در روز سه شنبه ۱۹ بهمن ماه، شرکت مایکروسافت اصلاحیههای امنیتی ماهانه خود را برای ماه میلادی فوریه منتشر کرد. اصلاحیههای منتشر شده ۱ آسیب پذیری روز صفر و در مجموع ۴۸ آسیب پذیری را رفع میکنند.
بر خلاف اصلاحیه ماه ژانویه که ۹ آسیبپذیری «حیاتی» را ترمیم میکرد، این ماه بدون هیچ مورد حیاتی منتشر شد. تعداد هر یک از این آسیبپذیریها به تفکیک بر اساس فهرست زیر میباشد:
- ۱۶ آسیبپذیری از نوع افزایش دسترسی
- ۳ آسیبپذیری از نوع عبور از تجهیزات امنیتی
- ۱۶ آسیبپذیری از نوع اجرای کد از راه دور
- ۵ آسیبپذیری از نوع افشای اطلاعات
- ۳ آسیبپذیری از نوع جعل
- ۲۲ آسیبپذیری Edge-Chromium
برای کسب اطلاعات بیشتر و دریافت و نصب وصلههای امنیتی ارائه شده به سایت مایکروسافت مراجعه نمایید.
آسیبپذیری روز صفر
تنها آسیبپذیری روز صفر وصله شده در این ماه، با شناسه CVE-2022-21989 شناسایی میشود. این نقص که دارای درجه خطر 7.8 CVSS است، میتواند برای افزایش دسترسی از طریق هسته (Kernel) مورد سوء استفاده قرار گیرد. به گفته مایکروسافت، بهرهبرداری موفقیت آمیز از این آسیبپذیری مستلزم آن است که مهاجم اقدامات بیشتری را قبل از بهرهبرداری انجام دهد تا محیط هدف را آماده کند. در نتیجه، درجه خطر بحرانی برای این نقص در نظر گرفته نشده است.
برخی دیگر از آسیب پذیریهای مورد توجه در این بهروزرسانی عبارتند از:
- CVE-2022-21984 (CVSS 8.8): آسیب پذیری اجرای کد از راه دور DNS Server ویندوز
- CVE-2022-22005 (CVSS 8.8): آسیب پذیری اجرای کد از راه دور Microsoft SharePoint Server
- CVE-2022-23256 (CVSS 8.1): آسیب پذیری جعل اطلاعات Azure Data Explorer
- CVE-2022-23274 (CVSS 8.3): آسیب پذیری اجرای کد از راه دور Microsoft Dynamics GP
در جدول زیر میتوانید اطلاعات کامل مرتبط با آسیبپذیریهای ارائه شده را مشاهده نمایید:
| عنوان | شناسه آسیب پذیری (CVE ID) | عنوان آسیب پذیری ( CVE title) | شدت |
|---|---|---|---|
| Azure Data Explorer | CVE-2022-23256 | Azure Data Explorer Spoofing Vulnerability | Important |
| Kestrel Web Server | CVE-2022-21986 | .NET Denial of Service Vulnerability | Important |
| Microsoft Dynamics | CVE-2022-21957 | Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability | Important |
| Microsoft Dynamics GP | CVE-2022-23272 | Microsoft Dynamics GP Elevation Of Privilege Vulnerability | Important |
| Microsoft Dynamics GP | CVE-2022-23271 | Microsoft Dynamics GP Elevation Of Privilege Vulnerability | Important |
| Microsoft Dynamics GP | CVE-2022-23273 | Microsoft Dynamics GP Elevation Of Privilege Vulnerability | Important |
| Microsoft Dynamics GP | CVE-2022-23274 | Microsoft Dynamics GP Remote Code Execution Vulnerability | Important |
| Microsoft Dynamics GP | CVE-2022-23269 | Microsoft Dynamics GP Spoofing Vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2022-0469 | Chromium: CVE-2022-0469 Use after free in Cast | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2022-0467 | Chromium: CVE-2022-0467 Inappropriate implementation in Pointer Lock | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2022-23261 | Microsoft Edge (Chromium-based) Tampering Vulnerability | Moderate |
| Microsoft Edge (Chromium-based) | CVE-2022-0453 | Chromium: CVE-2022-0453 Use after free in Reader Mode | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2022-23262 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2022-0468 | Chromium: CVE-2022-0468 Use after free in Payments | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2022-0452 | Chromium: CVE-2022-0452 Use after free in Safe Browsing | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2022-23263 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2022-0462 | Chromium: CVE-2022-0462 Inappropriate implementation in Scroll | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2022-0461 | Chromium: CVE-2022-0461 Policy bypass in COOP | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2022-0460 | Chromium: CVE-2022-0460 Use after free in Window Dialog | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2022-0465 | Chromium: CVE-2022-0465 Use after free in Extensions | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2022-0464 | Chromium: CVE-2022-0464 Use after free in Accessibility | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2022-0463 | Chromium: CVE-2022-0463 Use after free in Accessibility | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2022-0459 | Chromium: CVE-2022-0459 Use after free in Screen Capture | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2022-0455 | Chromium: CVE-2022-0455 Inappropriate implementation in Full-Screen Mode | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2022-0454 | Chromium: CVE-2022-0454 Heap buffer overflow in ANGLE | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2022-0466 | Chromium: CVE-2022-0466 Inappropriate implementation in Extensions Platform | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2022-0458 | Chromium: CVE-2022-0458 Use after free in Thumbnail Tab Strip | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2022-0457 | Chromium: CVE-2022-0457 Type Confusion in V8 | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2022-0456 | Chromium: CVE-2022-0456 Use after free in Web Search | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2022-0470 | Chromium: CVE-2022-0470 Out of bounds memory access in V8 | Unknown |
| Microsoft Office | CVE-2022-22004 | Microsoft Office ClickToRun Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2022-22003 | Microsoft Office Graphics Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2022-23252 | Microsoft Office Information Disclosure Vulnerability | Important |
| Microsoft Office Excel | CVE-2022-22716 | Microsoft Excel Information Disclosure Vulnerability | Important |
| Microsoft Office Outlook | CVE-2022-23280 | Microsoft Outlook for Mac Security Feature Bypass Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2022-21987 | Microsoft SharePoint Server Spoofing Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2022-21968 | Microsoft SharePoint Server Security Feature BypassVulnerability | Important |
| Microsoft Office SharePoint | CVE-2022-22005 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
| Microsoft Office Visio | CVE-2022-21988 | Microsoft Office Visio Remote Code Execution Vulnerability | Important |
| Microsoft OneDrive | CVE-2022-23255 | Microsoft OneDrive for Android Security Feature Bypass Vulnerability | Important |
| Microsoft Teams | CVE-2022-21965 | Microsoft Teams Denial of Service Vulnerability | Important |
| Microsoft Windows Codecs Library | CVE-2022-21844 | HEVC Video Extensions Remote Code Execution Vulnerability | Important |
| Microsoft Windows Codecs Library | CVE-2022-21927 | HEVC Video Extensions Remote Code Execution Vulnerability | Important |
| Microsoft Windows Codecs Library | CVE-2022-21926 | HEVC Video Extensions Remote Code Execution Vulnerability | Important |
| Microsoft Windows Codecs Library | CVE-2022-22709 | VP9 Video Extensions Remote Code Execution Vulnerability | Important |
| Power BI | CVE-2022-23254 | Microsoft Power BI Elevation of Privilege Vulnerability | Important |
| Roaming Security Rights Management Services | CVE-2022-21974 | Roaming Security Rights Management Services Remote Code Execution Vulnerability | Important |
| Role: DNS Server | CVE-2022-21984 | Windows DNS Server Remote Code Execution Vulnerability | Important |
| Role: Windows Hyper-V | CVE-2022-21995 | Windows Hyper-V Remote Code Execution Vulnerability | Important |
| Role: Windows Hyper-V | CVE-2022-22712 | Windows Hyper-V Denial of Service Vulnerability | Important |
| SQL Server | CVE-2022-23276 | SQL Server for Linux Containers Elevation of Privilege Vulnerability | Important |
| Visual Studio Code | CVE-2022-21991 | Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability | Important |
| Windows Common Log File System Driver | CVE-2022-22000 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important |
| Windows Common Log File System Driver | CVE-2022-22710 | Windows Common Log File System Driver Denial of Service Vulnerability | Important |
| Windows Common Log File System Driver | CVE-2022-21981 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important |
| Windows Common Log File System Driver | CVE-2022-21998 | Windows Common Log File System Driver Information Disclosure Vulnerability | Important |
| Windows DWM Core Library | CVE-2022-21994 | Windows DWM Core Library Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2022-21989 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2022-21992 | Windows Mobile Device Management Remote Code Execution Vulnerability | Important |
| Windows Kernel-Mode Drivers | CVE-2022-21993 | Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability | Important |
| Windows Named Pipe File System | CVE-2022-22715 | Named Pipe File System Elevation of Privilege Vulnerability | Important |
| Windows Print Spooler Components | CVE-2022-22718 | Windows Print Spooler Elevation of Privilege Vulnerability | Important |
| Windows Print Spooler Components | CVE-2022-22717 | Windows Print Spooler Elevation of Privilege Vulnerability | Important |
| Windows Print Spooler Components | CVE-2022-21999 | Windows Print Spooler Elevation of Privilege Vulnerability | Important |
| Windows Print Spooler Components | CVE-2022-21997 | Windows Print Spooler Elevation of Privilege Vulnerability | Important |
| Windows Remote Access Connection Manager | CVE-2022-21985 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | Important |
| Windows Remote Access Connection Manager | CVE-2022-22001 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | Important |
| Windows Remote Procedure Call Runtime | CVE-2022-21971 | Windows Runtime Remote Code Execution Vulnerability | Important |
| Windows User Account Profile | CVE-2022-22002 | Windows User Account Profile Picture Denial of Service Vulnerability | Important |
| Windows Win32K | CVE-2022-21996 | Win32k Elevation of Privilege Vulnerability | Important |
