شرکت مایکروسافت در روز سهشنبه 10 ژانویه 2023 (20 دی ماه) اصلاحیههای امنیتی ماهانه خود را منتشر کرد. در این اصلاحیه یک آسیبپذیری روز صفر ویندوز که به طور فعال مورد سوء استفاده قرار گرفته و مجموعا 98 نقص نیز وصله شده است.
جزئیات آسیبپذیریهای ماه ژانویه
۱۱ مورد از ۹۸ آسیبپذیری وصله شده این ماه به عنوان «حیاتی» طبقهبندی میشوند، چرا که امکان اجرای کد از راه دور، ارتقا سطح دسترسی و دور زدن راهکارهای امنیتی را فراهم میکنند.
تعداد باگهای آسیبپذیریها به تفکیک به شرح زیر است:
- ۳۹ آسیبپذیری ارتقا سطح دسترسی
- ۴ آسیبپذیری عبور از راهکارهای امنیتی
- ۳۳ آسیبپذیری اجرای کد از راه دور
- ۱۰ آسیبپذیری افشای اطلاعات
- ۱۰ آسیبپذیری منع سرویس
- ۲ آسیبپذیری جعل
برای کسب اطلاعات بیشتر و دریافت و نصب وصلههای امنیتی ارائه شده ماه ژانویه، به سایت مایکروسافت مراجعه کنید.
آسیبپذیریهای روز صفر
در بهروزرسانیهای اصلاحیه امنیتی ماه ژانویه، یک آسیبپذیری روز صفر که به طور گسترده و فعال مورد سوء استفاده قرار گرفته بود وصله شد:
[CVE-2023-21674]
آسیبپذیری روز صفری که به طور فعال مورد سوء استفاده قرار گرفته در مؤلفه Windows Advanced Local Procedure Call (ALPC) و با نام CVE-2023-21674 (CVSS score: 8.8) شناسایی میشود که آسیبپذیری فرار Sandbox است و میتواند منجر به ارتقا سطح دسترسی شود. به گفته مایکروسافت، مهاجمی که با موفقیت از این آسیبپذیری سوء استفاده کند، دسترسی SYSTEM را به دست خواهد آورد.
[CVE-2023-21549]
مایکروسافت همچنین اعلام کرد آسیبپذیری با عنوان (CVSS score: 8.8) CVE-2023-21549 در Windows SMB Witness Service که از نوع افزایش سطح دسترسی میباشد به صورت عمومی افشا شده است.
توصیه میشود که در اسرع وقت وصلههای امنیتی منتشر شده را دانلود و نصب کنید.
جزئیات مرتبط با آسیبپذیریهای ارائه شده در جدول زیر قابل مشاهده است:
| عنوان | شناسه آسیبپذیری (CVE ID) | عنوان آسیبپذیری ( CVE title) | شدت |
|---|---|---|---|
| .NET Core | CVE-2023-21538 | .NET Denial of Service Vulnerability | Important |
| 3D Builder | CVE-2023-21782 | 3D Builder Remote Code Execution Vulnerability | Important |
| 3D Builder | CVE-2023-21781 | 3D Builder Remote Code Execution Vulnerability | Important |
| 3D Builder | CVE-2023-21783 | 3D Builder Remote Code Execution Vulnerability | Important |
| 3D Builder | CVE-2023-21784 | 3D Builder Remote Code Execution Vulnerability | Important |
| 3D Builder | CVE-2023-21791 | 3D Builder Remote Code Execution Vulnerability | Important |
| 3D Builder | CVE-2023-21793 | 3D Builder Remote Code Execution Vulnerability | Important |
| 3D Builder | CVE-2023-21786 | 3D Builder Remote Code Execution Vulnerability | Important |
| 3D Builder | CVE-2023-21790 | 3D Builder Remote Code Execution Vulnerability | Important |
| 3D Builder | CVE-2023-21780 | 3D Builder Remote Code Execution Vulnerability | Important |
| 3D Builder | CVE-2023-21792 | 3D Builder Remote Code Execution Vulnerability | Important |
| 3D Builder | CVE-2023-21789 | 3D Builder Remote Code Execution Vulnerability | Important |
| 3D Builder | CVE-2023-21785 | 3D Builder Remote Code Execution Vulnerability | Important |
| 3D Builder | CVE-2023-21787 | 3D Builder Remote Code Execution Vulnerability | Important |
| 3D Builder | CVE-2023-21788 | 3D Builder Remote Code Execution Vulnerability | Important |
| Azure Service Fabric Container | CVE-2023-21531 | Azure Service Fabric Container Elevation of Privilege Vulnerability | Important |
| Microsoft Bluetooth Driver | CVE-2023-21739 | Windows Bluetooth Driver Elevation of Privilege Vulnerability | Important |
| Microsoft Exchange Server | CVE-2023-21764 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Important |
| Microsoft Exchange Server | CVE-2023-21763 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Important |
| Microsoft Exchange Server | CVE-2023-21762 | Microsoft Exchange Server Spoofing Vulnerability | Important |
| Microsoft Exchange Server | CVE-2023-21761 | Microsoft Exchange Server Information Disclosure Vulnerability | Important |
| Microsoft Exchange Server | CVE-2023-21745 | Microsoft Exchange Server Spoofing Vulnerability | Important |
| Microsoft Graphics Component | CVE-2023-21680 | Windows Win32k Elevation of Privilege Vulnerability | Important |
| Microsoft Graphics Component | CVE-2023-21532 | Windows GDI Elevation of Privilege Vulnerability | Important |
| Microsoft Graphics Component | CVE-2023-21552 | Windows GDI Elevation of Privilege Vulnerability | Important |
| Microsoft Local Security Authority Server (lsasrv) | CVE-2023-21728 | Windows Netlogon Denial of Service Vulnerability | Important |
| Microsoft Message Queuing | CVE-2023-21537 | Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability | Important |
| Microsoft Office | CVE-2023-21734 | Microsoft Office Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2023-21735 | Microsoft Office Remote Code Execution Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2023-21742 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2023-21743 | Microsoft SharePoint Server Security Feature Bypass Vulnerability | Critical |
| Microsoft Office SharePoint | CVE-2023-21744 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
| Microsoft Office Visio | CVE-2023-21741 | Microsoft Office Visio Information Disclosure Vulnerability | Important |
| Microsoft Office Visio | CVE-2023-21736 | Microsoft Office Visio Remote Code Execution Vulnerability | Important |
| Microsoft Office Visio | CVE-2023-21737 | Microsoft Office Visio Remote Code Execution Vulnerability | Important |
| Microsoft Office Visio | CVE-2023-21738 | Microsoft Office Visio Remote Code Execution Vulnerability | Important |
| Microsoft WDAC OLE DB provider for SQL | CVE-2023-21681 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
| Visual Studio Code | CVE-2023-21779 | Visual Studio Code Remote Code Execution | Important |
| Windows ALPC | CVE-2023-21674 | Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability | Important |
| Windows Ancillary Function Driver for WinSock | CVE-2023-21768 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important |
| Windows Authentication Methods | CVE-2023-21539 | Windows Authentication Remote Code Execution Vulnerability | Important |
| Windows Backup Engine | CVE-2023-21752 | Windows Backup Service Elevation of Privilege Vulnerability | Important |
| Windows Bind Filter Driver | CVE-2023-21733 | Windows Bind Filter Driver Elevation of Privilege Vulnerability | Important |
| Windows BitLocker | CVE-2023-21563 | BitLocker Security Feature Bypass Vulnerability | Important |
| Windows Boot Manager | CVE-2023-21560 | Windows Boot Manager Security Feature Bypass Vulnerability | Important |
| Windows Credential Manager | CVE-2023-21726 | Windows Credential Manager User Interface Elevation of Privilege Vulnerability | Important |
| Windows Cryptographic Services | CVE-2023-21559 | Windows Cryptographic Information Disclosure Vulnerability | Important |
| Windows Cryptographic Services | CVE-2023-21551 | Microsoft Cryptographic Services Elevation of Privilege Vulnerability | Critical |
| Windows Cryptographic Services | CVE-2023-21561 | Microsoft Cryptographic Services Elevation of Privilege Vulnerability | Critical |
| Windows Cryptographic Services | CVE-2023-21540 | Windows Cryptographic Information Disclosure Vulnerability | Important |
| Windows Cryptographic Services | CVE-2023-21730 | Microsoft Cryptographic Services Elevation of Privilege Vulnerability | Critical |
| Windows Cryptographic Services | CVE-2023-21550 | Windows Cryptographic Information Disclosure Vulnerability | Important |
| Windows DWM Core Library | CVE-2023-21724 | Microsoft DWM Core Library Elevation of Privilege Vulnerability | Important |
| Windows Error Reporting | CVE-2023-21558 | Windows Error Reporting Service Elevation of Privilege Vulnerability | Important |
| Windows Event Tracing | CVE-2023-21536 | Event Tracing for Windows Information Disclosure Vulnerability | Important |
| Windows IKE Extension | CVE-2023-21758 | Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | Important |
| Windows IKE Extension | CVE-2023-21683 | Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | Important |
| Windows IKE Extension | CVE-2023-21677 | Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | Important |
| Windows Installer | CVE-2023-21542 | Windows Installer Elevation of Privilege Vulnerability | Important |
| Windows Internet Key Exchange (IKE) Protocol | CVE-2023-21547 | Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability | Important |
| Windows iSCSI | CVE-2023-21527 | Windows iSCSI Service Denial of Service Vulnerability | Important |
| Windows Kernel | CVE-2023-21755 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2023-21753 | Event Tracing for Windows Information Disclosure Vulnerability | Important |
| Windows Layer 2 Tunneling Protocol | CVE-2023-21556 | Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability | Critical |
| Windows Layer 2 Tunneling Protocol | CVE-2023-21555 | Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability | Critical |
| Windows Layer 2 Tunneling Protocol | CVE-2023-21543 | Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability | Critical |
| Windows Layer 2 Tunneling Protocol | CVE-2023-21546 | Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability | Critical |
| Windows Layer 2 Tunneling Protocol | CVE-2023-21679 | Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability | Critical |
| Windows LDAP – Lightweight Directory Access Protocol | CVE-2023-21676 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | Important |
| Windows LDAP – Lightweight Directory Access Protocol | CVE-2023-21557 | Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability | Important |
| Windows Local Security Authority (LSA) | CVE-2023-21524 | Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability | Important |
| Windows Local Session Manager (LSM) | CVE-2023-21771 | Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability | Important |
| Windows Malicious Software Removal Tool | CVE-2023-21725 | Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability | Important |
| Windows Management Instrumentation | CVE-2023-21754 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows NTLM | CVE-2023-21746 | Windows NTLM Elevation of Privilege Vulnerability | Important |
| Windows ODBC Driver | CVE-2023-21732 | Microsoft ODBC Driver Remote Code Execution Vulnerability | Important |
| Windows Overlay Filter | CVE-2023-21766 | Windows Overlay Filter Information Disclosure Vulnerability | Important |
| Windows Overlay Filter | CVE-2023-21767 | Windows Overlay Filter Elevation of Privilege Vulnerability | Important |
| Windows Point-to-Point Tunneling Protocol | CVE-2023-21682 | Windows Point-to-Point Protocol (PPP) Information Disclosure Vulnerability | Important |
| Windows Print Spooler Components | CVE-2023-21760 | Windows Print Spooler Elevation of Privilege Vulnerability | Important |
| Windows Print Spooler Components | CVE-2023-21765 | Windows Print Spooler Elevation of Privilege Vulnerability | Important |
| Windows Print Spooler Components | CVE-2023-21678 | Windows Print Spooler Elevation of Privilege Vulnerability | Important |
| Windows Remote Access Service L2TP Driver | CVE-2023-21757 | Windows Layer 2 Tunneling Protocol (L2TP) Denial of Service Vulnerability | Important |
| Windows RPC API | CVE-2023-21525 | Remote Procedure Call Runtime Denial of Service Vulnerability | Important |
| Windows Secure Socket Tunneling Protocol (SSTP) | CVE-2023-21548 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | Critical |
| Windows Secure Socket Tunneling Protocol (SSTP) | CVE-2023-21535 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | Critical |
| Windows Smart Card | CVE-2023-21759 | Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability | Important |
| Windows Task Scheduler | CVE-2023-21541 | Windows Task Scheduler Elevation of Privilege Vulnerability | Important |
| Windows Virtual Registry Provider | CVE-2023-21772 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Virtual Registry Provider | CVE-2023-21748 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Virtual Registry Provider | CVE-2023-21773 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Virtual Registry Provider | CVE-2023-21747 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Virtual Registry Provider | CVE-2023-21776 | Windows Kernel Information Disclosure Vulnerability | Important |
| Windows Virtual Registry Provider | CVE-2023-21774 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Virtual Registry Provider | CVE-2023-21750 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Virtual Registry Provider | CVE-2023-21675 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Virtual Registry Provider | CVE-2023-21749 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Workstation Service | CVE-2023-21549 | Windows SMB Witness Service Elevation of Privilege Vulnerability | Important |
