شرکت مایکروسافت در روز سهشنبه ۹ ماه آگوست (۱۸ مرداد)، اصلاحیههای امنیتی ماهانه خود را منتشر کرد. در این اصلاحیه ۲ آسیبپذیری روز صفر و در مجموع ۱۲۱ نقص امنیتی وصله شد.
جزئیات آسیب پذیریهای ماه آگوست
از ۱۲۱ آسیبپذیری وصله شده، ۱۷ مورد با درجه اهمیت «حیاتی» و از نوع اجرای کد از راه دور و یا افزایش سطح دسترسی هستند. تعداد هر یک از این آسیبپذیریها به تفکیک بر اساس فهرست زیر میباشد:
- ۶۴ نمونه آسیبپذیری افزایش سطح دسترسی
- ۶ نمونه آسیبپذیری عبور از راهکارهای امنیتی
- ۳۱ نمونه آسیبپذیری اجرای کد از راه دور
- ۱۲ نمونه آسیبپذیری افشای اطلاعات
- ۷ نمونه آسیبپذیری منع سرویس
- ۱ نمونه آسیبپذیری جعل
برای کسب اطلاعات بیشتر و دریافت و نصب وصلههای امنیتی ارائه شده ماه آگوست، به سایت مایکروسافت مراجعه کنید.
آسیبپذیریهای روز صفر
اصلاحیهی امنیتی این ماه ۲ آسیبپذیری روز صفر را برطرف میکند که یکی از آنها به طور فعال در حملات مورد سوء استفاده قرار گرفته است:
۱- آسیب پذیری روز صفر DogWalk
آسیبپذیری روز صفر مورد بهره برداری با عنوان “DogWalk” و با CVE-2022-34713 شناسایی میشود. این آسیب پذیری ناشی از نقص path traversal در ابزار تشخیصی پشتیبانی ویندوز (MSDT) است و مهاجمان میتوانند از آن برای اجرای کد از راه دور در سیستمهای آسیب پذیر سوء استفاده کنند.
هکرها این کار را با افزودن فایلهای اجرایی مخرب به Startup ویندوز انجام میدهند؛ زمانی که قربانی، یک فایل diagcab. ساخته شدهی مخرب (دریافت شده از طریق ایمیل یا دانلود از وب) را باز میکند.
در نتیجه، مرتبه بعدی که شخص ویندوز خود را راه اندازی مجدد (restart) میکند، فایلهای اجرایی قرار داده شده به طور خودکار اجرا میشوند تا عملیات مخربی همچون دانلود پیلودهای بدافزاری اضافی انجام شود.
در حالی که مهاجمان احراز هویت نشده میتوانند از این آسیبپذیری در حملات با پیچیدگی کم سوء استفاده کنند اما بهره برداری موفقیت آمیز به تعامل کاربر نیاز دارد (فریب دادن هدف برای باز کردن پیوستهای ایمیل مخرب یا کلیک کردن روی لینک برای دانلود و اجرای یک فایل مخرب).
- در سناریوی حمله ایمیلی، مهاجم با ارسال فایل ساختهشده مخصوص به کاربر و متقاعد کردن کاربر به باز کردن فایل، از آسیبپذیری سوء استفاده میکند.
- در سناریوی حمله مبتنی بر وب، مهاجم یک وبسایت را میزبانی میکند (یا از یک وبسایت آسیبپذیر سوءاستفاده میکند تا محتوای ارائهشده توسط کاربر را بپذیرد یا میزبانی کند) که حاوی یک فایل دستکاری شده برای سوءاستفاده از آسیبپذیری است.
[سیستمهای آسیب پذیر]
به گفته مایکروسافت، CVE-2022-34713 بر «تمامی نسخههای ویندوز تحت پشتیبانی»، از جمله آخرین نسخههای کلاینت و سرور یعنی ویندوز 11 و ویندوز سرور 2022 تأثیر میگذارد.
۲- آسیب پذیری روز صفر Microsoft Exchange
آسیبپذیری روز صفر دیگر با CVE-2022-30134 شناسایی میشود و از نوع افشای اطلاعات در Microsoft Exchange است که به مهاجم اجازه میدهد پیامهای ایمیل هدف را بخواند. مایکروسافت اعلام کرده که این آسیبپذیری به طور عمومی افشا شده اما در حملات شناسایی نشده است.
توصیه میشود که هرچه سریعتر وصلههای امنیتی منتشر شده را دانلود و نصب نمایید.
در جدول زیر میتوانید اطلاعات مرتبط با آسیبپذیریهای ارائه شده را مشاهده کنید:
| عنوان | شناسه آسیبپذیری (CVE ID) | عنوان آسیبپذیری ( CVE title) | شدت |
|---|---|---|---|
| .NET Core | CVE-2022-34716 | .NET Spoofing Vulnerability | Important |
| Active Directory Domain Services | CVE-2022-34691 | Active Directory Domain Services Elevation of Privilege Vulnerability | Critical |
| Azure Batch Node Agent | CVE-2022-33646 | Azure Batch Node Agent Elevation of Privilege Vulnerability | Critical |
| Azure Real Time Operating System | CVE-2022-34685 | Azure RTOS GUIX Studio Information Disclosure Vulnerability | Important |
| Azure Real Time Operating System | CVE-2022-34686 | Azure RTOS GUIX Studio Information Disclosure Vulnerability | Important |
| Azure Real Time Operating System | CVE-2022-35773 | Azure RTOS GUIX Studio Remote Code Execution Vulnerability | Important |
| Azure Real Time Operating System | CVE-2022-35779 | Azure RTOS GUIX Studio Remote Code Execution Vulnerability | Important |
| Azure Real Time Operating System | CVE-2022-35806 | Azure RTOS GUIX Studio Remote Code Execution Vulnerability | Important |
| Azure Real Time Operating System | CVE-2022-34687 | Azure RTOS GUIX Studio Remote Code Execution Vulnerability | Important |
| Azure Real Time Operating System | CVE-2022-30176 | Azure RTOS GUIX Studio Remote Code Execution Vulnerability | Important |
| Azure Real Time Operating System | CVE-2022-30175 | Azure RTOS GUIX Studio Remote Code Execution Vulnerability | Important |
| Azure Site Recovery | CVE-2022-35791 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
| Azure Site Recovery | CVE-2022-35818 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
| Azure Site Recovery | CVE-2022-35809 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
| Azure Site Recovery | CVE-2022-35789 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
| Azure Site Recovery | CVE-2022-35815 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
| Azure Site Recovery | CVE-2022-35817 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
| Azure Site Recovery | CVE-2022-35816 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
| Azure Site Recovery | CVE-2022-35814 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
| Azure Site Recovery | CVE-2022-35785 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
| Azure Site Recovery | CVE-2022-35812 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
| Azure Site Recovery | CVE-2022-35811 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
| Azure Site Recovery | CVE-2022-35784 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
| Azure Site Recovery | CVE-2022-35810 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
| Azure Site Recovery | CVE-2022-35813 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
| Azure Site Recovery | CVE-2022-35788 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
| Azure Site Recovery | CVE-2022-35783 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
| Azure Site Recovery | CVE-2022-35786 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
| Azure Site Recovery | CVE-2022-35787 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
| Azure Site Recovery | CVE-2022-35819 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
| Azure Site Recovery | CVE-2022-35781 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
| Azure Site Recovery | CVE-2022-35775 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
| Azure Site Recovery | CVE-2022-35790 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
| Azure Site Recovery | CVE-2022-35780 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
| Azure Site Recovery | CVE-2022-35799 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
| Azure Site Recovery | CVE-2022-35772 | Azure Site Recovery Remote Code Execution Vulnerability | Important |
| Azure Site Recovery | CVE-2022-35800 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
| Azure Site Recovery | CVE-2022-35774 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
| Azure Site Recovery | CVE-2022-35802 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
| Azure Site Recovery | CVE-2022-35782 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
| Azure Site Recovery | CVE-2022-35824 | Azure Site Recovery Remote Code Execution Vulnerability | Important |
| Azure Site Recovery | CVE-2022-35801 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
| Azure Site Recovery | CVE-2022-35808 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
| Azure Site Recovery | CVE-2022-35776 | Azure Site Recovery Denial of Service Vulnerability | Important |
| Azure Site Recovery | CVE-2022-35807 | Azure Site Recovery Elevation of Privilege Vulnerability | Important |
| Azure Sphere | CVE-2022-35821 | Azure Sphere Information Disclosure Vulnerability | Important |
| Microsoft ATA Port Driver | CVE-2022-35760 | Microsoft ATA Port Driver Elevation of Privilege Vulnerability | Important |
| Microsoft Bluetooth Driver | CVE-2022-35820 | Windows Bluetooth Driver Elevation of Privilege Vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2022-35796 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | Low |
| Microsoft Edge (Chromium-based) | CVE-2022-33649 | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2022-2618 | Chromium: CVE-2022-2618 Insufficient validation of untrusted input in Internals | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2022-2616 | Chromium: CVE-2022-2616 Inappropriate implementation in Extensions API | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2022-2617 | Chromium: CVE-2022-2617 Use after free in Extensions API | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2022-2619 | Chromium: CVE-2022-2619 Insufficient validation of untrusted input in Settings | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2022-2622 | Chromium: CVE-2022-2622 Insufficient validation of untrusted input in Safe Browsing | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2022-2623 | Chromium: CVE-2022-2623 Use after free in Offline | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2022-33636 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | Moderate |
| Microsoft Edge (Chromium-based) | CVE-2022-2621 | Chromium: CVE-2022-2621 Use after free in Extensions | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2022-2615 | Chromium: CVE-2022-2615 Insufficient policy enforcement in Cookies | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2022-2604 | Chromium: CVE-2022-2604 Use after free in Safe Browsing | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2022-2605 | Chromium: CVE-2022-2605 Out of bounds read in Dawn | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2022-2624 | Chromium: CVE-2022-2624 Heap buffer overflow in PDF | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2022-2603 | Chromium: CVE-2022-2603 Use after free in Omnibox | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2022-2606 | Chromium: CVE-2022-2606 Use after free in Managed devices API | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2022-2612 | Chromium: CVE-2022-2612 Side-channel information leakage in Keyboard input | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2022-2614 | Chromium: CVE-2022-2614 Use after free in Sign-In Flow | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2022-2610 | Chromium: CVE-2022-2610 Insufficient policy enforcement in Background Fetch | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2022-2611 | Chromium: CVE-2022-2611 Inappropriate implementation in Fullscreen API | Unknown |
| Microsoft Exchange Server | CVE-2022-34692 | Microsoft Exchange Information Disclosure Vulnerability | Important |
| Microsoft Exchange Server | CVE-2022-21980 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Critical |
| Microsoft Exchange Server | CVE-2022-21979 | Microsoft Exchange Information Disclosure Vulnerability | Important |
| Microsoft Exchange Server | CVE-2022-24516 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Critical |
| Microsoft Exchange Server | CVE-2022-30134 | Microsoft Exchange Information Disclosure Vulnerability | Important |
| Microsoft Exchange Server | CVE-2022-24477 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Critical |
| Microsoft Office | CVE-2022-34717 | Microsoft Office Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2022-33648 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2022-33631 | Microsoft Excel Security Feature Bypass Vulnerability | Important |
| Microsoft Office Outlook | CVE-2022-35742 | Microsoft Outlook Denial of Service Vulnerability | Important |
| Microsoft Windows Support Diagnostic Tool (MSDT) | CVE-2022-34713 | Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability | Important |
| Microsoft Windows Support Diagnostic Tool (MSDT) | CVE-2022-35743 | Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability | Important |
| Remote Access Service Point-to-Point Tunneling Protocol | CVE-2022-35752 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | Critical |
| Remote Access Service Point-to-Point Tunneling Protocol | CVE-2022-35753 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | Critical |
| Remote Access Service Point-to-Point Tunneling Protocol | CVE-2022-35769 | Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability | Important |
| Role: Windows Fax Service | CVE-2022-34690 | Windows Fax Service Elevation of Privilege Vulnerability | Important |
| Role: Windows Hyper-V | CVE-2022-34696 | Windows Hyper-V Remote Code Execution Vulnerability | Critical |
| Role: Windows Hyper-V | CVE-2022-35751 | Windows Hyper-V Elevation of Privilege Vulnerability | Important |
| System Center Operations Manager | CVE-2022-33640 | System Center Operations Manager: Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability | Important |
| Visual Studio | CVE-2022-35827 | Visual Studio Remote Code Execution Vulnerability | Important |
| Visual Studio | CVE-2022-35777 | Visual Studio Remote Code Execution Vulnerability | Important |
| Visual Studio | CVE-2022-35825 | Visual Studio Remote Code Execution Vulnerability | Important |
| Visual Studio | CVE-2022-35826 | Visual Studio Remote Code Execution Vulnerability | Important |
| Windows Bluetooth Service | CVE-2022-30144 | Windows Bluetooth Service Remote Code Execution Vulnerability | Important |
| Windows Canonical Display Driver | CVE-2022-35750 | Win32k Elevation of Privilege Vulnerability | Important |
| Windows Cloud Files Mini Filter Driver | CVE-2022-35757 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | Important |
| Windows Defender Credential Guard | CVE-2022-35771 | Windows Defender Credential Guard Elevation of Privilege Vulnerability | Important |
| Windows Defender Credential Guard | CVE-2022-34705 | Windows Defender Credential Guard Elevation of Privilege Vulnerability | Important |
| Windows Defender Credential Guard | CVE-2022-34710 | Windows Defender Credential Guard Information Disclosure Vulnerability | Important |
| Windows Defender Credential Guard | CVE-2022-34709 | Windows Defender Credential Guard Security Feature Bypass Vulnerability | Important |
| Windows Defender Credential Guard | CVE-2022-34704 | Windows Defender Credential Guard Information Disclosure Vulnerability | Important |
| Windows Defender Credential Guard | CVE-2022-34712 | Windows Defender Credential Guard Information Disclosure Vulnerability | Important |
| Windows Digital Media | CVE-2022-35746 | Windows Digital Media Receiver Elevation of Privilege Vulnerability | Important |
| Windows Digital Media | CVE-2022-35749 | Windows Digital Media Receiver Elevation of Privilege Vulnerability | Important |
| Windows Error Reporting | CVE-2022-35795 | Windows Error Reporting Service Elevation of Privilege Vulnerability | Important |
| Windows Hello | CVE-2022-35797 | Windows Hello Security Feature Bypass Vulnerability | Important |
| Windows Internet Information Services | CVE-2022-35748 | HTTP.sys Denial of Service Vulnerability | Important |
| Windows Kerberos | CVE-2022-35756 | Windows Kerberos Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2022-35761 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2022-35768 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2022-34708 | Windows Kernel Information Disclosure Vulnerability | Important |
| Windows Kernel | CVE-2022-34707 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2022-35804 | SMB Client and Server Remote Code Execution Vulnerability | Critical |
| Windows Kernel | CVE-2022-30197 | Windows Kernel Information Disclosure Vulnerability | Important |
| Windows Kernel | CVE-2022-35758 | Windows Kernel Memory Information Disclosure Vulnerability | Important |
| Windows Local Security Authority (LSA) | CVE-2022-34706 | Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability | Important |
| Windows Local Security Authority (LSA) | CVE-2022-35759 | Windows Local Security Authority (LSA) Denial of Service Vulnerability | Important |
| Windows Network File System | CVE-2022-34715 | Windows Network File System Remote Code Execution Vulnerability | Important |
| Windows Partition Management Driver | CVE-2022-33670 | Windows Partition Management Driver Elevation of Privilege Vulnerability | Important |
| Windows Partition Management Driver | CVE-2022-34703 | Windows Partition Management Driver Elevation of Privilege Vulnerability | Important |
| Windows Point-to-Point Tunneling Protocol | CVE-2022-30133 | Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability | Critical |
| Windows Point-to-Point Tunneling Protocol | CVE-2022-35747 | Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability | Important |
| Windows Point-to-Point Tunneling Protocol | CVE-2022-35744 | Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability | Critical |
| Windows Print Spooler Components | CVE-2022-35793 | Windows Print Spooler Elevation of Privilege Vulnerability | Important |
| Windows Print Spooler Components | CVE-2022-35755 | Windows Print Spooler Elevation of Privilege Vulnerability | Important |
| Windows Secure Boot | CVE-2022-34301 | CERT/CC: CVE-2022-34301 Eurosoft Boot Loader Bypass | Important |
| Windows Secure Boot | CVE-2022-34302 | CERT/CC: CVE-2022-34302 New Horizon Data Systems Inc Boot Loader Bypass | Important |
| Windows Secure Boot | CVE-2022-34303 | CERT/CC: CVE-20220-34303 Crypto Pro Boot Loader Bypass | Important |
| Windows Secure Socket Tunneling Protocol (SSTP) | CVE-2022-35745 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | Critical |
| Windows Secure Socket Tunneling Protocol (SSTP) | CVE-2022-35766 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | Critical |
| Windows Secure Socket Tunneling Protocol (SSTP) | CVE-2022-35794 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | Critical |
| Windows Secure Socket Tunneling Protocol (SSTP) | CVE-2022-34701 | Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability | Important |
| Windows Secure Socket Tunneling Protocol (SSTP) | CVE-2022-34714 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | Critical |
| Windows Secure Socket Tunneling Protocol (SSTP) | CVE-2022-34702 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | Critical |
| Windows Secure Socket Tunneling Protocol (SSTP) | CVE-2022-35767 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | Critical |
| Windows Storage Spaces Direct | CVE-2022-35762 | Storage Spaces Direct Elevation of Privilege Vulnerability | Important |
| Windows Storage Spaces Direct | CVE-2022-35765 | Storage Spaces Direct Elevation of Privilege Vulnerability | Important |
| Windows Storage Spaces Direct | CVE-2022-35792 | Storage Spaces Direct Elevation of Privilege Vulnerability | Important |
| Windows Storage Spaces Direct | CVE-2022-35763 | Storage Spaces Direct Elevation of Privilege Vulnerability | Important |
| Windows Storage Spaces Direct | CVE-2022-35764 | Storage Spaces Direct Elevation of Privilege Vulnerability | Important |
| Windows Unified Write Filter | CVE-2022-35754 | Unified Write Filter Elevation of Privilege Vulnerability | Important |
| Windows WebBrowser Control | CVE-2022-30194 | Windows WebBrowser Control Remote Code Execution Vulnerability | Important |
| Windows Win32K | CVE-2022-34699 | Windows Win32k Elevation of Privilege Vulnerability | Important |
