Microsoft Patch Tuesday Ιουλίου 2021: Διορθώνει 117 ευπάθειες

Η Microsoft κυκλοφόρησε χθες το Patch Tuesday Ιουλίου 2021, το οποίο φέρνει διορθώσεις για 117 ευπάθειες, εκ των οποίων οι εννέα ανήκουν στην κατηγορία των zero-days. Οι διαχειριστές των Windows θα πρέπει να ενημερώσουν άμεσα τα συστήματά τους για να τα προστατεύσουν από τις ευπάθειες.

Δείτε επίσης: Microsoft bug bounty 2020-2021: Πόσα χρήματα έχουν κερδίσει οι ερευνητές;

Οι 13 από τις 117 ευπάθειες που διορθώνει το Microsoft Patch Tuesday Ιουλίου έχουν αξιολογηθεί ως κρίσιμες, η 1 ως μέτρια και οι υπόλοιπες 103 ως σημαντικές.

Επίσης, οι 44 ευπάθειες επιτρέπουν την απομακρυσμένη εκτέλεση κώδικα, οι 32 αυξάνουν τα προνόμια του επιτιθέμενου στα ευάλωτα συστήματα, οι 14 επιτρέπουν αποκάλυψη πληροφοριών, οι 12 επιτρέπουν denial-of-service επιθέσεις, οι 8 παρακάμπτουν λύσεις ασφαλείας και οι 7 είναι spoofing ευπάθειες.

SecNewsTV

23.6K subscribers

Περισσότερα... Subscribe!

Δείτε επίσης: Microsoft bonus: 1.500$ στους υπαλλήλους επειδή “άντεξαν” την πανδημία!

Microsoft Patch Tuesday Ιουλίου 2021: Διόρθωση εννέα zero-day ευπαθειών

Οι τέσσερις από τις εννέα zero-day ευπάθειες που διορθώνει το patch, έχουν ήδη χρησιμοποιηθεί από hackers.

Οι πέντε ευπάθειες που δεν έχουν χρησιμοποιηθεί, είναι:

CVE-2021-34492 – Windows Certificate Spoofing Vulnerability
CVE-2021-34523 – Microsoft Exchange Server Elevation of Privilege Vulnerability
CVE-2021-34473 – Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2021-33779 – Windows ADFS Security Feature Bypass Vulnerability
CVE-2021-33781 – Active Directory Security Feature Bypass Vulnerability

Οι ευπάθειες που έχουν αξιοποιηθεί, είναι:

CVE-2021-34527 – Windows Print Spooler Remote Code Execution Vulnerability
CVE-2021-33771 – Windows Kernel Elevation of Privilege Vulnerability
CVE-2021-34448 – Scripting Engine Memory Corruption Vulnerability
CVE-2021-31979 – Windows Kernel Elevation of Privilege Vulnerability

Δείτε επίσης: Χάκερ κατέθεσε $1 εκατομμύριο σε φόρουμ κυβερνοεγκλήματος για την αγορά zero-day exploits

CVE-2021-34527: PrintNightmare bug

Η ευπάθεια στην υπηρεσία των Windows, Print Spooler, είναι μια από τις πιο σημαντικές ευπάθειες. Η Microsoft κυκλοφόρησε, επίσης, μια έκτακτη ενημερωμένη έκδοση ασφαλείας γι’ αυτή την ευπάθεια, που είναι γνωστή ως PrintNightmare.

Microsoft Patch Tuesday Ιουλίου 2021

Στον παρακάτω πίνακα, μπορείτε να δείτε όλες τις ευπάθειες που διορθώνονται στο patch αυτού του μήνα:

Tag	CVE ID	CVE Title	Severity
Active Directory Federation Services	CVE-2021-33779	Windows ADFS Security Feature Bypass Vulnerability	Important
Common Internet File System	CVE-2021-34476	Bowser.sys Denial of Service Vulnerability	Important
Dynamics Business Central Control	CVE-2021-34474	Dynamics Business Central Remote Code Execution Vulnerability	Critical
Microsoft Bing	CVE-2021-33753	Microsoft Bing Search Spoofing Vulnerability	Important
Microsoft Exchange Server	CVE-2021-31206	Microsoft Exchange Server Remote Code Execution Vulnerability	Important
Microsoft Exchange Server	CVE-2021-34473	Microsoft Exchange Server Remote Code Execution Vulnerability	Critical
Microsoft Exchange Server	CVE-2021-33766	Microsoft Exchange Information Disclosure Vulnerability	Important
Microsoft Exchange Server	CVE-2021-34523	Microsoft Exchange Server Elevation of Privilege Vulnerability	Important
Microsoft Exchange Server	CVE-2021-31196	Microsoft Exchange Server Remote Code Execution Vulnerability	Important
Microsoft Exchange Server	CVE-2021-33768	Microsoft Exchange Server Elevation of Privilege Vulnerability	Important
Microsoft Exchange Server	CVE-2021-34470	Microsoft Exchange Server Elevation of Privilege Vulnerability	Important
Microsoft Graphics Component	CVE-2021-34440	GDI+ Information Disclosure Vulnerability	Important
Microsoft Graphics Component	CVE-2021-34489	DirectWrite Remote Code Execution Vulnerability	Important
Microsoft Graphics Component	CVE-2021-34496	Windows GDI Information Disclosure Vulnerability	Important
Microsoft Graphics Component	CVE-2021-34498	Windows GDI Elevation of Privilege Vulnerability	Important
Microsoft Graphics Component	CVE-2021-34438	Windows Font Driver Host Remote Code Execution Vulnerability	Important
Microsoft Office	CVE-2021-34469	Microsoft Office Security Feature Bypass Vulnerability	Important
Microsoft Office	CVE-2021-34451	Microsoft Office Online Server Spoofing Vulnerability	Important
Microsoft Office	CVE-2021-34452	Microsoft Word Remote Code Execution Vulnerability	Important
Microsoft Office Excel	CVE-2021-34501	Microsoft Excel Remote Code Execution Vulnerability	Important
Microsoft Office Excel	CVE-2021-34518	Microsoft Excel Remote Code Execution Vulnerability	Important
Microsoft Office SharePoint	CVE-2021-34468	Microsoft SharePoint Server Remote Code Execution Vulnerability	Important
Microsoft Office SharePoint	CVE-2021-34519	Microsoft SharePoint Server Information Disclosure Vulnerability	Moderate
Microsoft Office SharePoint	CVE-2021-34520	Microsoft SharePoint Server Remote Code Execution Vulnerability	Important
Microsoft Office SharePoint	CVE-2021-34517	Microsoft SharePoint Server Spoofing Vulnerability	Important
Microsoft Office SharePoint	CVE-2021-34467	Microsoft SharePoint Server Remote Code Execution Vulnerability	Important
Microsoft Scripting Engine	CVE-2021-34448	Scripting Engine Memory Corruption Vulnerability	Critical
Microsoft Windows Codecs Library	CVE-2021-33778	HEVC Video Extensions Remote Code Execution Vulnerability	Important
Microsoft Windows Codecs Library	CVE-2021-31947	HEVC Video Extensions Remote Code Execution Vulnerability	Important
Microsoft Windows Codecs Library	CVE-2021-33740	Windows Media Remote Code Execution Vulnerability	Critical
Microsoft Windows Codecs Library	CVE-2021-33760	Media Foundation Information Disclosure Vulnerability	Important
Microsoft Windows Codecs Library	CVE-2021-33775	HEVC Video Extensions Remote Code Execution Vulnerability	Important
Microsoft Windows Codecs Library	CVE-2021-33776	HEVC Video Extensions Remote Code Execution Vulnerability	Important
Microsoft Windows Codecs Library	CVE-2021-33777	HEVC Video Extensions Remote Code Execution Vulnerability	Important
Microsoft Windows Codecs Library	CVE-2021-34521	Raw Image Extension Remote Code Execution Vulnerability	Important
Microsoft Windows DNS	CVE-2021-34499	Windows DNS Server Denial of Service Vulnerability	Important
Microsoft Windows DNS	CVE-2021-33746	Windows DNS Server Remote Code Execution Vulnerability	Important
Microsoft Windows DNS	CVE-2021-33754	Windows DNS Server Remote Code Execution Vulnerability	Important
Microsoft Windows Media Foundation	CVE-2021-34441	Microsoft Windows Media Foundation Remote Code Execution Vulnerability	Important
Microsoft Windows Media Foundation	CVE-2021-34439	Microsoft Windows Media Foundation Remote Code Execution Vulnerability	Critical
Microsoft Windows Media Foundation	CVE-2021-34503	Microsoft Windows Media Foundation Remote Code Execution Vulnerability	Critical
OpenEnclave	CVE-2021-33767	Open Enclave SDK Elevation of Privilege Vulnerability	Important
Power BI	CVE-2021-31984	Power BI Remote Code Execution Vulnerability	Important
Role: DNS Server	CVE-2021-33749	Windows DNS Snap-in Remote Code Execution Vulnerability	Important
Role: DNS Server	CVE-2021-33745	Windows DNS Server Denial of Service Vulnerability	Important
Role: DNS Server	CVE-2021-34442	Windows DNS Server Denial of Service Vulnerability	Important
Role: DNS Server	CVE-2021-34444	Windows DNS Server Denial of Service Vulnerability	Important
Role: DNS Server	CVE-2021-34525	Windows DNS Server Remote Code Execution Vulnerability	Important
Role: DNS Server	CVE-2021-33780	Windows DNS Server Remote Code Execution Vulnerability	Important
Role: DNS Server	CVE-2021-34494	Windows DNS Server Remote Code Execution Vulnerability	Critical
Role: DNS Server	CVE-2021-33750	Windows DNS Snap-in Remote Code Execution Vulnerability	Important
Role: DNS Server	CVE-2021-33752	Windows DNS Snap-in Remote Code Execution Vulnerability	Important
Role: DNS Server	CVE-2021-33756	Windows DNS Snap-in Remote Code Execution Vulnerability	Important
Role: Hyper-V	CVE-2021-33758	Windows Hyper-V Denial of Service Vulnerability	Important
Role: Hyper-V	CVE-2021-33755	Windows Hyper-V Denial of Service Vulnerability	Important
Role: Hyper-V	CVE-2021-34450	Windows Hyper-V Remote Code Execution Vulnerability	Critical
Visual Studio Code	CVE-2021-34529	Visual Studio Code Remote Code Execution Vulnerability	Important
Visual Studio Code	CVE-2021-34528	Visual Studio Code Remote Code Execution Vulnerability	Important
Visual Studio Code	CVE-2021-34479	Microsoft Visual Studio Spoofing Vulnerability	Important
Visual Studio Code – .NET Runtime	CVE-2021-34477	Visual Studio Code .NET Runtime Elevation of Privilege Vulnerability	Important
Windows Active Directory	CVE-2021-33781	Active Directory Security Feature Bypass Vulnerability	Important
Windows Address Book	CVE-2021-34504	Windows Address Book Remote Code Execution Vulnerability	Important
Windows AF_UNIX Socket Provider	CVE-2021-33785	Windows AF_UNIX Socket Provider Denial of Service Vulnerability	Important
Windows AppContainer	CVE-2021-34459	Windows AppContainer Elevation Of Privilege Vulnerability	Important
Windows AppX Deployment Extensions	CVE-2021-34462	Windows AppX Deployment Extensions Elevation of Privilege Vulnerability	Important
Windows Authenticode	CVE-2021-33782	Windows Authenticode Spoofing Vulnerability	Important
Windows Cloud Files Mini Filter Driver	CVE-2021-33784	Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability	Important
Windows Console Driver	CVE-2021-34488	Windows Console Driver Elevation of Privilege Vulnerability	Important
Windows Defender	CVE-2021-34522	Microsoft Defender Remote Code Execution Vulnerability	Critical
Windows Defender	CVE-2021-34464	Microsoft Defender Remote Code Execution Vulnerability	Critical
Windows Desktop Bridge	CVE-2021-33759	Windows Desktop Bridge Elevation of Privilege Vulnerability	Important
Windows Event Tracing	CVE-2021-33774	Windows Event Tracing Elevation of Privilege Vulnerability	Important
Windows File History Service	CVE-2021-34455	Windows File History Service Elevation of Privilege Vulnerability	Important
Windows Hello	CVE-2021-34466	Windows Hello Security Feature Bypass Vulnerability	Important
Windows HTML Platform	CVE-2021-34446	Windows HTML Platforms Security Feature Bypass Vulnerability	Important
Windows Installer	CVE-2021-33765	Windows Installer Spoofing Vulnerability	Important
Windows Installer	CVE-2021-34511	Windows Installer Elevation of Privilege Vulnerability	Important
Windows Installer	CVE-2021-31961	Windows InstallService Elevation of Privilege Vulnerability	Important
Windows Kernel	CVE-2021-34461	Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability	Important
Windows Kernel	CVE-2021-34508	Windows Kernel Remote Code Execution Vulnerability	Important
Windows Kernel	CVE-2021-34458	Windows Kernel Remote Code Execution Vulnerability	Critical
Windows Kernel	CVE-2021-33771	Windows Kernel Elevation of Privilege Vulnerability	Important
Windows Kernel	CVE-2021-31979	Windows Kernel Elevation of Privilege Vulnerability	Important
Windows Kernel	CVE-2021-34514	Windows Kernel Elevation of Privilege Vulnerability	Important
Windows Kernel	CVE-2021-34500	Windows Kernel Memory Information Disclosure Vulnerability	Important
Windows Key Distribution Center	CVE-2021-33764	Windows Key Distribution Center Information Disclosure Vulnerability	Important
Windows Local Security Authority Subsystem Service	CVE-2021-33788	Windows LSA Denial of Service Vulnerability	Important
Windows Local Security Authority Subsystem Service	CVE-2021-33786	Windows LSA Security Feature Bypass Vulnerability	Important
Windows MSHTML Platform	CVE-2021-34497	Windows MSHTML Platform Remote Code Execution Vulnerability	Critical
Windows MSHTML Platform	CVE-2021-34447	Windows MSHTML Platform Remote Code Execution Vulnerability	Important
Windows Partition Management Driver	CVE-2021-34493	Windows Partition Management Driver Elevation of Privilege Vulnerability	Important
Windows PFX Encryption	CVE-2021-34492	Windows Certificate Spoofing Vulnerability	Important
Windows Print Spooler Components	CVE-2021-34527	Windows Print Spooler Remote Code Execution Vulnerability	Critical
Windows Projected File System	CVE-2021-33743	Windows Projected File System Elevation of Privilege Vulnerability	Important
Windows Remote Access Connection Manager	CVE-2021-34457	Windows Remote Access Connection Manager Information Disclosure Vulnerability	Important
Windows Remote Access Connection Manager	CVE-2021-33761	Windows Remote Access Connection Manager Elevation of Privilege Vulnerability	Important
Windows Remote Access Connection Manager	CVE-2021-33773	Windows Remote Access Connection Manager Elevation of Privilege Vulnerability	Important
Windows Remote Access Connection Manager	CVE-2021-33763	Windows Remote Access Connection Manager Information Disclosure Vulnerability	Important
Windows Remote Access Connection Manager	CVE-2021-34445	Windows Remote Access Connection Manager Elevation of Privilege Vulnerability	Important
Windows Remote Access Connection Manager	CVE-2021-34456	Windows Remote Access Connection Manager Elevation of Privilege Vulnerability	Important
Windows Remote Assistance	CVE-2021-34507	Windows Remote Assistance Information Disclosure Vulnerability	Important
Windows Secure Kernel Mode	CVE-2021-33744	Windows Secure Kernel Mode Security Feature Bypass Vulnerability	Important
Windows Security Account Manager	CVE-2021-33757	Windows Security Account Manager Remote Protocol Security Feature Bypass Vulnerability	Important
Windows Shell	CVE-2021-34454	Windows Remote Access Connection Manager Information Disclosure Vulnerability	Important
Windows SMB	CVE-2021-33783	Windows SMB Information Disclosure Vulnerability	Important
Windows Storage Spaces Controller	CVE-2021-33751	Storage Spaces Controller Elevation of Privilege Vulnerability	Important
Windows Storage Spaces Controller	CVE-2021-34460	Storage Spaces Controller Elevation of Privilege Vulnerability	Important
Windows Storage Spaces Controller	CVE-2021-34509	Storage Spaces Controller Information Disclosure Vulnerability	Important
Windows Storage Spaces Controller	CVE-2021-34510	Storage Spaces Controller Elevation of Privilege Vulnerability	Important
Windows Storage Spaces Controller	CVE-2021-34512	Storage Spaces Controller Elevation of Privilege Vulnerability	Important
Windows Storage Spaces Controller	CVE-2021-34513	Storage Spaces Controller Elevation of Privilege Vulnerability	Important
Windows TCP/IP	CVE-2021-31183	Windows TCP/IP Driver Denial of Service Vulnerability	Important
Windows TCP/IP	CVE-2021-33772	Windows TCP/IP Driver Denial of Service Vulnerability	Important
Windows TCP/IP	CVE-2021-34490	Windows TCP/IP Driver Denial of Service Vulnerability	Important
Windows Win32K	CVE-2021-34449	Win32k Elevation of Privilege Vulnerability	Important
Windows Win32K	CVE-2021-34516	Win32k Elevation of Privilege Vulnerability	Important
Windows Win32K	CVE-2021-34491	Win32k Information Disclosure Vulnerability	Important

Πηγή: Bleeping Computer

Ακολουθήστε μας στο Google News και ενημερωθείτε πρώτοι για όλες τις ειδήσεις.

Microsoft Patch Tuesday Ιουλίου 2021: Διορθώνει 117 ευπάθειες

SecNewsTV

Microsoft Patch Tuesday Ιουλίου 2021: Διόρθωση εννέα zero-day ευπαθειών

CVE-2021-34527: PrintNightmare bug

Microsoft Patch Tuesday Ιουλίου 2021

RELATED ARTICLES

Εγγραφή στο Newsletter

FOLLOW US

LIVE NEWS

ABOUT US

FOLLOW US