به روز رسانی امنیتی سه شنبه ماه جولای مایکروسافت 2021

patch tuesday july 2021
مایکروسافت به روز رسانی امنیتی سه شنبه های این ماه  را منتشر کرده است. در این به روز رسانی 9 آسیب پذیری Zero-day و جمعا 117 آسیب پذیری رفع شده است.


از این تعداد آسیب پذیری، 44 مورد اجرای کد از راه دور، 32 مورد elevation of privilege،  چهارده آسیب پذیری افشای اطلاعات، 12 مورد انکار سرویس و 8 آسیب پذیری security feature bypass و 7 مورد آسیب پذیری Spoofing هستند.


9 آسیب پذیری Zero-day با چهار Exploit فعال


مایکروسافت یک آسیب پذیری Zero-day را با عناوین publicly disclosed یا actively exploited بدون آپدیت امنیتی رسمی و منتشر شده دسته بندی می کند.


* 5مورد که به صورت عمومی منتشر شده اما exploit نشده :

  • CVE-2021-34492 - Windows Certificate Spoofing Vulnerability
  • CVE-2021-34523 - Microsoft Exchange Server Elevation of Privilege Vulnerability
  • CVE-2021-34473 - Microsoft Exchange Server Remote Code Execution Vulnerability
  • CVE-2021-33779 - Windows ADFS Security Feature Bypass Vulnerability
  • CVE-2021-33781 - Active Directory Security Feature Bypass Vulnerability

 

*آسیب پذیری PrintNightmare

  •  CVE-2021-34527 - Windows Print Spooler Remote Code Execution Vulnerability

* 3 آسیب پذیری که exploit شده اند ولی به صورت عمومی افشا نشده اند :

  • CVE-2021-33771 - Windows Kernel Elevation of Privilege Vulnerability
  • CVE-2021-34448 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2021-31979 - Windows Kernel Elevation of Privilege Vulnerability

 

فهرست کامل به روز رسانی های این ماه  در جدول زیر قابل مشاهده است:

TagCVE IDCVE TitleSeverity
Active Directory Federation Services CVE-2021-33779 Windows ADFS Security Feature Bypass Vulnerability Important
Common Internet File System CVE-2021-34476 Bowser.sys Denial of Service Vulnerability Important
Dynamics Business Central Control CVE-2021-34474 Dynamics Business Central Remote Code Execution Vulnerability Critical
Microsoft Bing CVE-2021-33753 Microsoft Bing Search Spoofing Vulnerability Important
Microsoft Exchange Server CVE-2021-31206 Microsoft Exchange Server Remote Code Execution Vulnerability Important
Microsoft Exchange Server CVE-2021-34473 Microsoft Exchange Server Remote Code Execution Vulnerability Critical
Microsoft Exchange Server CVE-2021-33766 Microsoft Exchange Information Disclosure Vulnerability Important
Microsoft Exchange Server CVE-2021-34523 Microsoft Exchange Server Elevation of Privilege Vulnerability Important
Microsoft Exchange Server CVE-2021-31196 Microsoft Exchange Server Remote Code Execution Vulnerability Important
Microsoft Exchange Server CVE-2021-33768 Microsoft Exchange Server Elevation of Privilege Vulnerability Important
Microsoft Exchange Server CVE-2021-34470 Microsoft Exchange Server Elevation of Privilege Vulnerability Important
Microsoft Graphics Component CVE-2021-34440 GDI+ Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2021-34489 DirectWrite Remote Code Execution Vulnerability Important
Microsoft Graphics Component CVE-2021-34496 Windows GDI Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2021-34498 Windows GDI Elevation of Privilege Vulnerability Important
Microsoft Graphics Component CVE-2021-34438 Windows Font Driver Host Remote Code Execution Vulnerability Important
Microsoft Office CVE-2021-34469 Microsoft Office Security Feature Bypass Vulnerability Important
Microsoft Office CVE-2021-34451 Microsoft Office Online Server Spoofing Vulnerability Important
Microsoft Office CVE-2021-34452 Microsoft Word Remote Code Execution Vulnerability Important
Microsoft Office Excel CVE-2021-34501 Microsoft Excel Remote Code Execution Vulnerability Important
Microsoft Office Excel CVE-2021-34518 Microsoft Excel Remote Code Execution Vulnerability Important
Microsoft Office SharePoint CVE-2021-34468 Microsoft SharePoint Server Remote Code Execution Vulnerability Important
Microsoft Office SharePoint CVE-2021-34519 Microsoft SharePoint Server Information Disclosure Vulnerability Moderate
Microsoft Office SharePoint CVE-2021-34520 Microsoft SharePoint Server Remote Code Execution Vulnerability Important
Microsoft Office SharePoint CVE-2021-34517 Microsoft SharePoint Server Spoofing Vulnerability Important
Microsoft Office SharePoint CVE-2021-34467 Microsoft SharePoint Server Remote Code Execution Vulnerability Important
Microsoft Scripting Engine CVE-2021-34448 Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Windows Codecs Library CVE-2021-33778 HEVC Video Extensions Remote Code Execution Vulnerability Important
Microsoft Windows Codecs Library CVE-2021-31947 HEVC Video Extensions Remote Code Execution Vulnerability Important
Microsoft Windows Codecs Library CVE-2021-33740 Windows Media Remote Code Execution Vulnerability Critical
Microsoft Windows Codecs Library CVE-2021-33760 Media Foundation Information Disclosure Vulnerability Important
Microsoft Windows Codecs Library CVE-2021-33775 HEVC Video Extensions Remote Code Execution Vulnerability Important
Microsoft Windows Codecs Library CVE-2021-33776 HEVC Video Extensions Remote Code Execution Vulnerability Important
Microsoft Windows Codecs Library CVE-2021-33777 HEVC Video Extensions Remote Code Execution Vulnerability Important
Microsoft Windows Codecs Library CVE-2021-34521 Raw Image Extension Remote Code Execution Vulnerability Important
Microsoft Windows DNS CVE-2021-34499 Windows DNS Server Denial of Service Vulnerability Important
Microsoft Windows DNS CVE-2021-33746 Windows DNS Server Remote Code Execution Vulnerability Important
Microsoft Windows DNS CVE-2021-33754 Windows DNS Server Remote Code Execution Vulnerability Important
Microsoft Windows Media Foundation CVE-2021-34441 Microsoft Windows Media Foundation Remote Code Execution Vulnerability Important
Microsoft Windows Media Foundation CVE-2021-34439 Microsoft Windows Media Foundation Remote Code Execution Vulnerability Critical
Microsoft Windows Media Foundation CVE-2021-34503 Microsoft Windows Media Foundation Remote Code Execution Vulnerability Critical
OpenEnclave CVE-2021-33767 Open Enclave SDK Elevation of Privilege Vulnerability Important
Power BI CVE-2021-31984 Power BI Remote Code Execution Vulnerability Important
Role: DNS Server CVE-2021-33749 Windows DNS Snap-in Remote Code Execution Vulnerability Important
Role: DNS Server CVE-2021-33745 Windows DNS Server Denial of Service Vulnerability Important
Role: DNS Server CVE-2021-34442 Windows DNS Server Denial of Service Vulnerability Important
Role: DNS Server CVE-2021-34444 Windows DNS Server Denial of Service Vulnerability Important
Role: DNS Server CVE-2021-34525 Windows DNS Server Remote Code Execution Vulnerability Important
Role: DNS Server CVE-2021-33780 Windows DNS Server Remote Code Execution Vulnerability Important
Role: DNS Server CVE-2021-34494 Windows DNS Server Remote Code Execution Vulnerability Critical
Role: DNS Server CVE-2021-33750 Windows DNS Snap-in Remote Code Execution Vulnerability Important
Role: DNS Server CVE-2021-33752 Windows DNS Snap-in Remote Code Execution Vulnerability Important
Role: DNS Server CVE-2021-33756 Windows DNS Snap-in Remote Code Execution Vulnerability Important
Role: Hyper-V CVE-2021-33758 Windows Hyper-V Denial of Service Vulnerability Important
Role: Hyper-V CVE-2021-33755 Windows Hyper-V Denial of Service Vulnerability Important
Role: Hyper-V CVE-2021-34450 Windows Hyper-V Remote Code Execution Vulnerability Critical
Visual Studio Code CVE-2021-34529 Visual Studio Code Remote Code Execution Vulnerability Important
Visual Studio Code CVE-2021-34528 Visual Studio Code Remote Code Execution Vulnerability Important
Visual Studio Code CVE-2021-34479 Microsoft Visual Studio Spoofing Vulnerability Important
Visual Studio Code - .NET Runtime CVE-2021-34477 Visual Studio Code .NET Runtime Elevation of Privilege Vulnerability Important
Windows Active Directory CVE-2021-33781 Active Directory Security Feature Bypass Vulnerability Important
Windows Address Book CVE-2021-34504 Windows Address Book Remote Code Execution Vulnerability Important
Windows AF_UNIX Socket Provider CVE-2021-33785 Windows AF_UNIX Socket Provider Denial of Service Vulnerability Important
Windows AppContainer CVE-2021-34459 Windows AppContainer Elevation Of Privilege Vulnerability Important
Windows AppX Deployment Extensions CVE-2021-34462 Windows AppX Deployment Extensions Elevation of Privilege Vulnerability Important
Windows Authenticode CVE-2021-33782 Windows Authenticode Spoofing Vulnerability Important
Windows Cloud Files Mini Filter Driver CVE-2021-33784 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Important
Windows Console Driver CVE-2021-34488 Windows Console Driver Elevation of Privilege Vulnerability Important
Windows Defender CVE-2021-34522 Microsoft Defender Remote Code Execution Vulnerability Critical
Windows Defender CVE-2021-34464 Microsoft Defender Remote Code Execution Vulnerability Critical
Windows Desktop Bridge CVE-2021-33759 Windows Desktop Bridge Elevation of Privilege Vulnerability Important
Windows Event Tracing CVE-2021-33774 Windows Event Tracing Elevation of Privilege Vulnerability Important
Windows File History Service CVE-2021-34455 Windows File History Service Elevation of Privilege Vulnerability Important
Windows Hello CVE-2021-34466 Windows Hello Security Feature Bypass Vulnerability Important
Windows HTML Platform CVE-2021-34446 Windows HTML Platforms Security Feature Bypass Vulnerability Important
Windows Installer CVE-2021-33765 Windows Installer Spoofing Vulnerability Important
Windows Installer CVE-2021-34511 Windows Installer Elevation of Privilege Vulnerability Important
Windows Installer CVE-2021-31961 Windows InstallService Elevation of Privilege Vulnerability Important
Windows Kernel CVE-2021-34461 Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability Important
Windows Kernel CVE-2021-34508 Windows Kernel Remote Code Execution Vulnerability Important
Windows Kernel CVE-2021-34458 Windows Kernel Remote Code Execution Vulnerability Critical
Windows Kernel CVE-2021-33771 Windows Kernel Elevation of Privilege Vulnerability Important
Windows Kernel CVE-2021-31979 Windows Kernel Elevation of Privilege Vulnerability Important
Windows Kernel CVE-2021-34514 Windows Kernel Elevation of Privilege Vulnerability Important
Windows Kernel CVE-2021-34500 Windows Kernel Memory Information Disclosure Vulnerability Important
Windows Key Distribution Center CVE-2021-33764 Windows Key Distribution Center Information Disclosure Vulnerability Important
Windows Local Security Authority Subsystem Service CVE-2021-33788 Windows LSA Denial of Service Vulnerability Important
Windows Local Security Authority Subsystem Service CVE-2021-33786 Windows LSA Security Feature Bypass Vulnerability Important
Windows MSHTML Platform CVE-2021-34497 Windows MSHTML Platform Remote Code Execution Vulnerability Critical
Windows MSHTML Platform CVE-2021-34447 Windows MSHTML Platform Remote Code Execution Vulnerability Important
Windows Partition Management Driver CVE-2021-34493 Windows Partition Management Driver Elevation of Privilege Vulnerability Important
Windows PFX Encryption CVE-2021-34492 Windows Certificate Spoofing Vulnerability Important
Windows Print Spooler Components CVE-2021-34527 Windows Print Spooler Remote Code Execution Vulnerability Critical
Windows Projected File System CVE-2021-33743 Windows Projected File System Elevation of Privilege Vulnerability Important
Windows Remote Access Connection Manager CVE-2021-34457 Windows Remote Access Connection Manager Information Disclosure Vulnerability Important
Windows Remote Access Connection Manager CVE-2021-33761 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Important
Windows Remote Access Connection Manager CVE-2021-33773 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Important
Windows Remote Access Connection Manager CVE-2021-33763 Windows Remote Access Connection Manager Information Disclosure Vulnerability Important
Windows Remote Access Connection Manager CVE-2021-34445 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Important
Windows Remote Access Connection Manager CVE-2021-34456 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Important
Windows Remote Assistance CVE-2021-34507 Windows Remote Assistance Information Disclosure Vulnerability Important
Windows Secure Kernel Mode CVE-2021-33744 Windows Secure Kernel Mode Security Feature Bypass Vulnerability Important
Windows Security Account Manager CVE-2021-33757 Windows Security Account Manager Remote Protocol Security Feature Bypass Vulnerability Important
Windows Shell CVE-2021-34454 Windows Remote Access Connection Manager Information Disclosure Vulnerability Important
Windows SMB CVE-2021-33783 Windows SMB Information Disclosure Vulnerability Important
Windows Storage Spaces Controller CVE-2021-33751 Storage Spaces Controller Elevation of Privilege Vulnerability Important
Windows Storage Spaces Controller CVE-2021-34460 Storage Spaces Controller Elevation of Privilege Vulnerability Important
Windows Storage Spaces Controller CVE-2021-34509 Storage Spaces Controller Information Disclosure Vulnerability Important
Windows Storage Spaces Controller CVE-2021-34510 Storage Spaces Controller Elevation of Privilege Vulnerability Important
Windows Storage Spaces Controller CVE-2021-34512 Storage Spaces Controller Elevation of Privilege Vulnerability Important
Windows Storage Spaces Controller CVE-2021-34513 Storage Spaces Controller Elevation of Privilege Vulnerability Important
Windows TCP/IP CVE-2021-31183 Windows TCP/IP Driver Denial of Service Vulnerability Important
Windows TCP/IP CVE-2021-33772 Windows TCP/IP Driver Denial of Service Vulnerability Important
Windows TCP/IP CVE-2021-34490 Windows TCP/IP Driver Denial of Service Vulnerability Important
Windows Win32K CVE-2021-34449 Win32k Elevation of Privilege Vulnerability Important
Windows Win32K CVE-2021-34516 Win32k Elevation of Privilege Vulnerability Important
Windows Win32K CVE-2021-34491 Win32k Information Disclosure Vulnerability Important

 

منبع : https://www.bleepingcomputer.com

افزودن دیدگاه جدید

نظر خودتان را ارسال کنید

کاربر گرامی چنانچه تمایل دارید، نقد یا نظر شما به نام خودتان در سایت ثبت شود، لطفا وارد سایت شوید.

طراحی سایت طراحی سایت طراحی سایت طراحی سایت

کلیه حقوق این سایت محفوظ و متعلق به شرکت مهندسی تحقیق و توسعه ارتباط پانا می باشد.

گفتگوی آنلاین