Patch Tuesday Δεκεμβρίου 2021: Η Microsoft διορθώνει 67 ευπάθειες

Patch Tuesday Δεκεμβρίου 2021: Η Microsoft διορθώνει 67 ευπάθειες

Η Microsoft κυκλοφόρησε χθες το Patch Tuesday Δεκεμβρίου 2021, φέρνοντας διορθώσεις για 67 ευπάθειες. Έξι από αυτές είναι zero-day. Οι ενημερώσεις διορθώνουν και μια Windows Installer ευπάθεια που χρησιμοποιείται σε καμπάνιες διανομής malware.

Microsoft Patch Tuesday
Patch Tuesday Δεκεμβρίου 2021: Η Microsoft διορθώνει 67 ευπάθειες

Επτά από τις ευπάθειες που διορθώνονται, έχουν χαρακτηριστεί ως Κρίσιμες και οι υπόλοιπες 60 ως Σημαντικές.

Δείτε επίσης: Anubis malware: Στοχεύει πελάτες 394 χρηματοπιστωτικών ιδρυμάτων

Ακολουθούν τα είδη και ο αριθμός των ευπαθειών που διορθώνονται:

  • 26 Remote Code Execution ευπάθειες
  • 21 Elevation of Privilege ευπάθειες
  • 10 Information Disclosure ευπάθειες
  • 7 Spoofing ευπάθειες
  • 3 Denial of Service ευπάθειες

Patch Tuesday Δεκεμβρίου: Διορθώνονται 6 zero-day bugs

Όπως είπαμε παραπάνω, με το Patch Tuesday Δεκεμβρίου, η Microsoft διορθώνει έξι zero-day ευπάθειες. Η εταιρεία ταξινομεί μια ευπάθεια ως zero-day, εάν αποκαλύπτεται δημόσια ή γίνεται εκμετάλλευση χωρίς καμία επίσημη ενημέρωση κώδικα.

Δείτε επίσης: Εκστρατεία κατασκοπείας «χτύπησε» τηλεπικοινωνιακές εταιρείες

Η zero-day ευπάθεια Windows AppX Installer που χρησιμοποιείται ενεργά, είναι επίσημα γνωστή ως CVE-2021-43890 και, σύμφωνα με τη Microsoft, χρησιμοποιείται σε διάφορες καμπάνιες διανομής κακόβουλου λογισμικού, συμπεριλαμβανομένων των Emotet, TrickBot και BazarLoader.

Microsoft zero-day ευπάθειες

Οι υπόλοιπες πέντε zero-day ευπάθειες που διορθώνει η Microsoft είναι οι ακόλουθες:

  • CVE-2021-43240 – NTFS Set Short Name Elevation of Privilege ευπάθεια
  • CVE-2021-41333 – Windows Print Spooler Elevation of Privilege ευπάθεια
  • CVE-2021-43880 – Windows Mobile Device Management Elevation of Privilege ευπάθεια
  • CVE-2021-43883 – Windows Installer Elevation of Privilege ευπάθεια
  • CVE-2021-43893 – Windows Encrypting File System (EFS) Elevation of Privilege ευπάθεια

Δείτε επίσης: Phishing emails διανέμουν το Agent Tesla malware μέσω κακόβουλων PowerPoint

Microsoft Patch Tuesday Δεκεμβρίου 2021

Στον παρακάτω πίνακα, μπορείτε να δείτε αναλυτικά τις ευπάθειες (zero-day και μη) που διορθώνει η Microsoft αυτό το μήνα:

Tag CVE ID CVE Title Severity
Apps Windows AppX Installer Spoofing Vulnerability Important
ASP.NET Core & Visual Studio ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability Important
Azure Bot Framework SDK Bot Framework SDK Remote Code Execution Vulnerability Important
BizTalk ESB Toolkit Microsoft BizTalk ESB Toolkit Spoofing Vulnerability Important
Internet Storage Name Service iSNS Server Memory Corruption Vulnerability Can Lead to Remote Code Execution Critical
Microsoft Defender for IoT Microsoft Defender for IoT Remote Code Execution Vulnerability Important
Microsoft Defender for IoT Microsoft Defender for IoT Remote Code Execution Vulnerability Important
Microsoft Defender for IoT Microsoft Defender for IoT Remote Code Execution Vulnerability Critical
Microsoft Defender for IoT Microsoft Defender for IoT Remote Code Execution Vulnerability Important
Microsoft Defender for IoT Microsoft Defender for IoT Information Disclosure Vulnerability Important
Microsoft Defender for IoT Microsoft Defender for IoT Remote Code Execution Vulnerability Important
Microsoft Defender for IoT Microsoft Defender for IoT Remote Code Execution Vulnerability Important
Microsoft Defender for IoT Microsoft Defender for IOT Elevation of Privilege Vulnerability Important
Microsoft Defender for IoT Microsoft Defender for IoT Remote Code Execution Vulnerability Important
Microsoft Defender for IoT Microsoft Defender for IoT Remote Code Execution Vulnerability Important
Microsoft Devices Microsoft 4K Wireless Display Adapter Remote Code Execution Vulnerability Critical
Microsoft Edge (Chromium-based) Chromium: CVE-2021-4056: Type Confusion in loader Unknown
Microsoft Edge (Chromium-based) Chromium: CVE-2021-4055 Heap buffer overflow in extensions Unknown
Microsoft Edge (Chromium-based) Chromium: CVE-2021-4054 Incorrect security UI in autofill Unknown
Microsoft Edge (Chromium-based) Chromium: CVE-2021-4052 Use after free in web apps Unknown
Microsoft Edge (Chromium-based) Chromium: CVE-2021-4053 Use after free in UI Unknown
Microsoft Edge (Chromium-based) Chromium: CVE-2021-4065 Use after free in autofill Unknown
Microsoft Edge (Chromium-based) Chromium: CVE-2021-4064 Use after free in screen capture Unknown
Microsoft Edge (Chromium-based) Chromium: CVE-2021-4063 Use after free in developer tools Unknown
Microsoft Edge (Chromium-based) Chromium: CVE-2021-4068 Insufficient validation of untrusted input in new tab page Unknown
Microsoft Edge (Chromium-based) Chromium: CVE-2021-4067 Use after free in window manager Unknown
Microsoft Edge (Chromium-based) Chromium: CVE-2021-4066 Integer underflow in ANGLE Unknown
Microsoft Edge (Chromium-based) Chromium: CVE-2021-4059 Insufficient data validation in loader Unknown
Microsoft Edge (Chromium-based) Chromium: CVE-2021-4062 Heap buffer overflow in BFCache Unknown
Microsoft Edge (Chromium-based) Chromium: CVE-2021-4061 Type Confusion in V8 Unknown
Microsoft Edge (Chromium-based) Chromium: CVE-2021-4058 Heap buffer overflow in ANGLE Unknown
Microsoft Edge (Chromium-based) Chromium: CVE-2021-4057 Use after free in file API Unknown
Microsoft Local Security Authority Server (lsasrv) Microsoft Local Security Authority Server (lsasrv) Information Disclosure Vulnerability Important
Microsoft Message Queuing Microsoft Message Queuing Information Disclosure Vulnerability Important
Microsoft Message Queuing Microsoft Message Queuing Information Disclosure Vulnerability Important
Microsoft Office Microsoft Office Graphics Remote Code Execution Vulnerability Important
Microsoft Office Visual Basic for Applications Information Disclosure Vulnerability Important
Microsoft Office Microsoft Office app Remote Code Execution Vulnerability Critical
Microsoft Office Access Microsoft Jet Red Database Engine and Access Connectivity Engine Elevation of Privilege Vulnerability Important
Microsoft Office Excel Microsoft Excel Remote Code Execution Vulnerability Important
Microsoft Office SharePoint Microsoft SharePoint Server Remote Code Execution Vulnerability Important
Microsoft Office SharePoint Microsoft SharePoint Server Spoofing Vulnerability Important
Microsoft Office SharePoint Microsoft SharePoint Server Spoofing Vulnerability Important
Microsoft Office SharePoint Microsoft SharePoint Server Remote Code Execution Vulnerability Important
Microsoft PowerShell Microsoft PowerShell Spoofing Vulnerability Important
Microsoft Windows Codecs Library HEVC Video Extensions Remote Code Execution Vulnerability Important
Microsoft Windows Codecs Library Windows Digital Media Receiver Elevation of Privilege Vulnerability Important
Microsoft Windows Codecs Library Web Media Extensions Remote Code Execution Vulnerability Important
Microsoft Windows Codecs Library HEVC Video Extensions Remote Code Execution Vulnerability Important
Microsoft Windows Codecs Library HEVC Video Extensions Remote Code Execution Vulnerability Important
Microsoft Windows Codecs Library VP9 Video Extensions Information Disclosure Vulnerability Important
Office Developer Platform Microsoft Office Trust Center Spoofing Vulnerability Important
Remote Desktop Client Remote Desktop Client Remote Code Execution Vulnerability Critical
Role: Windows Fax Service Windows Fax Service Remote Code Execution Vulnerability Important
Role: Windows Hyper-V Windows Hyper-V Denial of Service Vulnerability Important
Visual Studio Code Visual Studio Code Remote Code Execution Vulnerability Important
Visual Studio Code Visual Studio Code Spoofing Vulnerability Important
Visual Studio Code – WSL Extension Visual Studio Code WSL Extension Remote Code Execution Vulnerability Critical
Windows Common Log File System Driver Windows Common Log File System Driver Elevation of Privilege Vulnerability Important
Windows Common Log File System Driver Windows Common Log File System Driver Information Disclosure Vulnerability Important
Windows Common Log File System Driver Windows Common Log File System Driver Elevation of Privilege Vulnerability Important
Windows Digital TV Tuner Windows Digital TV Tuner Elevation of Privilege Vulnerability Important
Windows DirectX DirectX Graphics Kernel File Denial of Service Vulnerability Important
Windows Encrypting File System (EFS) Windows Encrypting File System (EFS) Remote Code Execution Vulnerability Critical
Windows Encrypting File System (EFS) Windows Encrypting File System (EFS) Elevation of Privilege Vulnerability Important
Windows Event Tracing Windows Event Tracing Remote Code Execution Vulnerability Important
Windows Installer Windows Installer Elevation of Privilege Vulnerability Important
Windows Kernel Windows Kernel Information Disclosure Vulnerability Important
Windows Media Windows Media Center Elevation of Privilege Vulnerability Important
Windows Mobile Device Management Windows Mobile Device Management Elevation of Privilege Vulnerability Important
Windows NTFS NTFS Set Short Name Elevation of Privilege Vulnerability Important
Windows NTFS Windows NTFS Elevation of Privilege Vulnerability Important
Windows NTFS Windows NTFS Elevation of Privilege Vulnerability Important
Windows NTFS Windows NTFS Elevation of Privilege Vulnerability Important
Windows Print Spooler Components Windows Print Spooler Elevation of Privilege Vulnerability Important
Windows Remote Access Connection Manager Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Important
Windows Remote Access Connection Manager Windows Remote Access Elevation of Privilege Vulnerability Important
Windows Storage Storage Spaces Controller Information Disclosure Vulnerability Important
Windows Storage Spaces Controller Storage Spaces Controller Information Disclosure Vulnerability Important
Windows SymCrypt SymCrypt Denial of Service Vulnerability Important
Windows TCP/IP Windows TCP/IP Driver Elevation of Privilege Vulnerability Important
Windows Update Stack Windows Setup Elevation of Privilege Vulnerability Important
Windows Update Stack Windows Recovery Environment Agent Elevation of Privilege Vulnerability Important

Πηγή: Bleeping Computer

The post Patch Tuesday Δεκεμβρίου 2021: Η Microsoft διορθώνει 67 ευπάθειες appeared first on SecNews.gr.

This content was originally published here.

Laat een reactie achter

Het e-mailadres wordt niet gepubliceerd.