انتشار به روزرسانی سه شنبه های مایکروسافت – می 2021

may 2021

به روز رسانی امنیتی سه شنبه های این ماه (may 2021) مایکروسافت منتشر شد. در این به روز رسانی 55  آسیب پذیری از جمله 4 آسیب پذیری حیاتی رفع شده است.


همچنین آسیب پذیریهای Zero-day رفع شده در این به روز رسانی به صورت عمومی منتشر شده اما گزارشی از استفاده از آنها در حملات سایبری مشاهده نشده است.


سه آسیب پذیری Zero-day

طبق گزارش مایکروسافت این آسیب پذیری ها تاکنون به صورت گسترده مورد بهره برداری در حملات قرار نگرفته اند و با کدهای CVE زیر مشخص شده اند:


**CVE-2021-31204 - .NET and Visual Studio Elevation of Privilege Vulnerability
**CVE-2021-31207 - Microsoft Exchange Server Security Feature Bypass Vulnerability
**CVE-2021-31200 - Common Utilities Remote Code Execution Vulnerability

آسیب پذیری CVE-2021-31200 مربوط به ابزار NNI مایکروسافت است.
CVE-2021-31207 یک آسیب پذیری Microsoft Exchange می باشد.


قابل پیش بینی است که مهاجمان راههای مختلف را به منظور exploit از آسیب پذیری ها مخصوصا در  مورد Microsoft Exchange بررسی نمایند، بنابراین توصیه می شود هر چه زودتر به روز رسانی و نصب این وصله های امنیتی انجام شود.
لیست کامل به روز رسانی های ماه می 2021 در جدول زیر قابل مشاهده است :

TagCVE IDCVE TitleSeverity
.NET Core & Visual Studio CVE-2021-31204 .NET and Visual Studio Elevation of Privilege Vulnerability Important
HTTP.sys CVE-2021-31166 HTTP Protocol Stack Remote Code Execution Vulnerability Critical
Internet Explorer CVE-2021-26419 Scripting Engine Memory Corruption Vulnerability Critical
Jet Red and Access Connectivity CVE-2021-28455 Microsoft Jet Red Database Engine and Access Connectivity Engine Remote Code Execution Vulnerability Important
Microsoft Accessibility Insights for Web CVE-2021-31936 Microsoft Accessibility Insights for Web Information Disclosure Vulnerability Important
Microsoft Bluetooth Driver CVE-2021-31182 Microsoft Bluetooth Driver Spoofing Vulnerability Important
Microsoft Dynamics Finance & Operations CVE-2021-28461 Dynamics Finance and Operations Cross-site Scripting Vulnerability Important
Microsoft Exchange Server CVE-2021-31195 Microsoft Exchange Server Remote Code Execution Vulnerability Important
Microsoft Exchange Server CVE-2021-31209 Microsoft Exchange Server Spoofing Vulnerability Important
Microsoft Exchange Server CVE-2021-31207 Microsoft Exchange Server Security Feature Bypass Vulnerability Moderate
Microsoft Exchange Server CVE-2021-31198 Microsoft Exchange Server Remote Code Execution Vulnerability Important
Microsoft Graphics Component CVE-2021-31170 Windows Graphics Component Elevation of Privilege Vulnerability Important
Microsoft Graphics Component CVE-2021-31188 Windows Graphics Component Elevation of Privilege Vulnerability Important
Microsoft Office CVE-2021-31176 Microsoft Office Remote Code Execution Vulnerability Important
Microsoft Office Excel CVE-2021-31175 Microsoft Office Remote Code Execution Vulnerability Important
Microsoft Office Excel CVE-2021-31177 Microsoft Office Remote Code Execution Vulnerability Important
Microsoft Office Excel CVE-2021-31179 Microsoft Office Remote Code Execution Vulnerability Important
Microsoft Office Excel CVE-2021-31178 Microsoft Office Information Disclosure Vulnerability Important
Microsoft Office Excel CVE-2021-31174 Microsoft Excel Information Disclosure Vulnerability Important
Microsoft Office SharePoint CVE-2021-28478 Microsoft SharePoint Spoofing Vulnerability Important
Microsoft Office SharePoint CVE-2021-31181 Microsoft SharePoint Remote Code Execution Vulnerability Important
Microsoft Office SharePoint CVE-2021-26418 Microsoft SharePoint Spoofing Vulnerability Important
Microsoft Office SharePoint CVE-2021-28474 Microsoft SharePoint Server Remote Code Execution Vulnerability Important
Microsoft Office SharePoint CVE-2021-31171 Microsoft SharePoint Information Disclosure Vulnerability Important
Microsoft Office SharePoint CVE-2021-31173 Microsoft SharePoint Server Information Disclosure Vulnerability Important
Microsoft Office SharePoint CVE-2021-31172 Microsoft SharePoint Spoofing Vulnerability Important
Microsoft Office Word CVE-2021-31180 Microsoft Office Graphics Remote Code Execution Vulnerability Important
Microsoft Windows Codecs Library CVE-2021-31192 Windows Media Foundation Core Remote Code Execution Vulnerability Important
Microsoft Windows Codecs Library CVE-2021-28465 Web Media Extensions Remote Code Execution Vulnerability Important
Microsoft Windows IrDA CVE-2021-31184 Microsoft Windows Infrared Data Association (IrDA) Information Disclosure Vulnerability Important
Open Source Software CVE-2021-31200 Common Utilities Remote Code Execution Vulnerability Important
Role: Hyper-V CVE-2021-28476 Hyper-V Remote Code Execution Vulnerability Critical
Skype for Business and Microsoft Lync CVE-2021-26422 Skype for Business and Lync Remote Code Execution Vulnerability Important
Skype for Business and Microsoft Lync CVE-2021-26421 Skype for Business and Lync Spoofing Vulnerability Important
Visual Studio CVE-2021-27068 Visual Studio Remote Code Execution Vulnerability Important
Visual Studio Code CVE-2021-31214 Visual Studio Code Remote Code Execution Vulnerability Important
Visual Studio Code CVE-2021-31211 Visual Studio Code Remote Code Execution Vulnerability Important
Visual Studio Code CVE-2021-31213 Visual Studio Code Remote Containers Extension Remote Code Execution Vulnerability Important
Windows Container Isolation FS Filter Driver CVE-2021-31190 Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability Important
Windows Container Manager Service CVE-2021-31168 Windows Container Manager Service Elevation of Privilege Vulnerability Important
Windows Container Manager Service CVE-2021-31169 Windows Container Manager Service Elevation of Privilege Vulnerability Important
Windows Container Manager Service CVE-2021-31208 Windows Container Manager Service Elevation of Privilege Vulnerability Important
Windows Container Manager Service CVE-2021-31165 Windows Container Manager Service Elevation of Privilege Vulnerability Important
Windows Container Manager Service CVE-2021-31167 Windows Container Manager Service Elevation of Privilege Vulnerability Important
Windows CSC Service CVE-2021-28479 Windows CSC Service Information Disclosure Vulnerability Important
Windows Desktop Bridge CVE-2021-31185 Windows Desktop Bridge Denial of Service Vulnerability Important
Windows OLE CVE-2021-31194 OLE Automation Remote Code Execution Vulnerability Critical
Windows Projected File System FS Filter CVE-2021-31191 Windows Projected File System FS Filter Driver Information Disclosure Vulnerability Important
Windows RDP Client CVE-2021-31186 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability Important
Windows SMB CVE-2021-31205 Windows SMB Client Security Feature Bypass Vulnerability Important
Windows SSDP Service CVE-2021-31193 Windows SSDP Service Elevation of Privilege Vulnerability Important
Windows WalletService CVE-2021-31187 Windows WalletService Elevation of Privilege Vulnerability Important
Windows Wireless Networking CVE-2020-24588 Windows Wireless Networking Spoofing Vulnerability Important
Windows Wireless Networking CVE-2020-24587 Windows Wireless Networking Information Disclosure Vulnerability Important
Windows Wireless Networking CVE-2020-26144 Windows Wireless Networking Spoofing Vulnerability Important

منبع:
https://www.bleepingcomputer.com/news/microsoft

افزودن دیدگاه جدید

نظر خودتان را ارسال کنید

کاربر گرامی چنانچه تمایل دارید، نقد یا نظر شما به نام خودتان در سایت ثبت شود، لطفا وارد سایت شوید.

طراحی سایت طراحی سایت طراحی سایت طراحی سایت

کلیه حقوق این سایت محفوظ و متعلق به شرکت مهندسی تحقیق و توسعه ارتباط پانا می باشد.

گفتگوی آنلاین