Η Microsoft κυκλοφόρησε χθες το Patch Tuesday Απριλίου 2024, το οποίο φέρνει διορθώσεις για 150 ευπάθειες ασφαλείας στα προϊόντα της.
![Microsoft Patch Tuesday Απριλίου 2024 ευπάθειες](https://www.secnews.gr/wp-content/uploads/cwv-webp-images/2024/04/MICROSOFT-PATCH-TUESDAY-APRILIOS-2024-1024x683.png.webp)
Η εταιρεία αξιολόγησε μόνο τρεις ευπάθειες ως κρίσιμες, αλλά υπάρχουν 67 σφάλματα που επιτρέπουν απομακρυσμένη εκτέλεση κώδικα (RCE). Περισσότερα από τα μισά RCE εντοπίζονται στα Microsoft SQL drivers. Διορθώθηκαν, επίσης, 26 σφάλματα παράκαμψης Secure Boot.
Δείτε επίσης: Microsoft: Ανοίγει νέο γραφείο AI στο Ηνωμένο Βασίλειο
Στην παρακάτω λίστα, μπορείτε να δείτε αναλυτικά τα είδη των ευπαθειών που διορθώθηκαν:
- 67 ευπάθειες που επιτρέπουν απομακρυσμένη εκτέλεση κώδικα
- 31 ευπάθειες που επιτρέπουν απόκτηση περισσότερων προνομίων
- 29 ευπάθειες που επιτρέπουν παράκαμψη δυνατοτήτων ασφαλείας
- 13 ευπάθειες που επιτρέπουν αποκάλυψη πληροφοριών
- 7 ευπάθειες που επιτρέπουν Denial of Service επιθέσεις
- 3 ευπάθειες που επιτρέπουν πλαστογράφηση
Στις 150 ευπάθειες που διορθώνονται στο Microsoft Patch Tuesday Απριλίου 2024 δεν περιλαμβάνονται 5 σφάλματα του Microsoft Edge που διορθώθηκαν στις 4 Απριλίου και 2 σφάλματα Mariner (διανομή Linux που αναπτύχθηκε από τη Microsoft για τις υπηρεσίες Microsoft Azure).
Διόρθωση δύο zero-day ευπαθειών
Το Patch Tuesday Απριλίου διόρθωσε δύο zero-day ευπάθειες που αξιοποιήθηκαν ενεργά σε επιθέσεις διανομής κακόβουλου λογισμικού.
Η Microsoft αρχικά δεν είχε ανακαλύψει την εκμετάλλευση, αλλά η Sophos και η Trend Micro μοιράστηκαν πληροφορίες σχετικά με τις επιθέσεις.
CVE-2024-26234: Proxy Driver Spoofing Vulnerability
Σύμφωνα με τη Sophos, αυτή τη ευπάθεια έχει εκχωρηθεί σε ένα κακόβουλο driver, υπογεγραμμένο με έγκυρο Microsoft Hardware Publisher Certificate. Το driver χρησιμοποιήθηκε για την ανάπτυξη backdoor που είχε αποκαλυφθεί προηγουμένως από τη Stairwell.
Δείτε επίσης: Η Microsoft διορθώνει Outlook bug που εμφάνιζε security alerts
CVE-2024-29988: SmartScreen Prompt Security Feature Bypass Vulnerability
Το CVE-2024-29988, που διορθώνεται στο Microsoft Patch Tuesday αυτού του μήνα, είναι ένα patch bypass για το σφάλμα CVE-2024-21412 (που είναι επίσης patch bypass για το CVE-2023-36025), το οποίο επιτρέπει στα συνημμένα να παρακάμπτουν τις προτροπές του Microsoft Defender Smartscreen όταν ανοίγει το αρχείο. Αυτή η ευπάθεια χρησιμοποιήθηκε από την ομάδα Water Hydra για να στοχεύσει forex trading forums και κανάλια Telegram σε επιθέσεις spear phishing που ανέπτυξαν το DarkMe remote access trojan (RAT).
Ερευνητές από την εταιρεία Varonis αποκάλυψαν επίσης δύο zero-day ευπάθειες στο Microsoft SharePoint που καθιστούν δύσκολο τον εντοπισμό της λήψης αρχείων από διακομιστές. Η Microsoft δεν έχει εκχωρήσει CVE στις δύο ευπάθειες και έχουν προστεθεί στο patching backlog, χωρίς χρονοδιάγραμμα για το πότε θα διορθωθούν.
Δείτε επίσης: Οι ΗΠΑ κατηγορούν τη Microsoft για ανεπαρκή κυβερνοασφάλεια
Microsoft Patch Tuesday Απριλίου 2024: Όλες οι ευπάθειες που διορθώνονται
Στον παρακάτω πίνακα, μπορείτε να δείτε όλες τις ευπάθειες που διορθώνονται αυτό το μήνα:
Tag | CVE ID | CVE Title | Severity |
---|---|---|---|
.NET and Visual Studio | CVE-2024-21409 | .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability | Important |
Azure | CVE-2024-29993 | Azure CycleCloud Elevation of Privilege Vulnerability | Important |
Azure AI Search | CVE-2024-29063 | Azure AI Search Information Disclosure Vulnerability | Important |
Azure Arc | CVE-2024-28917 | Azure Arc-enabled Kubernetes Extension Cluster-Scope Elevation of Privilege Vulnerability | Important |
Azure Compute Gallery | CVE-2024-21424 | Azure Compute Gallery Elevation of Privilege Vulnerability | Important |
Azure Migrate | CVE-2024-26193 | Azure Migrate Remote Code Execution Vulnerability | Important |
Azure Monitor | CVE-2024-29989 | Azure Monitor Agent Elevation of Privilege Vulnerability | Important |
Azure Private 5G Core | CVE-2024-20685 | Azure Private 5G Core Denial of Service Vulnerability | Moderate |
Azure SDK | CVE-2024-29992 | Azure Identity Library for .NET Information Disclosure Vulnerability | Moderate |
Intel | CVE-2024-2201 | Intel: CVE-2024-2201 Branch History Injection | Important |
Internet Shortcut Files | CVE-2024-29988 | SmartScreen Prompt Security Feature Bypass Vulnerability | Important |
Mariner | CVE-2019-3816 | Unknown | Unknown |
Mariner | CVE-2019-3833 | Unknown | Unknown |
Microsoft Azure Kubernetes Service | CVE-2024-29990 | Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability | Important |
Microsoft Brokering File System | CVE-2024-28905 | Microsoft Brokering File System Elevation of Privilege Vulnerability | Important |
Microsoft Brokering File System | CVE-2024-28907 | Microsoft Brokering File System Elevation of Privilege Vulnerability | Important |
Microsoft Brokering File System | CVE-2024-26213 | Microsoft Brokering File System Elevation of Privilege Vulnerability | Important |
Microsoft Brokering File System | CVE-2024-28904 | Microsoft Brokering File System Elevation of Privilege Vulnerability | Important |
Microsoft Defender for IoT | CVE-2024-29055 | Microsoft Defender for IoT Elevation of Privilege Vulnerability | Important |
Microsoft Defender for IoT | CVE-2024-29053 | Microsoft Defender for IoT Remote Code Execution Vulnerability | Critical |
Microsoft Defender for IoT | CVE-2024-29054 | Microsoft Defender for IoT Elevation of Privilege Vulnerability | Important |
Microsoft Defender for IoT | CVE-2024-21324 | Microsoft Defender for IoT Elevation of Privilege Vulnerability | Important |
Microsoft Defender for IoT | CVE-2024-21323 | Microsoft Defender for IoT Remote Code Execution Vulnerability | Critical |
Microsoft Defender for IoT | CVE-2024-21322 | Microsoft Defender for IoT Remote Code Execution Vulnerability | Critical |
Microsoft Edge (Chromium-based) | CVE-2024-3156 | Chromium: CVE-2024-3156 Inappropriate implementation in V8 | Unknown |
Microsoft Edge (Chromium-based) | CVE-2024-29049 | Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability | Moderate |
Microsoft Edge (Chromium-based) | CVE-2024-29981 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | Low |
Microsoft Edge (Chromium-based) | CVE-2024-3159 | Chromium: CVE-2024-3159 Out of bounds memory access in V8 | Unknown |
Microsoft Edge (Chromium-based) | CVE-2024-3158 | Chromium: CVE-2024-3158 Use after free in Bookmarks | Unknown |
Microsoft Install Service | CVE-2024-26158 | Microsoft Install Service Elevation of Privilege Vulnerability | Important |
Microsoft Office Excel | CVE-2024-26257 | Microsoft Excel Remote Code Execution Vulnerability | Important |
Microsoft Office Outlook | CVE-2024-20670 | Outlook for Windows Spoofing Vulnerability | Important |
Microsoft Office SharePoint | CVE-2024-26251 | Microsoft SharePoint Server Spoofing Vulnerability | Important |
Microsoft WDAC ODBC Driver | CVE-2024-26214 | Microsoft WDAC SQL Server ODBC Driver Remote Code Execution Vulnerability | Important |
Microsoft WDAC OLE DB provider for SQL | CVE-2024-26244 | Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution Vulnerability | Important |
Microsoft WDAC OLE DB provider for SQL | CVE-2024-26210 | Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution Vulnerability | Important |
Role: DNS Server | CVE-2024-26233 | Windows DNS Server Remote Code Execution Vulnerability | Important |
Role: DNS Server | CVE-2024-26231 | Windows DNS Server Remote Code Execution Vulnerability | Important |
Role: DNS Server | CVE-2024-26227 | Windows DNS Server Remote Code Execution Vulnerability | Important |
Role: DNS Server | CVE-2024-26223 | Windows DNS Server Remote Code Execution Vulnerability | Important |
Role: DNS Server | CVE-2024-26221 | Windows DNS Server Remote Code Execution Vulnerability | Important |
Role: DNS Server | CVE-2024-26224 | Windows DNS Server Remote Code Execution Vulnerability | Important |
Role: DNS Server | CVE-2024-26222 | Windows DNS Server Remote Code Execution Vulnerability | Important |
Role: Windows Hyper-V | CVE-2024-29064 | Windows Hyper-V Denial of Service Vulnerability | Important |
SQL Server | CVE-2024-28937 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-28938 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-29044 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-28935 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-28940 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-28943 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-28941 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-28910 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-28944 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-28908 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-28909 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-29985 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-28906 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-28926 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-28933 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-28934 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-28927 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-28930 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-29046 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-28932 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-29047 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-28931 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-29984 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-28929 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-28939 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-28942 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-29043 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-28936 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-29045 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-28915 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-28913 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-28945 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-29048 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-28912 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-28914 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-29983 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-28911 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-29982 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
Windows Authentication Methods | CVE-2024-29056 | Windows Authentication Elevation of Privilege Vulnerability | Important |
Windows Authentication Methods | CVE-2024-21447 | Windows Authentication Elevation of Privilege Vulnerability | Important |
Windows BitLocker | CVE-2024-20665 | BitLocker Security Feature Bypass Vulnerability | Important |
Windows Compressed Folder | CVE-2024-26256 | libarchive Remote Code Execution Vulnerability | Important |
Windows Cryptographic Services | CVE-2024-26228 | Windows Cryptographic Services Security Feature Bypass Vulnerability | Important |
Windows Cryptographic Services | CVE-2024-29050 | Windows Cryptographic Services Remote Code Execution Vulnerability | Important |
Windows Defender Credential Guard | CVE-2024-26237 | Windows Defender Credential Guard Elevation of Privilege Vulnerability | Important |
Windows DHCP Server | CVE-2024-26212 | DHCP Server Service Denial of Service Vulnerability | Important |
Windows DHCP Server | CVE-2024-26215 | DHCP Server Service Denial of Service Vulnerability | Important |
Windows DHCP Server | CVE-2024-26195 | DHCP Server Service Remote Code Execution Vulnerability | Important |
Windows DHCP Server | CVE-2024-26202 | DHCP Server Service Remote Code Execution Vulnerability | Important |
Windows Distributed File System (DFS) | CVE-2024-29066 | Windows Distributed File System (DFS) Remote Code Execution Vulnerability | Important |
Windows Distributed File System (DFS) | CVE-2024-26226 | Windows Distributed File System (DFS) Information Disclosure Vulnerability | Important |
Windows DWM Core Library | CVE-2024-26172 | Windows DWM Core Library Information Disclosure Vulnerability | Important |
Windows File Server Resource Management Service | CVE-2024-26216 | Windows File Server Resource Management Service Elevation of Privilege Vulnerability | Important |
Windows HTTP.sys | CVE-2024-26219 | HTTP.sys Denial of Service Vulnerability | Important |
Windows Internet Connection Sharing (ICS) | CVE-2024-26253 | Windows rndismp6.sys Remote Code Execution Vulnerability | Important |
Windows Internet Connection Sharing (ICS) | CVE-2024-26252 | Windows rndismp6.sys Remote Code Execution Vulnerability | Important |
Windows Kerberos | CVE-2024-26183 | Windows Kerberos Denial of Service Vulnerability | Important |
Windows Kerberos | CVE-2024-26248 | Windows Kerberos Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2024-20693 | Windows Kernel Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2024-26245 | Windows SMB Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2024-26229 | Windows CSC Service Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2024-26218 | Windows Kernel Elevation of Privilege Vulnerability | Important |
Windows Local Security Authority Subsystem Service (LSASS) | CVE-2024-26209 | Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability | Important |
Windows Message Queuing | CVE-2024-26232 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | Important |
Windows Message Queuing | CVE-2024-26208 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | Important |
Windows Mobile Hotspot | CVE-2024-26220 | Windows Mobile Hotspot Information Disclosure Vulnerability | Important |
Windows Proxy Driver | CVE-2024-26234 | Proxy Driver Spoofing Vulnerability | Important |
Windows Remote Access Connection Manager | CVE-2024-28902 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | Important |
Windows Remote Access Connection Manager | CVE-2024-28900 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | Important |
Windows Remote Access Connection Manager | CVE-2024-28901 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | Important |
Windows Remote Access Connection Manager | CVE-2024-26255 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | Important |
Windows Remote Access Connection Manager | CVE-2024-26230 | Windows Telephony Server Elevation of Privilege Vulnerability | Important |
Windows Remote Access Connection Manager | CVE-2024-26239 | Windows Telephony Server Elevation of Privilege Vulnerability | Important |
Windows Remote Access Connection Manager | CVE-2024-26207 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | Important |
Windows Remote Access Connection Manager | CVE-2024-26217 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | Important |
Windows Remote Access Connection Manager | CVE-2024-26211 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | Important |
Windows Remote Procedure Call | CVE-2024-20678 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important |
Windows Routing and Remote Access Service (RRAS) | CVE-2024-26200 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
Windows Routing and Remote Access Service (RRAS) | CVE-2024-26179 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
Windows Routing and Remote Access Service (RRAS) | CVE-2024-26205 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
Windows Secure Boot | CVE-2024-29061 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-28921 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-20689 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-26250 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-28922 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-29062 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-20669 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-28898 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-20688 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-23593 | Lenovo: CVE-2024-23593 Zero Out Boot Manager and drop to UEFI Shell | Important |
Windows Secure Boot | CVE-2024-28896 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-28919 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-23594 | Lenovo: CVE-2024-23594 Stack Buffer Overflow in LenovoBT.efi | Important |
Windows Secure Boot | CVE-2024-28923 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-28903 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-26189 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-26240 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-28924 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-28897 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-28925 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-26175 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-28920 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-26194 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-26180 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-26171 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-26168 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Storage | CVE-2024-29052 | Windows Storage Elevation of Privilege Vulnerability | Important |
Windows Telephony Server | CVE-2024-26242 | Windows Telephony Server Elevation of Privilege Vulnerability | Important |
Windows Update Stack | CVE-2024-26236 | Windows Update Stack Elevation of Privilege Vulnerability | Important |
Windows Update Stack | CVE-2024-26235 | Windows Update Stack Elevation of Privilege Vulnerability | Important |
Windows USB Print Driver | CVE-2024-26243 | Windows USB Print Driver Elevation of Privilege Vulnerability | Important |
Windows Virtual Machine Bus | CVE-2024-26254 | Microsoft Virtual Machine Bus (VMBus) Denial of Service Vulnerability | Important |
Windows Win32K – ICOMP | CVE-2024-26241 | Win32k Elevation of Privilege Vulnerability | Important |
Το Microsoft Patch Tuesday είναι μια πρακτική που ακολουθεί η Microsoft, όπου τη δεύτερη Τρίτη του κάθε μήνα κυκλοφορεί ενημερώσεις και διορθώσεις για τα λειτουργικά συστήματα της, τα προγράμματα και τις εφαρμογές της. Αυτές οι ενημερώσεις περιλαμβάνουν συνήθως διορθώσεις ασφαλείας, βελτιώσεις απόδοσης και νέα χαρακτηριστικά.
Ο σκοπός του Microsoft Patch Tuesday είναι να παρέχει στους χρήστες της Microsoft την καλύτερη δυνατή εμπειρία χρήσης, διορθώνοντας προβλήματα και εξασφαλίζοντας την ασφάλεια των συστημάτων τους. Το Microsoft Patch Tuesday είναι σημαντικό για διάφορους λόγους. Καταρχήν, οι ενημερώσεις ασφαλείας βοηθούν στην προστασία των συστημάτων από κενά ασφαλείας και κακόβουλο λογισμικό. Αυτές οι ενημερώσεις διορθώνουν γνωστά προβλήματα ασφαλείας και ενισχύουν την ανθεκτικότητα των συστημάτων έναντι επιθέσεων.
Πηγή: www.bleepingcomputer.com