شرکت مایکروسافت در روز سهشنبه ۹ آوریل ۲۰۲۴ ( ۲۱ فروردین ماه ۱۴۰۳) اصلاحیههای امنیتی ماهانه خود را منتشر کرد. این اصلاحیه شامل به روزرسانیهای امنیتی برای ۱۵۰ نقص و ۶۷ باگ اجرای کد از راه دور (RCE) است.
جزئیات آسیبپذیری
وصله سهشنبه ماه آوریل، تنها سه آسیبپذیری حیاتی و بیش از ۶۷ باگ اجرای کد از راه دور را برطرف میکند. بیش از نیمی از این نقصهای RCE در درایورهای SQL مایکروسافت یافت میشود که احتمالاً یک نقص مشترک دارند. افزون بر این برای ۲۶ نقص دور زدن Secure Boot از جمله دو مورد از Lenovo که در این ماه منتشر شد، وصلههایی ارائه شده است.
تعداد باگها در هر رده از آسیبپذیریها به تفکیک به شرح زیر است:
۳۱ آسیبپذیری ارتقا سطح دسترسی
۲۹ آسیبپذیری عبور از راهکارهای امنیتی
۶۷ آسیبپذیری اجرای کد از راه دور
۱۳ آسیبپذیری افشای اطلاعات
۷ آسیبپذیری منع سرویس
۳ آسیبپذیری جعل
📌 تعداد کل ۱۵۰ نقص شامل ۵ نقص مایکروسافت Edge رفع شده در ۴ آوریل و ۲ نقص Mariner نمیشود. (Mariner یک توزیع لینوکس منبع باز است که توسط مایکروسافت برای خدمات Microsoft Azure توسعه یافته است.)
جهت کسب اطلاعات بیشتر و دریافت و نصب وصلههای امنیتی ماه آوریل، به سایت مایکروسافت مراجعه کنید.
آسیبپذیریهای روز صفر
اصلاحیههای امنیتی آوریل، دو آسیبپذیری روز صفر را که به طور فعال در حملات بدافزار مورد سوءاستفاده قرار میگرفت، برطرف کرد. مایکروسافت در ابتدا نتوانست روزهای صفر را با عنوان “مورد بهرهبرداری فعال” علامتگذاری کند، اما Sophos و Trend Micro اطلاعاتی را در مورد نحوه استفاده فعالانه از آنها در حملات به اشتراک گذاشتند. دو آسیبپذیری روز صفر به شرح زیر میباشد:
[CVE-2024-26234]
آسیبپذیری جعل Proxy Driver با شناسه CVE-2024-26234 و امتیاز 6.7 : اولین نقص روز صفری که توسط مایکروسافت در پچ آوریل برطرف شده، بنابر گزارش Sophos به یک درایور مخرب با امضای گواهی معتبر Microsoft Hardware Publisher مرتبط است. این درایور به منظور استقرار دربپشتی که قبلا توسط Stairwell فاش شده بود، استفاده شده است.
[CVE-2024-29988]
آسیبپذیری عبور از راهکارهای امنیتی SmartScreen Prompt با شناسه CVE-2024-29988 و امتیاز 8.8: این نقص امنیتی دور زدن یا عبور از وصله برای آسیبپذیری CVE-2024-21412 (همچنین دور زدن وصله برای CVE-2023-36025) است که به پیوستها اجازه میدهد هنگام باز شدن فایل، درخواستهای Microsoft Defender Smartscreen prompt را دور بزنند.
این آسیبپذیری توسط گروه هکری Water Hydra با انگیزه مالی به منظور هدف قرار دادن انجمنهای معاملات forex و کانالهای تلگرامی معاملات سهام در حملات spearphishing استفاده شد که تروجان دسترسی از راه دور DarkMe (RAT) را به کار برد. گفتنی است که مایکروسافت CVEها را به این دو نقص اختصاص نداده است و آنها بدون جدول زمانی برای رفع به بک لاگ وصله اضافه شدهاند.
جزئیات مربوط به آسیبپذیریهای ارائه شده در جدول زیر قابل مشاهده است:
| عنوان | شناسه آسیبپذیری (CVE ID) | عنوان آسیبپذیری ( CVE title) | شدت |
|---|---|---|---|
| .NET and Visual Studio | CVE-2024-21409 | .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability | Important |
| Azure | CVE-2024-29993 | Azure CycleCloud Elevation of Privilege Vulnerability | Important |
| Azure AI Search | CVE-2024-29063 | Azure AI Search Information Disclosure Vulnerability | Important |
| Azure Arc | CVE-2024-28917 | Azure Arc-enabled Kubernetes Extension Cluster-Scope Elevation of Privilege Vulnerability | Important |
| Azure Compute Gallery | CVE-2024-21424 | Azure Compute Gallery Elevation of Privilege Vulnerability | Important |
| Azure Migrate | CVE-2024-26193 | Azure Migrate Remote Code Execution Vulnerability | Important |
| Azure Monitor | CVE-2024-29989 | Azure Monitor Agent Elevation of Privilege Vulnerability | Important |
| Azure Private 5G Core | CVE-2024-20685 | Azure Private 5G Core Denial of Service Vulnerability | Moderate |
| Azure SDK | CVE-2024-29992 | Azure Identity Library for .NET Information Disclosure Vulnerability | Moderate |
| Intel | CVE-2024-2201 | Intel: CVE-2024-2201 Branch History Injection | Important |
| Internet Shortcut Files | CVE-2024-29988 | SmartScreen Prompt Security Feature Bypass Vulnerability | Important |
| Mariner | CVE-2019-3816 | Unknown | Unknown |
| Mariner | CVE-2019-3833 | Unknown | Unknown |
| Microsoft Azure Kubernetes Service | CVE-2024-29990 | Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability | Important |
| Microsoft Brokering File System | CVE-2024-28905 | Microsoft Brokering File System Elevation of Privilege Vulnerability | Important |
| Microsoft Brokering File System | CVE-2024-28907 | Microsoft Brokering File System Elevation of Privilege Vulnerability | Important |
| Microsoft Brokering File System | CVE-2024-26213 | Microsoft Brokering File System Elevation of Privilege Vulnerability | Important |
| Microsoft Brokering File System | CVE-2024-28904 | Microsoft Brokering File System Elevation of Privilege Vulnerability | Important |
| Microsoft Defender for IoT | CVE-2024-29055 | Microsoft Defender for IoT Elevation of Privilege Vulnerability | Important |
| Microsoft Defender for IoT | CVE-2024-29053 | Microsoft Defender for IoT Remote Code Execution Vulnerability | Critical |
| Microsoft Defender for IoT | CVE-2024-29054 | Microsoft Defender for IoT Elevation of Privilege Vulnerability | Important |
| Microsoft Defender for IoT | CVE-2024-21324 | Microsoft Defender for IoT Elevation of Privilege Vulnerability | Important |
| Microsoft Defender for IoT | CVE-2024-21323 | Microsoft Defender for IoT Remote Code Execution Vulnerability | Critical |
| Microsoft Defender for IoT | CVE-2024-21322 | Microsoft Defender for IoT Remote Code Execution Vulnerability | Critical |
| Microsoft Edge (Chromium-based) | CVE-2024-3156 | Chromium: CVE-2024-3156 Inappropriate implementation in V8 | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2024-29049 | Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability | Moderate |
| Microsoft Edge (Chromium-based) | CVE-2024-29981 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | Low |
| Microsoft Edge (Chromium-based) | CVE-2024-3159 | Chromium: CVE-2024-3159 Out of bounds memory access in V8 | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2024-3158 | Chromium: CVE-2024-3158 Use after free in Bookmarks | Unknown |
| Microsoft Install Service | CVE-2024-26158 | Microsoft Install Service Elevation of Privilege Vulnerability | Important |
| Microsoft Office Excel | CVE-2024-26257 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Outlook | CVE-2024-20670 | Outlook for Windows Spoofing Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2024-26251 | Microsoft SharePoint Server Spoofing Vulnerability | Important |
| Microsoft WDAC ODBC Driver | CVE-2024-26214 | Microsoft WDAC SQL Server ODBC Driver Remote Code Execution Vulnerability | Important |
| Microsoft WDAC OLE DB provider for SQL | CVE-2024-26244 | Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution Vulnerability | Important |
| Microsoft WDAC OLE DB provider for SQL | CVE-2024-26210 | Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution Vulnerability | Important |
| Role: DNS Server | CVE-2024-26233 | Windows DNS Server Remote Code Execution Vulnerability | Important |
| Role: DNS Server | CVE-2024-26231 | Windows DNS Server Remote Code Execution Vulnerability | Important |
| Role: DNS Server | CVE-2024-26227 | Windows DNS Server Remote Code Execution Vulnerability | Important |
| Role: DNS Server | CVE-2024-26223 | Windows DNS Server Remote Code Execution Vulnerability | Important |
| Role: DNS Server | CVE-2024-26221 | Windows DNS Server Remote Code Execution Vulnerability | Important |
| Role: DNS Server | CVE-2024-26224 | Windows DNS Server Remote Code Execution Vulnerability | Important |
| Role: DNS Server | CVE-2024-26222 | Windows DNS Server Remote Code Execution Vulnerability | Important |
| Role: Windows Hyper-V | CVE-2024-29064 | Windows Hyper-V Denial of Service Vulnerability | Important |
| SQL Server | CVE-2024-28937 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-28938 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-29044 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-28935 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-28940 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-28943 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-28941 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-28910 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-28944 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-28908 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-28909 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-29985 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-28906 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-28926 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-28933 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-28934 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-28927 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-28930 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-29046 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-28932 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-29047 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-28931 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-29984 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-28929 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-28939 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-28942 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-29043 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-28936 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-29045 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-28915 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-28913 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-28945 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-29048 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-28912 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-28914 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-29983 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-28911 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-29982 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
| Windows Authentication Methods | CVE-2024-29056 | Windows Authentication Elevation of Privilege Vulnerability | Important |
| Windows Authentication Methods | CVE-2024-21447 | Windows Authentication Elevation of Privilege Vulnerability | Important |
| Windows BitLocker | CVE-2024-20665 | BitLocker Security Feature Bypass Vulnerability | Important |
| Windows Compressed Folder | CVE-2024-26256 | libarchive Remote Code Execution Vulnerability | Important |
| Windows Cryptographic Services | CVE-2024-26228 | Windows Cryptographic Services Security Feature Bypass Vulnerability | Important |
| Windows Cryptographic Services | CVE-2024-29050 | Windows Cryptographic Services Remote Code Execution Vulnerability | Important |
| Windows Defender Credential Guard | CVE-2024-26237 | Windows Defender Credential Guard Elevation of Privilege Vulnerability | Important |
| Windows DHCP Server | CVE-2024-26212 | DHCP Server Service Denial of Service Vulnerability | Important |
| Windows DHCP Server | CVE-2024-26215 | DHCP Server Service Denial of Service Vulnerability | Important |
| Windows DHCP Server | CVE-2024-26195 | DHCP Server Service Remote Code Execution Vulnerability | Important |
| Windows DHCP Server | CVE-2024-26202 | DHCP Server Service Remote Code Execution Vulnerability | Important |
| Windows Distributed File System (DFS) | CVE-2024-29066 | Windows Distributed File System (DFS) Remote Code Execution Vulnerability | Important |
| Windows Distributed File System (DFS) | CVE-2024-26226 | Windows Distributed File System (DFS) Information Disclosure Vulnerability | Important |
| Windows DWM Core Library | CVE-2024-26172 | Windows DWM Core Library Information Disclosure Vulnerability | Important |
| Windows File Server Resource Management Service | CVE-2024-26216 | Windows File Server Resource Management Service Elevation of Privilege Vulnerability | Important |
| Windows HTTP.sys | CVE-2024-26219 | HTTP.sys Denial of Service Vulnerability | Important |
| Windows Internet Connection Sharing (ICS) | CVE-2024-26253 | Windows rndismp6.sys Remote Code Execution Vulnerability | Important |
| Windows Internet Connection Sharing (ICS) | CVE-2024-26252 | Windows rndismp6.sys Remote Code Execution Vulnerability | Important |
| Windows Kerberos | CVE-2024-26183 | Windows Kerberos Denial of Service Vulnerability | Important |
| Windows Kerberos | CVE-2024-26248 | Windows Kerberos Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2024-20693 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2024-26245 | Windows SMB Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2024-26229 | Windows CSC Service Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2024-26218 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Local Security Authority Subsystem Service (LSASS) | CVE-2024-26209 | Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability | Important |
| Windows Message Queuing | CVE-2024-26232 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | Important |
| Windows Message Queuing | CVE-2024-26208 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | Important |
| Windows Mobile Hotspot | CVE-2024-26220 | Windows Mobile Hotspot Information Disclosure Vulnerability | Important |
| Windows Proxy Driver | CVE-2024-26234 | Proxy Driver Spoofing Vulnerability | Important |
| Windows Remote Access Connection Manager | CVE-2024-28902 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | Important |
| Windows Remote Access Connection Manager | CVE-2024-28900 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | Important |
| Windows Remote Access Connection Manager | CVE-2024-28901 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | Important |
| Windows Remote Access Connection Manager | CVE-2024-26255 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | Important |
| Windows Remote Access Connection Manager | CVE-2024-26230 | Windows Telephony Server Elevation of Privilege Vulnerability | Important |
| Windows Remote Access Connection Manager | CVE-2024-26239 | Windows Telephony Server Elevation of Privilege Vulnerability | Important |
| Windows Remote Access Connection Manager | CVE-2024-26207 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | Important |
| Windows Remote Access Connection Manager | CVE-2024-26217 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | Important |
| Windows Remote Access Connection Manager | CVE-2024-26211 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | Important |
| Windows Remote Procedure Call | CVE-2024-20678 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2024-26200 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2024-26179 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2024-26205 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Secure Boot | CVE-2024-29061 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-28921 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-20689 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-26250 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-28922 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-29062 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-20669 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-28898 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-20688 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-23593 | Lenovo: CVE-2024-23593 Zero Out Boot Manager and drop to UEFI Shell | Important |
| Windows Secure Boot | CVE-2024-28896 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-28919 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-23594 | Lenovo: CVE-2024-23594 Stack Buffer Overflow in LenovoBT.efi | Important |
| Windows Secure Boot | CVE-2024-28923 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-28903 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-26189 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-26240 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-28924 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-28897 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-28925 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-26175 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-28920 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-26194 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-26180 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-26171 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-26168 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Storage | CVE-2024-29052 | Windows Storage Elevation of Privilege Vulnerability | Important |
| Windows Telephony Server | CVE-2024-26242 | Windows Telephony Server Elevation of Privilege Vulnerability | Important |
| Windows Update Stack | CVE-2024-26236 | Windows Update Stack Elevation of Privilege Vulnerability | Important |
| Windows Update Stack | CVE-2024-26235 | Windows Update Stack Elevation of Privilege Vulnerability | Important |
| Windows USB Print Driver | CVE-2024-26243 | Windows USB Print Driver Elevation of Privilege Vulnerability | Important |
| Windows Virtual Machine Bus | CVE-2024-26254 | Microsoft Virtual Machine Bus (VMBus) Denial of Service Vulnerability | Important |
| Windows Win32K – ICOMP | CVE-2024-26241 | Win32k Elevation of Privilege Vulnerability | Important |
