انتشار به روزرسانی سه شنبه های مایکروسافت – ژانویه 2021

patch tuesday jan 2021

دیروز اولین به روز رسانی امنیتی سال 2021 مایکروسافت، منتشر شد. در وصله های منتشر شده ی این ماه، 83 آسیب پذیری رفع شده که 10 مورد از آنها از آسیب پذیری های حیاتی هستند، همچنین یک آسیب پذیری Zero-day و یک آسیب پذیری افشا شده عمومی، در این به روز رسانی ها رفع شده است.


آسیب پذیری Zero-day با کد شناساییCVE-2021-1647 در موتور حفاظت ضد بدافزار مایکروسافت نسخه 1.1.17700.4 یا بالاتر رفع شده است.
microsoft defender version
مایکروسافت همچنین آسیب پذیری splwow64 Elevation of Privilege با کد شناسایی CVE-2021-1648 که سپتامبر 2020 توسط گوگل افشا شد را رفع نموده است.
همچنین سرویس 0patch یک وصله رایگان برای آسیب پذیری موجود در ابزار Sysinternals PSExec  منتشر کرده است، PSExec یک ابزار رایگان مایکروسافت است که به ادمین امکان اجرای برنامه ها را به صورت ریموت می دهد.  مایکروسافت به صورت رسمی وصله ای برای این آسیب پذیری منتشر نکرده است.
در این ماه به روز رسانی های Adobe ، Android، Apple، Cisco و SAP نیز از سوی کمپانی های آنها منتشر شده است.


لیست کامل این به روز رسانی ها در جدول زیر قابل مشاهده است :

TagCVE IDCVE TitleSeverity
.NET Repository CVE-2021-1725 Bot Framework SDK Information Disclosure Vulnerability Important
ASP.NET core & .NET core CVE-2021-1723 ASP.NET Core and Visual Studio Denial of Service Vulnerability Important
Azure Active Directory Pod Identity CVE-2021-1677 Azure Active Directory Pod Identity Spoofing Vulnerability Important
Microsoft Bluetooth Driver CVE-2021-1683 Windows Bluetooth Security Feature Bypass Vulnerability Important
Microsoft Bluetooth Driver CVE-2021-1638 Windows Bluetooth Security Feature Bypass Vulnerability Important
Microsoft Bluetooth Driver CVE-2021-1684 Windows Bluetooth Security Feature Bypass Vulnerability Important
Microsoft DTV-DVD Video Decoder CVE-2021-1668 Microsoft DTV-DVD Video Decoder Remote Code Execution Vulnerability Critical
Microsoft Edge (HTML-based) CVE-2021-1705 Microsoft Edge (HTML-based) Memory Corruption Vulnerability Critical
Microsoft Graphics Component CVE-2021-1709 Windows Win32k Elevation of Privilege Vulnerability Important
Microsoft Graphics Component CVE-2021-1696 Windows Graphics Component Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2021-1665 GDI+ Remote Code Execution Vulnerability Critical
Microsoft Graphics Component CVE-2021-1708 Windows GDI+ Information Disclosure Vulnerability Important
Microsoft Malware Protection Engine CVE-2021-1647 Microsoft Defender Remote Code Execution Vulnerability Critical
Microsoft Office CVE-2021-1713 Microsoft Excel Remote Code Execution Vulnerability Important
Microsoft Office CVE-2021-1714 Microsoft Excel Remote Code Execution Vulnerability Important
Microsoft Office CVE-2021-1711 Microsoft Office Remote Code Execution Vulnerability Important
Microsoft Office CVE-2021-1715 Microsoft Word Remote Code Execution Vulnerability Important
Microsoft Office CVE-2021-1716 Microsoft Word Remote Code Execution Vulnerability Important
Microsoft Office SharePoint CVE-2021-1712 Microsoft SharePoint Elevation of Privilege Vulnerability Important
Microsoft Office SharePoint CVE-2021-1707 Microsoft SharePoint Server Remote Code Execution Vulnerability Important
Microsoft Office SharePoint CVE-2021-1718 Microsoft SharePoint Server Tampering Vulnerability Important
Microsoft Office SharePoint CVE-2021-1717 Microsoft SharePoint Spoofing Vulnerability Important
Microsoft Office SharePoint CVE-2021-1719 Microsoft SharePoint Elevation of Privilege Vulnerability Important
Microsoft Office SharePoint CVE-2021-1641 Microsoft SharePoint Spoofing Vulnerability Important
Microsoft RPC CVE-2021-1702 Windows Remote Procedure Call Runtime Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2021-1649 Active Template Library Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2021-1676 Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability Important
Microsoft Windows CVE-2021-1689 Windows Multipoint Management Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2021-1657 Windows Fax Compose Form Remote Code Execution Vulnerability Important
Microsoft Windows CVE-2021-1646 Windows WLAN Service Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2021-1650 Windows Runtime C++ Template Library Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2021-1706 Windows LUAFV Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2021-1699 Windows (modem.sys) Information Disclosure Vulnerability Important
Microsoft Windows Codecs Library CVE-2021-1644 HEVC Video Extensions Remote Code Execution Vulnerability Important
Microsoft Windows Codecs Library CVE-2021-1643 HEVC Video Extensions Remote Code Execution Vulnerability Critical
Microsoft Windows DNS CVE-2021-1637 Windows DNS Query Information Disclosure Vulnerability Important
SQL Server CVE-2021-1636 Microsoft SQL Elevation of Privilege Vulnerability Important
Visual Studio CVE-2020-26870 Visual Studio Remote Code Execution Vulnerability Important
Windows AppX Deployment Extensions CVE-2021-1642 Windows AppX Deployment Extensions Elevation of Privilege Vulnerability Important
Windows AppX Deployment Extensions CVE-2021-1685 Windows AppX Deployment Extensions Elevation of Privilege Vulnerability Important
Windows CryptoAPI CVE-2021-1679 Windows CryptoAPI Denial of Service Vulnerability Important
Windows CSC Service CVE-2021-1652 Windows CSC Service Elevation of Privilege Vulnerability Important
Windows CSC Service CVE-2021-1654 Windows CSC Service Elevation of Privilege Vulnerability Important
Windows CSC Service CVE-2021-1659 Windows CSC Service Elevation of Privilege Vulnerability Important
Windows CSC Service CVE-2021-1653 Windows CSC Service Elevation of Privilege Vulnerability Important
Windows CSC Service CVE-2021-1655 Windows CSC Service Elevation of Privilege Vulnerability Important
Windows CSC Service CVE-2021-1693 Windows CSC Service Elevation of Privilege Vulnerability Important
Windows CSC Service CVE-2021-1688 Windows CSC Service Elevation of Privilege Vulnerability Important
Windows Diagnostic Hub CVE-2021-1680 Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability Important
Windows Diagnostic Hub CVE-2021-1651 Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability Important
Windows DP API CVE-2021-1645 Windows Docker Information Disclosure Vulnerability Important
Windows Event Logging Service CVE-2021-1703 Windows Event Logging Service Elevation of Privilege Vulnerability Important
Windows Event Tracing CVE-2021-1662 Windows Event Tracing Elevation of Privilege Vulnerability Important
Windows Hyper-V CVE-2021-1691 Hyper-V Denial of Service Vulnerability Important
Windows Hyper-V CVE-2021-1704 Windows Hyper-V Elevation of Privilege Vulnerability Important
Windows Hyper-V CVE-2021-1692 Hyper-V Denial of Service Vulnerability Important
Windows Installer CVE-2021-1661 Windows Installer Elevation of Privilege Vulnerability Important
Windows Installer CVE-2021-1697 Windows InstallService Elevation of Privilege Vulnerability Important
Windows Kernel CVE-2021-1682 Windows Kernel Elevation of Privilege Vulnerability Important
Windows Media CVE-2021-1710 Microsoft Windows Media Foundation Remote Code Execution Vulnerability Important
Windows NTLM CVE-2021-1678 NTLM Security Feature Bypass Vulnerability Important
Windows Print Spooler Components CVE-2021-1695 Windows Print Spooler Elevation of Privilege Vulnerability Important
Windows Projected File System Filter Driver CVE-2021-1663 Windows Projected File System FS Filter Driver Information Disclosure Vulnerability Important
Windows Projected File System Filter Driver CVE-2021-1672 Windows Projected File System FS Filter Driver Information Disclosure Vulnerability Important
Windows Projected File System Filter Driver CVE-2021-1670 Windows Projected File System FS Filter Driver Information Disclosure Vulnerability Important
Windows Remote Desktop CVE-2021-1674 Windows Remote Desktop Protocol Core Security Feature Bypass Vulnerability Important
Windows Remote Desktop CVE-2021-1669 Windows Remote Desktop Security Feature Bypass Vulnerability Important
Windows Remote Procedure Call Runtime CVE-2021-1701 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important
Windows Remote Procedure Call Runtime CVE-2021-1700 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important
Windows Remote Procedure Call Runtime CVE-2021-1666 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical
Windows Remote Procedure Call Runtime CVE-2021-1664 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important
Windows Remote Procedure Call Runtime CVE-2021-1671 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important
Windows Remote Procedure Call Runtime CVE-2021-1673 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical
Windows Remote Procedure Call Runtime CVE-2021-1658 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical
Windows Remote Procedure Call Runtime CVE-2021-1667 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical
Windows Remote Procedure Call Runtime CVE-2021-1660 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical
Windows splwow64 CVE-2021-1648 Microsoft splwow64 Elevation of Privilege Vulnerability Important
Windows TPM Device Driver CVE-2021-1656 TPM Device Driver Information Disclosure Vulnerability Important
Windows Update Stack CVE-2021-1694 Windows Update Stack Elevation of Privilege Vulnerability Important
Windows WalletService CVE-2021-1686 Windows WalletService Elevation of Privilege Vulnerability Important
Windows WalletService CVE-2021-1681 Windows WalletService Elevation of Privilege Vulnerability Important
Windows WalletService CVE-2021-1690 Windows WalletService Elevation of Privilege Vulnerability Important
Windows WalletService CVE-2021-1687 Windows WalletService Elevation of Privilege Vulnerability Important

 

منبع :

https://www.bleepingcomputer.com

افزودن دیدگاه جدید

نظر خودتان را ارسال کنید

کاربر گرامی چنانچه تمایل دارید، نقد یا نظر شما به نام خودتان در سایت ثبت شود، لطفا وارد سایت شوید.

طراحی سایت طراحی سایت طراحی سایت طراحی سایت

کلیه حقوق این سایت محفوظ و متعلق به شرکت مهندسی تحقیق و توسعه ارتباط پانا می باشد.

گفتگوی آنلاین