شرکت مایکروسافت در روز سهشنبه ۱۱ آوریل ۲۰۲۳ (۲۳ فروردین ماه ۱۴۰۱)، اصلاحیههای امنیتی ماهانه خود را منتشر کرد. در این اصلاحیه یک مورد آسیبپذیری روز صفر ویندوز که به طور فعال مورد سوء استفاده قرار گرفته است و در مجموع ۹۷ نقص، وصله شدند.
جزئیات آسیبپذیریهای ماه آوریل
۷ مورد از آسیبپذیریهای وصله شده این ماه به عنوان «حیاتی» طبقهبندی میشوند، چرا که جدیترین آسیبپذیری یعنی امکان اجرای کد از راه دور را در دستگاههای آسیبپذیر فراهم میسازند. تعداد هر یک از این آسیبپذیریها به تفکیک به شرح زیر میباشد:
- ۲۰ مورد آسیبپذیری افزایش سطح دسترسی
- ۸ مورد آسیبپذیری عبور از راهکارهای امنیتی
- ۴۵ مورد آسیبپذیری اجرای کد از راه دور
- ۱۰ مورد آسیبپذیری افشای اطلاعات
- ۹ مورد آسیبپذیری منع سرویس
- ۶ مورد آسیبپذیری جعل
این تعداد، ۱۷ آسیبپذیری مایکروسافت Edge که قبلا در ۶ آوریل برطرف شدهاند را شامل نمیشود.
آسیبپذیریهای روز صفر
مایکروسافت زمانی یک آسیبپذیری را به عنوان روز صفر طبقهبندی میکند، که به صورت عمومی افشا شود یا به طور فعال مورد سوءاستفاده قرار گیرد و هیچگونه وصله رسمی در دسترس نباشد. در مجموعه اصلاحیههای امنیتی این ماه، ۱ آسیبپذیری روز صفر که به طور فعال در حملات مورد سوء استفاده قرار گرفته، برطرف شده است:
[CVE-2023-28252]
آسیبپذیری روز صفر با شناسه CVE-2023-28252 و با امتیاز (CVSS:3.1 7.8 / 7.2)که نقص افزایش سطح دسترسی در Windows Common Log File System Driver ( درایور ویندوز CLFS) میباشد، برطرف شده است. بنابر گفته مایکروسافت مهاجمی که موفق به سوء استفاده از این آسیبپذیری شود، بالاترین سطح دسترسی در ویندوز یعنی دسترسی SYSTEM را به دست میآورد. گفتنی است که Kaspersky نیز آسیبپذیری مذکور را که در حملات باجافزار Nokoyawa مورد سوء استفاده قرار گرفته، پس از مشاهده به مایکروسافت گزارش داده بود.
علاوه بر این، آسیبپذیریهای اجرای کد از راه دور مایکروسافت آفیس، Word و Publisher که به طور فعال مورد سوء استفاده قرار نمیگرفتند اما به سادگی با باز کردن اسناد مخرب قابل سوء استفاده هستند، نیز برطرف شدهاند. این آسیبپذیریها با عناوین CVE-2023-28285، CVE-2023-28295، CVE-2023-28287 و CVE-2023-28311 شناسایی میشوند. با توجه به ارزشمند بودن این نوع آسیبپذیریها در کمپینهای فیشینگ، احتمالاً عوامل تهدید در حال تلاش برای کشف چگونگی استفاده از آنها در کمپینهای توزیع بدافزار میباشند.
در جدول زیر اطلاعات مرتبط با آسیبپذیریهای ماه آوریل مایکروسافت ارائه شده است:
| عنوان | شناسه آسیبپذیری (CVE ID) | عنوان آسیبپذیری ( CVE title) | شدت |
|---|---|---|---|
| .NET Core | CVE-2023-28260 | .NET DLL Hijacking Remote Code Execution Vulnerability | Important |
| Azure Machine Learning | CVE-2023-28312 | Azure Machine Learning Information Disclosure Vulnerability | Important |
| Azure Service Connector | CVE-2023-28300 | Azure Service Connector Security Feature Bypass Vulnerability | Important |
| Microsoft Bluetooth Driver | CVE-2023-28227 | Windows Bluetooth Driver Remote Code Execution Vulnerability | Important |
| Microsoft Defender for Endpoint | CVE-2023-24860 | Microsoft Defender Denial of Service Vulnerability | Important |
| Microsoft Dynamics | CVE-2023-28314 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important |
| Microsoft Dynamics | CVE-2023-28309 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important |
| Microsoft Dynamics 365 Customer Voice | CVE-2023-28313 | Microsoft Dynamics 365 Customer Voice Cross-Site Scripting Vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2023-28284 | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | Moderate |
| Microsoft Edge (Chromium-based) | CVE-2023-1823 | Chromium: CVE-2023-1823 Inappropriate implementation in FedCM | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-28301 | Microsoft Edge (Chromium-based) Tampering Vulnerability | Low |
| Microsoft Edge (Chromium-based) | CVE-2023-1810 | Chromium: CVE-2023-1810 Heap buffer overflow in Visuals | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-24935 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | Low |
| Microsoft Edge (Chromium-based) | CVE-2023-1819 | Chromium: CVE-2023-1819 Out of bounds read in Accessibility | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-1818 | Chromium: CVE-2023-1818 Use after free in Vulkan | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-1814 | Chromium: CVE-2023-1814 Insufficient validation of untrusted input in Safe Browsing | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-1821 | Chromium: CVE-2023-1821 Inappropriate implementation in WebShare | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-1811 | Chromium: CVE-2023-1811 Use after free in Frames | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-1820 | Chromium: CVE-2023-1820 Heap buffer overflow in Browser History | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-1816 | Chromium: CVE-2023-1816 Incorrect security UI in Picture In Picture | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-1815 | Chromium: CVE-2023-1815 Use after free in Networking APIs | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-1822 | Chromium: CVE-2023-1822 Incorrect security UI in Navigation | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-1813 | Chromium: CVE-2023-1813 Inappropriate implementation in Extensions | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-1812 | Chromium: CVE-2023-1812 Out of bounds memory access in DOM Bindings | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-1817 | Chromium: CVE-2023-1817 Insufficient policy enforcement in Intents | Unknown |
| Microsoft Graphics Component | CVE-2023-24912 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
| Microsoft Message Queuing | CVE-2023-21769 | Microsoft Message Queuing Denial of Service Vulnerability | Important |
| Microsoft Message Queuing | CVE-2023-21554 | Microsoft Message Queuing Remote Code Execution Vulnerability | Critical |
| Microsoft Office | CVE-2023-28285 | Microsoft Office Graphics Remote Code Execution Vulnerability | Important |
| Microsoft Office Publisher | CVE-2023-28295 | Microsoft Publisher Remote Code Execution Vulnerability | Important |
| Microsoft Office Publisher | CVE-2023-28287 | Microsoft Publisher Remote Code Execution Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2023-28288 | Microsoft SharePoint Server Spoofing Vulnerability | Important |
| Microsoft Office Word | CVE-2023-28311 | Microsoft Word Remote Code Execution Vulnerability | Important |
| Microsoft PostScript Printer Driver | CVE-2023-28243 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
| Microsoft Printer Drivers | CVE-2023-24883 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Important |
| Microsoft Printer Drivers | CVE-2023-24927 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
| Microsoft Printer Drivers | CVE-2023-24925 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
| Microsoft Printer Drivers | CVE-2023-24924 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
| Microsoft Printer Drivers | CVE-2023-24885 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
| Microsoft Printer Drivers | CVE-2023-24928 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
| Microsoft Printer Drivers | CVE-2023-24884 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
| Microsoft Printer Drivers | CVE-2023-24926 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
| Microsoft Printer Drivers | CVE-2023-24929 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
| Microsoft Printer Drivers | CVE-2023-24887 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
| Microsoft Printer Drivers | CVE-2023-24886 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
| Microsoft WDAC OLE DB provider for SQL | CVE-2023-28275 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
| Microsoft Windows DNS | CVE-2023-28256 | Windows DNS Server Remote Code Execution Vulnerability | Important |
| Microsoft Windows DNS | CVE-2023-28278 | Windows DNS Server Remote Code Execution Vulnerability | Important |
| Microsoft Windows DNS | CVE-2023-28307 | Windows DNS Server Remote Code Execution Vulnerability | Important |
| Microsoft Windows DNS | CVE-2023-28306 | Windows DNS Server Remote Code Execution Vulnerability | Important |
| Microsoft Windows DNS | CVE-2023-28223 | Windows Domain Name Service Remote Code Execution Vulnerability | Important |
| Microsoft Windows DNS | CVE-2023-28254 | Windows DNS Server Remote Code Execution Vulnerability | Important |
| Microsoft Windows DNS | CVE-2023-28305 | Windows DNS Server Remote Code Execution Vulnerability | Important |
| Microsoft Windows DNS | CVE-2023-28308 | Windows DNS Server Remote Code Execution Vulnerability | Important |
| Microsoft Windows DNS | CVE-2023-28255 | Windows DNS Server Remote Code Execution Vulnerability | Important |
| Microsoft Windows DNS | CVE-2023-28277 | Windows DNS Server Information Disclosure Vulnerability | Important |
| SQL Server | CVE-2023-23384 | Microsoft SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2023-23375 | Microsoft ODBC and OLE DB Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2023-28304 | Microsoft ODBC and OLE DB Remote Code Execution Vulnerability | Important |
| Visual Studio | CVE-2023-28299 | Visual Studio Spoofing Vulnerability | Important |
| Visual Studio | CVE-2023-28262 | Visual Studio Elevation of Privilege Vulnerability | Important |
| Visual Studio | CVE-2023-28263 | Visual Studio Information Disclosure Vulnerability | Important |
| Visual Studio | CVE-2023-28296 | Visual Studio Remote Code Execution Vulnerability | Important |
| Visual Studio Code | CVE-2023-24893 | Visual Studio Code Remote Code Execution Vulnerability | Important |
| Windows Active Directory | CVE-2023-28302 | Microsoft Message Queuing Denial of Service Vulnerability | Important |
| Windows ALPC | CVE-2023-28236 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows ALPC | CVE-2023-28216 | Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability | Important |
| Windows Ancillary Function Driver for WinSock | CVE-2023-28218 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important |
| Windows Boot Manager | CVE-2023-28269 | Windows Boot Manager Security Feature Bypass Vulnerability | Important |
| Windows Boot Manager | CVE-2023-28249 | Windows Boot Manager Security Feature Bypass Vulnerability | Important |
| Windows Clip Service | CVE-2023-28273 | Windows Clip Service Elevation of Privilege Vulnerability | Important |
| Windows CNG Key Isolation Service | CVE-2023-28229 | Windows CNG Key Isolation Service Elevation of Privilege Vulnerability | Important |
| Windows Common Log File System Driver | CVE-2023-28266 | Windows Common Log File System Driver Information Disclosure Vulnerability | Important |
| Windows Common Log File System Driver | CVE-2023-28252 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important |
| Windows DHCP Server | CVE-2023-28231 | DHCP Server Service Remote Code Execution Vulnerability | Critical |
| Windows Enroll Engine | CVE-2023-28226 | Windows Enroll Engine Security Feature Bypass Vulnerability | Important |
| Windows Error Reporting | CVE-2023-28221 | Windows Error Reporting Service Elevation of Privilege Vulnerability | Important |
| Windows Group Policy | CVE-2023-28276 | Windows Group Policy Security Feature Bypass Vulnerability | Important |
| Windows Internet Key Exchange (IKE) Protocol | CVE-2023-28238 | Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability | Important |
| Windows Kerberos | CVE-2023-28244 | Windows Kerberos Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2023-28271 | Windows Kernel Memory Information Disclosure Vulnerability | Important |
| Windows Kernel | CVE-2023-28248 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2023-28222 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2023-28272 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2023-28293 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2023-28253 | Windows Kernel Information Disclosure Vulnerability | Important |
| Windows Kernel | CVE-2023-28237 | Windows Kernel Remote Code Execution Vulnerability | Important |
| Windows Kernel | CVE-2023-28298 | Windows Kernel Denial of Service Vulnerability | Important |
| Windows Layer 2 Tunneling Protocol | CVE-2023-28219 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | Critical |
| Windows Layer 2 Tunneling Protocol | CVE-2023-28220 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | Critical |
| Windows Lock Screen | CVE-2023-28270 | Windows Lock Screen Security Feature Bypass Vulnerability | Important |
| Windows Lock Screen | CVE-2023-28235 | Windows Lock Screen Security Feature Bypass Vulnerability | Important |
| Windows Netlogon | CVE-2023-28268 | Netlogon RPC Elevation of Privilege Vulnerability | Important |
| Windows Network Address Translation (NAT) | CVE-2023-28217 | Windows Network Address Translation (NAT) Denial of Service Vulnerability | Important |
| Windows Network File System | CVE-2023-28247 | Windows Network File System Information Disclosure Vulnerability | Important |
| Windows Network Load Balancing | CVE-2023-28240 | Windows Network Load Balancing Remote Code Execution Vulnerability | Important |
| Windows NTLM | CVE-2023-28225 | Windows NTLM Elevation of Privilege Vulnerability | Important |
| Windows PGM | CVE-2023-28250 | Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | Critical |
| Windows Point-to-Point Protocol over Ethernet (PPPoE) | CVE-2023-28224 | Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability | Important |
| Windows Point-to-Point Tunneling Protocol | CVE-2023-28232 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | Critical |
| Windows Raw Image Extension | CVE-2023-28291 | Raw Image Extension Remote Code Execution Vulnerability | Critical |
| Windows Raw Image Extension | CVE-2023-28292 | Raw Image Extension Remote Code Execution Vulnerability | Important |
| Windows RDP Client | CVE-2023-28228 | Windows Spoofing Vulnerability | Important |
| Windows RDP Client | CVE-2023-28267 | Remote Desktop Protocol Client Information Disclosure Vulnerability | Important |
| Windows Registry | CVE-2023-28246 | Windows Registry Elevation of Privilege Vulnerability | Important |
| Windows RPC API | CVE-2023-21729 | Remote Procedure Call Runtime Information Disclosure Vulnerability | Important |
| Windows RPC API | CVE-2023-21727 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important |
| Windows RPC API | CVE-2023-28297 | Windows Remote Procedure Call Service (RPCSS) Elevation of Privilege Vulnerability | Important |
| Windows Secure Channel | CVE-2023-24931 | Windows Secure Channel Denial of Service Vulnerability | Important |
| Windows Secure Channel | CVE-2023-28233 | Windows Secure Channel Denial of Service Vulnerability | Important |
| Windows Secure Socket Tunneling Protocol (SSTP) | CVE-2023-28241 | Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability | Important |
| Windows Transport Security Layer (TLS) | CVE-2023-28234 | Windows Secure Channel Denial of Service Vulnerability | Important |
| Windows Win32K | CVE-2023-28274 | Windows Win32k Elevation of Privilege Vulnerability | Important |
| Windows Win32K | CVE-2023-24914 | Win32k Elevation of Privilege Vulnerability | Important |
