H Microsoft κυκλοφόρησε χθες το Patch Tuesday Ιανουαρίου, το πρώτο Patch Tuesday του 2023, φέρνοντας διορθώσεις για 98 ευπάθειες. Μια από αυτές έχει χαρακτηριστεί ως zero-day.
Αξίζει να σημειωθεί ότι οι έντεκα από τις 98 ευπάθειες, έχουν κατηγοριοποιηθεί ως “Κρίσιμες“. Η Microsoft θεώρησε αυτές τις ευπάθειες τόσο σοβαρές λόγω της ικανότητάς τους να επιτρέπουν την απομακρυσμένη εκτέλεση κώδικα, την παράκαμψη μέτρων ασφαλείας ή τη χορήγηση υψηλότερων προνομίων στους εγκληματίες.
Δείτε επίσης: Android 13 QPR2 Beta 2: Τι νέο φέρνει;
Στην παρακάτω λίστα, μπορείτε να δείτε τις κατηγορίες των ευπαθειών που διορθώνονται και τον αριθμό ανά κατηγορία:
- 39 ευπάθειες που δίνουν περισσότερα προνόμια στα συστήματα
- 33 ευπάθειες που επιτρέπουν εκτέλεση κώδικα απομακρυσμένα
- 10 ευπάθειες που επιτρέπουν αποκάλυψη πληροφοριών
- 10 ευπάθειες που επιτρέπουν Denial of Service επιθέσεις
- 4 ευπάθειες που επιτρέπουν την παράκαμψη λύσεων ασφαλείας
- 2 ευπάθειες που επιτρέπουν Spoofing επιθέσεις
Patch Tuesday: Διόρθωση zero-day ευπάθειας
Όπως είπαμε και παραπάνω, η Microsoft διορθώνει με το Patch Tuesday αυτού του μήνα και μια zero-day ευπάθεια. Αυτές οι ευπάθειες είναι συνήθως πολύ επικίνδυνες. Είναι σημαντικό τόσο για τους επαγγελματίες πληροφορικής όσο και για τους προγραμματιστές λογισμικού να κατανοήσουν τους κινδύνους που σχετίζονται με τις επιθέσεις που εκμεταλλεύονται zero-days, ώστε να μπορούν να λάβουν μέτρα για την προστασία των συστημάτων τους από αυτές.
Η Microsoft αναγνωρίζει ένα κενό ασφαλείας ως zero-day όταν αποκαλύπτεται δημόσια ή χρησιμοποιείται από εγκληματίες του κυβερνοχώρου, χωρίς να υπάρχει επίσημη λύση από την εταιρεία.
Δείτε επίσης: Η Microsoft διορθώνει το Windows 11 bug πίσω από τα 0x800700b7 errors
Η zero-day ευπάθεια που είχε χρησιμοποιηθεί σε επιθέσεις και διορθώνεται τώρα, είναι:
CVE-2023-21674 – Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability: ανακαλύφθηκε από τους Jan Vojtěšek, Milánek και Przemek Gmerek της Avast.
Η Microsoft δηλώνει ότι πρόκειται για μια ευπάθεια “Sandbox escape” που μπορεί να οδηγήσει σε αύξηση των προνομίων στα συστήματα.
“Ένας εισβολέας που εκμεταλλεύεται με επιτυχία αυτήν την ευπάθεια θα μπορούσε να αποκτήσει προνόμια SYSTEM“, εξηγεί η Microsoft.
Ενώ οι λεπτομέρειες της ευπάθειας είναι ακόμη υπό εξέταση, μια επιτυχημένη εκμετάλλευση απαιτεί από έναν εισβολέα να έχει ήδη επιτύχει μια αρχική μόλυνση στον υπολογιστή. Είναι επίσης πιθανό το ελάττωμα να συνδυάζεται με ένα σφάλμα που υπάρχει στο πρόγραμμα περιήγησης ιστού για να ξεφύγει από το sandbox και να αποκτήσει αυξημένα προνόμια.
Δείτε επίσης: Amazon S3: Θα κρυπτογραφεί τα δεδομένα από προεπιλογή
Αξίζει επίσης να σημειωθεί ότι η Υπηρεσία Κυβερνοασφάλειας και Ασφάλειας Υποδομής των ΗΠΑ (CISA) έχει προσθέσει την ευπάθεια στον κατάλογο Γνωστών Εκμεταλλευόμενων Ευπαθειών (KEV), καλώντας τις ομοσπονδιακές υπηρεσίες να εφαρμόσουν ενημερώσεις έως τις 31 Ιανουαρίου 2023.
Microsoft Patch Tuesday Ιανουαρίου 2023
Στον παρακάτω πίνακα, μπορείτε να δείτε αναλυτικά όλες τις ευπάθειες που διορθώνονται με τις νέες ενημερώσεις ασφαλείας της Microsoft.
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| .NET Core | CVE-2023-21538 | .NET Denial of Service Vulnerability | Important |
| 3D Builder | CVE-2023-21782 | 3D Builder Remote Code Execution Vulnerability | Important |
| 3D Builder | CVE-2023-21781 | 3D Builder Remote Code Execution Vulnerability | Important |
| 3D Builder | CVE-2023-21783 | 3D Builder Remote Code Execution Vulnerability | Important |
| 3D Builder | CVE-2023-21784 | 3D Builder Remote Code Execution Vulnerability | Important |
| 3D Builder | CVE-2023-21791 | 3D Builder Remote Code Execution Vulnerability | Important |
| 3D Builder | CVE-2023-21793 | 3D Builder Remote Code Execution Vulnerability | Important |
| 3D Builder | CVE-2023-21786 | 3D Builder Remote Code Execution Vulnerability | Important |
| 3D Builder | CVE-2023-21790 | 3D Builder Remote Code Execution Vulnerability | Important |
| 3D Builder | CVE-2023-21780 | 3D Builder Remote Code Execution Vulnerability | Important |
| 3D Builder | CVE-2023-21792 | 3D Builder Remote Code Execution Vulnerability | Important |
| 3D Builder | CVE-2023-21789 | 3D Builder Remote Code Execution Vulnerability | Important |
| 3D Builder | CVE-2023-21785 | 3D Builder Remote Code Execution Vulnerability | Important |
| 3D Builder | CVE-2023-21787 | 3D Builder Remote Code Execution Vulnerability | Important |
| 3D Builder | CVE-2023-21788 | 3D Builder Remote Code Execution Vulnerability | Important |
| Azure Service Fabric Container | CVE-2023-21531 | Azure Service Fabric Container Elevation of Privilege Vulnerability | Important |
| Microsoft Bluetooth Driver | CVE-2023-21739 | Windows Bluetooth Driver Elevation of Privilege Vulnerability | Important |
| Microsoft Exchange Server | CVE-2023-21764 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Important |
| Microsoft Exchange Server | CVE-2023-21763 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Important |
| Microsoft Exchange Server | CVE-2023-21762 | Microsoft Exchange Server Spoofing Vulnerability | Important |
| Microsoft Exchange Server | CVE-2023-21761 | Microsoft Exchange Server Information Disclosure Vulnerability | Important |
| Microsoft Exchange Server | CVE-2023-21745 | Microsoft Exchange Server Spoofing Vulnerability | Important |
| Microsoft Graphics Component | CVE-2023-21680 | Windows Win32k Elevation of Privilege Vulnerability | Important |
| Microsoft Graphics Component | CVE-2023-21532 | Windows GDI Elevation of Privilege Vulnerability | Important |
| Microsoft Graphics Component | CVE-2023-21552 | Windows GDI Elevation of Privilege Vulnerability | Important |
| Microsoft Local Security Authority Server (lsasrv) | CVE-2023-21728 | Windows Netlogon Denial of Service Vulnerability | Important |
| Microsoft Message Queuing | CVE-2023-21537 | Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability | Important |
| Microsoft Office | CVE-2023-21734 | Microsoft Office Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2023-21735 | Microsoft Office Remote Code Execution Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2023-21742 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2023-21743 | Microsoft SharePoint Server Security Feature Bypass Vulnerability | Critical |
| Microsoft Office SharePoint | CVE-2023-21744 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
| Microsoft Office Visio | CVE-2023-21741 | Microsoft Office Visio Information Disclosure Vulnerability | Important |
| Microsoft Office Visio | CVE-2023-21736 | Microsoft Office Visio Remote Code Execution Vulnerability | Important |
| Microsoft Office Visio | CVE-2023-21737 | Microsoft Office Visio Remote Code Execution Vulnerability | Important |
| Microsoft Office Visio | CVE-2023-21738 | Microsoft Office Visio Remote Code Execution Vulnerability | Important |
| Microsoft WDAC OLE DB provider for SQL | CVE-2023-21681 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
| Visual Studio Code | CVE-2023-21779 | Visual Studio Code Remote Code Execution | Important |
| Windows ALPC | CVE-2023-21674 | Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability | Important |
| Windows Ancillary Function Driver for WinSock | CVE-2023-21768 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important |
| Windows Authentication Methods | CVE-2023-21539 | Windows Authentication Remote Code Execution Vulnerability | Important |
| Windows Backup Engine | CVE-2023-21752 | Windows Backup Service Elevation of Privilege Vulnerability | Important |
| Windows Bind Filter Driver | CVE-2023-21733 | Windows Bind Filter Driver Elevation of Privilege Vulnerability | Important |
| Windows BitLocker | CVE-2023-21563 | BitLocker Security Feature Bypass Vulnerability | Important |
| Windows Boot Manager | CVE-2023-21560 | Windows Boot Manager Security Feature Bypass Vulnerability | Important |
| Windows Credential Manager | CVE-2023-21726 | Windows Credential Manager User Interface Elevation of Privilege Vulnerability | Important |
| Windows Cryptographic Services | CVE-2023-21559 | Windows Cryptographic Information Disclosure Vulnerability | Important |
| Windows Cryptographic Services | CVE-2023-21551 | Microsoft Cryptographic Services Elevation of Privilege Vulnerability | Critical |
| Windows Cryptographic Services | CVE-2023-21561 | Microsoft Cryptographic Services Elevation of Privilege Vulnerability | Critical |
| Windows Cryptographic Services | CVE-2023-21540 | Windows Cryptographic Information Disclosure Vulnerability | Important |
| Windows Cryptographic Services | CVE-2023-21730 | Microsoft Cryptographic Services Elevation of Privilege Vulnerability | Critical |
| Windows Cryptographic Services | CVE-2023-21550 | Windows Cryptographic Information Disclosure Vulnerability | Important |
| Windows DWM Core Library | CVE-2023-21724 | Microsoft DWM Core Library Elevation of Privilege Vulnerability | Important |
| Windows Error Reporting | CVE-2023-21558 | Windows Error Reporting Service Elevation of Privilege Vulnerability | Important |
| Windows Event Tracing | CVE-2023-21536 | Event Tracing for Windows Information Disclosure Vulnerability | Important |
| Windows IKE Extension | CVE-2023-21758 | Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | Important |
| Windows IKE Extension | CVE-2023-21683 | Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | Important |
| Windows IKE Extension | CVE-2023-21677 | Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | Important |
| Windows Installer | CVE-2023-21542 | Windows Installer Elevation of Privilege Vulnerability | Important |
| Windows Internet Key Exchange (IKE) Protocol | CVE-2023-21547 | Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability | Important |
| Windows iSCSI | CVE-2023-21527 | Windows iSCSI Service Denial of Service Vulnerability | Important |
| Windows Kernel | CVE-2023-21755 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2023-21753 | Event Tracing for Windows Information Disclosure Vulnerability | Important |
| Windows Layer 2 Tunneling Protocol | CVE-2023-21556 | Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability | Critical |
| Windows Layer 2 Tunneling Protocol | CVE-2023-21555 | Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability | Critical |
| Windows Layer 2 Tunneling Protocol | CVE-2023-21543 | Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability | Critical |
| Windows Layer 2 Tunneling Protocol | CVE-2023-21546 | Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability | Critical |
| Windows Layer 2 Tunneling Protocol | CVE-2023-21679 | Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability | Critical |
| Windows LDAP – Lightweight Directory Access Protocol | CVE-2023-21676 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | Important |
| Windows LDAP – Lightweight Directory Access Protocol | CVE-2023-21557 | Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability | Important |
| Windows Local Security Authority (LSA) | CVE-2023-21524 | Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability | Important |
| Windows Local Session Manager (LSM) | CVE-2023-21771 | Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability | Important |
| Windows Malicious Software Removal Tool | CVE-2023-21725 | Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability | Important |
| Windows Management Instrumentation | CVE-2023-21754 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows NTLM | CVE-2023-21746 | Windows NTLM Elevation of Privilege Vulnerability | Important |
| Windows ODBC Driver | CVE-2023-21732 | Microsoft ODBC Driver Remote Code Execution Vulnerability | Important |
| Windows Overlay Filter | CVE-2023-21766 | Windows Overlay Filter Information Disclosure Vulnerability | Important |
| Windows Overlay Filter | CVE-2023-21767 | Windows Overlay Filter Elevation of Privilege Vulnerability | Important |
| Windows Point-to-Point Tunneling Protocol | CVE-2023-21682 | Windows Point-to-Point Protocol (PPP) Information Disclosure Vulnerability | Important |
| Windows Print Spooler Components | CVE-2023-21760 | Windows Print Spooler Elevation of Privilege Vulnerability | Important |
| Windows Print Spooler Components | CVE-2023-21765 | Windows Print Spooler Elevation of Privilege Vulnerability | Important |
| Windows Print Spooler Components | CVE-2023-21678 | Windows Print Spooler Elevation of Privilege Vulnerability | Important |
| Windows Remote Access Service L2TP Driver | CVE-2023-21757 | Windows Layer 2 Tunneling Protocol (L2TP) Denial of Service Vulnerability | Important |
| Windows RPC API | CVE-2023-21525 | Remote Procedure Call Runtime Denial of Service Vulnerability | Important |
| Windows Secure Socket Tunneling Protocol (SSTP) | CVE-2023-21548 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | Critical |
| Windows Secure Socket Tunneling Protocol (SSTP) | CVE-2023-21535 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | Critical |
| Windows Smart Card | CVE-2023-21759 | Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability | Important |
| Windows Task Scheduler | CVE-2023-21541 | Windows Task Scheduler Elevation of Privilege Vulnerability | Important |
| Windows Virtual Registry Provider | CVE-2023-21772 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Virtual Registry Provider | CVE-2023-21748 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Virtual Registry Provider | CVE-2023-21773 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Virtual Registry Provider | CVE-2023-21747 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Virtual Registry Provider | CVE-2023-21776 | Windows Kernel Information Disclosure Vulnerability | Important |
| Windows Virtual Registry Provider | CVE-2023-21774 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Virtual Registry Provider | CVE-2023-21750 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Virtual Registry Provider | CVE-2023-21675 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Virtual Registry Provider | CVE-2023-21749 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Workstation Service | CVE-2023-21549 | Windows SMB Witness Service Elevation of Privilege Vulnerability | Important |
Πηγή: www.bleepingcomputer.com
