ΑρχικήUpdatesPatch Tuesday Δεκεμβρίου 2021: Η Microsoft διορθώνει 67 ευπάθειες

Patch Tuesday Δεκεμβρίου 2021: Η Microsoft διορθώνει 67 ευπάθειες

Η Microsoft κυκλοφόρησε χθες το Patch Tuesday Δεκεμβρίου 2021, φέρνοντας διορθώσεις για 67 ευπάθειες. Έξι από αυτές είναι zero-day. Οι ενημερώσεις διορθώνουν και μια Windows Installer ευπάθεια που χρησιμοποιείται σε καμπάνιες διανομής malware.

Microsoft Patch Tuesday
Patch Tuesday Δεκεμβρίου 2021: Η Microsoft διορθώνει 67 ευπάθειες

Επτά από τις ευπάθειες που διορθώνονται, έχουν χαρακτηριστεί ως Κρίσιμες και οι υπόλοιπες 60 ως Σημαντικές.

Δείτε επίσης: Anubis malware: Στοχεύει πελάτες 394 χρηματοπιστωτικών ιδρυμάτων

Ακολουθούν τα είδη και ο αριθμός των ευπαθειών που διορθώνονται:

  • 26 Remote Code Execution ευπάθειες
  • 21 Elevation of Privilege ευπάθειες
  • 10 Information Disclosure ευπάθειες
  • 7 Spoofing ευπάθειες
  • 3 Denial of Service ευπάθειες

Patch Tuesday Δεκεμβρίου: Διορθώνονται 6 zero-day bugs

Όπως είπαμε παραπάνω, με το Patch Tuesday Δεκεμβρίου, η Microsoft διορθώνει έξι zero-day ευπάθειες. Η εταιρεία ταξινομεί μια ευπάθεια ως zero-day, εάν αποκαλύπτεται δημόσια ή γίνεται εκμετάλλευση χωρίς καμία επίσημη ενημέρωση κώδικα.

Δείτε επίσης: Εκστρατεία κατασκοπείας «χτύπησε» τηλεπικοινωνιακές εταιρείες

Η zero-day ευπάθεια Windows AppX Installer που χρησιμοποιείται ενεργά, είναι επίσημα γνωστή ως CVE-2021-43890 και, σύμφωνα με τη Microsoft, χρησιμοποιείται σε διάφορες καμπάνιες διανομής κακόβουλου λογισμικού, συμπεριλαμβανομένων των Emotet, TrickBot και BazarLoader.

Microsoft zero-day ευπάθειες

Οι υπόλοιπες πέντε zero-day ευπάθειες που διορθώνει η Microsoft είναι οι ακόλουθες:

  • CVE-2021-43240 – NTFS Set Short Name Elevation of Privilege ευπάθεια
  • CVE-2021-41333 – Windows Print Spooler Elevation of Privilege ευπάθεια
  • CVE-2021-43880 – Windows Mobile Device Management Elevation of Privilege ευπάθεια
  • CVE-2021-43883 – Windows Installer Elevation of Privilege ευπάθεια
  • CVE-2021-43893 – Windows Encrypting File System (EFS) Elevation of Privilege ευπάθεια

Δείτε επίσης: Phishing emails διανέμουν το Agent Tesla malware μέσω κακόβουλων PowerPoint

Microsoft Patch Tuesday Δεκεμβρίου 2021

Στον παρακάτω πίνακα, μπορείτε να δείτε αναλυτικά τις ευπάθειες (zero-day και μη) που διορθώνει η Microsoft αυτό το μήνα:

TagCVE IDCVE TitleSeverity
AppsCVE-2021-43890Windows AppX Installer Spoofing VulnerabilityImportant
ASP.NET Core & Visual StudioCVE-2021-43877ASP.NET Core and Visual Studio Elevation of Privilege VulnerabilityImportant
Azure Bot Framework SDKCVE-2021-43225Bot Framework SDK Remote Code Execution VulnerabilityImportant
BizTalk ESB ToolkitCVE-2021-43892Microsoft BizTalk ESB Toolkit Spoofing VulnerabilityImportant
Internet Storage Name ServiceCVE-2021-43215iSNS Server Memory Corruption Vulnerability Can Lead to Remote Code ExecutionCritical
Microsoft Defender for IoTCVE-2021-41365Microsoft Defender for IoT Remote Code Execution VulnerabilityImportant
Microsoft Defender for IoTCVE-2021-42311Microsoft Defender for IoT Remote Code Execution VulnerabilityImportant
Microsoft Defender for IoTCVE-2021-42310Microsoft Defender for IoT Remote Code Execution VulnerabilityCritical
Microsoft Defender for IoTCVE-2021-43882Microsoft Defender for IoT Remote Code Execution VulnerabilityImportant
Microsoft Defender for IoTCVE-2021-43888Microsoft Defender for IoT Information Disclosure VulnerabilityImportant
Microsoft Defender for IoTCVE-2021-42314Microsoft Defender for IoT Remote Code Execution VulnerabilityImportant
Microsoft Defender for IoTCVE-2021-42313Microsoft Defender for IoT Remote Code Execution VulnerabilityImportant
Microsoft Defender for IoTCVE-2021-42312Microsoft Defender for IOT Elevation of Privilege VulnerabilityImportant
Microsoft Defender for IoTCVE-2021-43889Microsoft Defender for IoT Remote Code Execution VulnerabilityImportant
Microsoft Defender for IoTCVE-2021-42315Microsoft Defender for IoT Remote Code Execution VulnerabilityImportant
Microsoft DevicesCVE-2021-43899Microsoft 4K Wireless Display Adapter Remote Code Execution VulnerabilityCritical
Microsoft Edge (Chromium-based)CVE-2021-4056Chromium: CVE-2021-4056: Type Confusion in loaderUnknown
Microsoft Edge (Chromium-based)CVE-2021-4055Chromium: CVE-2021-4055 Heap buffer overflow in extensionsUnknown
Microsoft Edge (Chromium-based)CVE-2021-4054Chromium: CVE-2021-4054 Incorrect security UI in autofillUnknown
Microsoft Edge (Chromium-based)CVE-2021-4052Chromium: CVE-2021-4052 Use after free in web appsUnknown
Microsoft Edge (Chromium-based)CVE-2021-4053Chromium: CVE-2021-4053 Use after free in UIUnknown
Microsoft Edge (Chromium-based)CVE-2021-4065Chromium: CVE-2021-4065 Use after free in autofillUnknown
Microsoft Edge (Chromium-based)CVE-2021-4064Chromium: CVE-2021-4064 Use after free in screen captureUnknown
Microsoft Edge (Chromium-based)CVE-2021-4063Chromium: CVE-2021-4063 Use after free in developer toolsUnknown
Microsoft Edge (Chromium-based)CVE-2021-4068Chromium: CVE-2021-4068 Insufficient validation of untrusted input in new tab pageUnknown
Microsoft Edge (Chromium-based)CVE-2021-4067Chromium: CVE-2021-4067 Use after free in window managerUnknown
Microsoft Edge (Chromium-based)CVE-2021-4066Chromium: CVE-2021-4066 Integer underflow in ANGLEUnknown
Microsoft Edge (Chromium-based)CVE-2021-4059Chromium: CVE-2021-4059 Insufficient data validation in loaderUnknown
Microsoft Edge (Chromium-based)CVE-2021-4062Chromium: CVE-2021-4062 Heap buffer overflow in BFCacheUnknown
Microsoft Edge (Chromium-based)CVE-2021-4061Chromium: CVE-2021-4061 Type Confusion in V8Unknown
Microsoft Edge (Chromium-based)CVE-2021-4058Chromium: CVE-2021-4058 Heap buffer overflow in ANGLEUnknown
Microsoft Edge (Chromium-based)CVE-2021-4057Chromium: CVE-2021-4057 Use after free in file APIUnknown
Microsoft Local Security Authority Server (lsasrv)CVE-2021-43216Microsoft Local Security Authority Server (lsasrv) Information Disclosure VulnerabilityImportant
Microsoft Message QueuingCVE-2021-43236Microsoft Message Queuing Information Disclosure VulnerabilityImportant
Microsoft Message QueuingCVE-2021-43222Microsoft Message Queuing Information Disclosure VulnerabilityImportant
Microsoft OfficeCVE-2021-43875Microsoft Office Graphics Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2021-42295Visual Basic for Applications Information Disclosure VulnerabilityImportant
Microsoft OfficeCVE-2021-43905Microsoft Office app Remote Code Execution VulnerabilityCritical
Microsoft Office AccessCVE-2021-42293Microsoft Jet Red Database Engine and Access Connectivity Engine Elevation of Privilege VulnerabilityImportant
Microsoft Office ExcelCVE-2021-43256Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2021-42309Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2021-42320Microsoft SharePoint Server Spoofing VulnerabilityImportant
Microsoft Office SharePointCVE-2021-43242Microsoft SharePoint Server Spoofing VulnerabilityImportant
Microsoft Office SharePointCVE-2021-42294Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
Microsoft PowerShellCVE-2021-43896Microsoft PowerShell Spoofing VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2021-41360HEVC Video Extensions Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2021-43248Windows Digital Media Receiver Elevation of Privilege VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2021-43214Web Media Extensions Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2021-40452HEVC Video Extensions Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2021-40453HEVC Video Extensions Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2021-43243VP9 Video Extensions Information Disclosure VulnerabilityImportant
Office Developer PlatformCVE-2021-43255Microsoft Office Trust Center Spoofing VulnerabilityImportant
Remote Desktop ClientCVE-2021-43233Remote Desktop Client Remote Code Execution VulnerabilityCritical
Role: Windows Fax ServiceCVE-2021-43234Windows Fax Service Remote Code Execution VulnerabilityImportant
Role: Windows Hyper-VCVE-2021-43246Windows Hyper-V Denial of Service VulnerabilityImportant
Visual Studio CodeCVE-2021-43891Visual Studio Code Remote Code Execution VulnerabilityImportant
Visual Studio CodeCVE-2021-43908Visual Studio Code Spoofing VulnerabilityImportant
Visual Studio Code – WSL ExtensionCVE-2021-43907Visual Studio Code WSL Extension Remote Code Execution VulnerabilityCritical
Windows Common Log File System DriverCVE-2021-43226Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
Windows Common Log File System DriverCVE-2021-43224Windows Common Log File System Driver Information Disclosure VulnerabilityImportant
Windows Common Log File System DriverCVE-2021-43207Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
Windows Digital TV TunerCVE-2021-43245Windows Digital TV Tuner Elevation of Privilege VulnerabilityImportant
Windows DirectXCVE-2021-43219DirectX Graphics Kernel File Denial of Service VulnerabilityImportant
Windows Encrypting File System (EFS)CVE-2021-43217Windows Encrypting File System (EFS) Remote Code Execution VulnerabilityCritical
Windows Encrypting File System (EFS)CVE-2021-43893Windows Encrypting File System (EFS) Elevation of Privilege VulnerabilityImportant
Windows Event TracingCVE-2021-43232Windows Event Tracing Remote Code Execution VulnerabilityImportant
Windows InstallerCVE-2021-43883Windows Installer Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2021-43244Windows Kernel Information Disclosure VulnerabilityImportant
Windows MediaCVE-2021-40441Windows Media Center Elevation of Privilege VulnerabilityImportant
Windows Mobile Device ManagementCVE-2021-43880Windows Mobile Device Management Elevation of Privilege VulnerabilityImportant
Windows NTFSCVE-2021-43240NTFS Set Short Name Elevation of Privilege VulnerabilityImportant
Windows NTFSCVE-2021-43231Windows NTFS Elevation of Privilege VulnerabilityImportant
Windows NTFSCVE-2021-43230Windows NTFS Elevation of Privilege VulnerabilityImportant
Windows NTFSCVE-2021-43229Windows NTFS Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2021-41333Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Remote Access Connection ManagerCVE-2021-43223Windows Remote Access Connection Manager Elevation of Privilege VulnerabilityImportant
Windows Remote Access Connection ManagerCVE-2021-43238Windows Remote Access Elevation of Privilege VulnerabilityImportant
Windows StorageCVE-2021-43235Storage Spaces Controller Information Disclosure VulnerabilityImportant
Windows Storage Spaces ControllerCVE-2021-43227Storage Spaces Controller Information Disclosure VulnerabilityImportant
Windows SymCryptCVE-2021-43228SymCrypt Denial of Service VulnerabilityImportant
Windows TCP/IPCVE-2021-43247Windows TCP/IP Driver Elevation of Privilege VulnerabilityImportant
Windows Update StackCVE-2021-43237Windows Setup Elevation of Privilege VulnerabilityImportant
Windows Update StackCVE-2021-43239Windows Recovery Environment Agent Elevation of Privilege VulnerabilityImportant

Πηγή: Bleeping Computer

Digital Fortress
Digital Fortresshttps://www.secnews.gr
Pursue Your Dreams & Live!

Εγγραφή στο Newsletter

* indicates required

FOLLOW US

LIVE NEWS