (VBS) EnclaveCVE-2025-48803Windows Virtualization-Based Security (VBS) Elevation of Privilege VulnerabilityImportant
Windows Win32K – GRFXCVE-2025-49727Win32k Elevation of Privilege VulnerabilityImportant
Windows Win32K – ICOMPCVE-2025-49733Win32k Elevation of Privilege VulnerabilityImportant
Windows Win32K – ICOMPCVE-2025-49667Windows Win32 Kernel Subsystem Elevation of Privilege VulnerabilityImportant
Workspace BrokerCVE-2025-49665Workspace Broker Elevation of Privilege VulnerabilityImportant

منبع: 

bleepingcomputer.com

 

 

مهندسی تحقیق و توسعه ارتباط پانا

از سال ۱۳۸۴ به عنوان شرکتی پیشرو در زمینه “امنیت شبکه” فعالیت خود را آغاز کرد و با اخذ مجوزهای مربوطه و همچنین با بهره گیری از تیمی متخصص و حرفه ای در جایگاه یکی از معتبرترین فعالان این صنعت قرار گرفته است. 

دسترسی سریع

امنیت حرفه ای

عضویت در خبرنامه

شبکه اجتماعی