Microsoft устранила рекордное число брешей — 149, из которых две — 0-day

@Anti-Malware.ru
#Техника#Гаджеты
Microsoft устранила рекордное число брешей — 149, из которых две — 0-day

Microsoft выпустила апрельские обновление с рекордным числом патчей. В общей сложности разработчики устранили 149 уязвимостей, две из которых уже используются в реальных кибератаках.

Три бреши из набора получили статус критических, 142 — статус важных, ещё три — средний уровень риска, одна — низкий. Две уязвимости нулевого дня отслеживаются под следующими идентификаторами:

  • CVE-2024-26234 (CVSS — 6,7 балла) — возможность спуфинга в прокси-драйвере.
  • CVE-2024-29988 (CVSS — 8,8 балла) — возможность обхода уведомлений от SmartScreen.

Microsoft не раскрывает детали относительно CVE-2024-26234, однако специалисты компании Sophos связывают её с вредоносными исполняемыми файлами «Catalog.exe» и «Catalog Authentication Client Service», которые были обнаружены в декабре 2023 года.

Эти файлы были подписаны валидным сертификатом Microsoft Windows Hardware Compatibility Publisher (WHCP). Мы разбирали этот кейс в статье «Как взлом сертификационного центра Microsoft поставили на поток». Рекомендуем к прочтению, если интересно, как выданные сертификаты использовались во вредоносной активности.

Вторая 0-day — CVE-2024-29988 — по своей сути схожа с CVE-2024-21412 и CVE-2023-36025, поскольку допускает обход защитного механизма Microsoft Defender Smartscreen.

«Для эксплуатации этого бага атакующий должен обманом заставить жертву запустить вредоносный файл», — пишет Microsoft.

Полный список пропатченных в этом месяце дыр выглядит так:

НаименованиеИдентификатор CVEНазвание CVEСтепень риска
.NET and Visual StudioCVE-2024-21409.NET, .NET Framework, and Visual Studio Remote Code Execution VulnerabilityВажная
AzureCVE-2024-29993Azure CycleCloud Elevation of Privilege VulnerabilityВажная
Azure AI SearchCVE-2024-29063Azure AI Search Information Disclosure VulnerabilityВажная
Azure ArcCVE-2024-28917Azure Arc-enabled Kubernetes Extension Cluster-Scope Elevation of Privilege VulnerabilityВажная
Azure Compute GalleryCVE-2024-21424Azure Compute Gallery Elevation of Privilege VulnerabilityВажная
Azure MigrateCVE-2024-26193Azure Migrate Remote Code Execution VulnerabilityВажная
Azure MonitorCVE-2024-29989Azure Monitor Agent Elevation of Privilege VulnerabilityВажная
Azure Private 5G CoreCVE-2024-20685Azure Private 5G Core Denial of Service VulnerabilityСредняя
Azure SDKCVE-2024-29992Azure Identity Library for .NET Information Disclosure VulnerabilityСредняя
IntelCVE-2024-2201Intel: CVE-2024-2201 Branch History InjectionВажная
Internet Shortcut FilesCVE-2024-29988SmartScreen Prompt Security Feature Bypass VulnerabilityВажная
MarinerCVE-2019-3816НеизвестноНеизвестно
MarinerCVE-2019-3833НеизвестноНеизвестно
Microsoft Azure Kubernetes ServiceCVE-2024-29990Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege VulnerabilityВажная
Microsoft Brokering File SystemCVE-2024-28905Microsoft Brokering File System Elevation of Privilege VulnerabilityВажная
Microsoft Brokering File SystemCVE-2024-28907Microsoft Brokering File System Elevation of Privilege VulnerabilityВажная
Microsoft Brokering File SystemCVE-2024-26213Microsoft Brokering File System Elevation of Privilege VulnerabilityВажная
Microsoft Brokering File SystemCVE-2024-28904Microsoft Brokering File System Elevation of Privilege VulnerabilityВажная
Microsoft Defender for IoTCVE-2024-29055Microsoft Defender for IoT Elevation of Privilege VulnerabilityВажная
Microsoft Defender for IoTCVE-2024-29053Microsoft Defender for IoT Remote Code Execution VulnerabilityКритическая
Microsoft Defender for IoTCVE-2024-29054Microsoft Defender for IoT Elevation of Privilege VulnerabilityВажная
Microsoft Defender for IoTCVE-2024-21324Microsoft Defender for IoT Elevation of Privilege VulnerabilityВажная
Microsoft Defender for IoTCVE-2024-21323Microsoft Defender for IoT Remote Code Execution VulnerabilityКритическая
Microsoft Defender for IoTCVE-2024-21322Microsoft Defender for IoT Remote Code Execution VulnerabilityКритическая
Microsoft Edge (Chromium-based)CVE-2024-3156Chromium: CVE-2024-3156 Inappropriate implementation in V8Неизвестно
Microsoft Edge (Chromium-based)CVE-2024-29049Microsoft Edge (Chromium-based) Webview2 Spoofing VulnerabilityСредняя
Microsoft Edge (Chromium-based)CVE-2024-29981Microsoft Edge (Chromium-based) Spoofing VulnerabilityНизкая
Microsoft Edge (Chromium-based)CVE-2024-3159Chromium: CVE-2024-3159 Out of bounds memory access in V8Неизвестно
Microsoft Edge (Chromium-based)CVE-2024-3158Chromium: CVE-2024-3158 Use after free in BookmarksНеизвестно
Microsoft Install ServiceCVE-2024-26158Microsoft Install Service Elevation of Privilege VulnerabilityВажная
Microsoft Office ExcelCVE-2024-26257Microsoft Excel Remote Code Execution VulnerabilityВажная
Microsoft Office OutlookCVE-2024-20670Outlook for Windows Spoofing VulnerabilityВажная
Microsoft Office SharePointCVE-2024-26251Microsoft SharePoint Server Spoofing VulnerabilityВажная
Microsoft WDAC ODBC DriverCVE-2024-26214Microsoft WDAC SQL Server ODBC Driver Remote Code Execution VulnerabilityВажная
Microsoft WDAC OLE DB provider for SQLCVE-2024-26244Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution VulnerabilityВажная
Microsoft WDAC OLE DB provider for SQLCVE-2024-26210Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution VulnerabilityВажная
Role: DNS ServerCVE-2024-26233Windows DNS Server Remote Code Execution VulnerabilityВажная
Role: DNS ServerCVE-2024-26231Windows DNS Server Remote Code Execution VulnerabilityВажная
Role: DNS ServerCVE-2024-26227Windows DNS Server Remote Code Execution VulnerabilityВажная
Role: DNS ServerCVE-2024-26223Windows DNS Server Remote Code Execution VulnerabilityВажная
Role: DNS ServerCVE-2024-26221Windows DNS Server Remote Code Execution VulnerabilityВажная
Role: DNS ServerCVE-2024-26224Windows DNS Server Remote Code Execution VulnerabilityВажная
Role: DNS ServerCVE-2024-26222Windows DNS Server Remote Code Execution VulnerabilityВажная
Role: Windows Hyper-VCVE-2024-29064Windows Hyper-V Denial of Service VulnerabilityВажная
SQL ServerCVE-2024-28937Microsoft ODBC Driver for SQL Server Remote Code Execution VulnerabilityВажная
SQL ServerCVE-2024-28938Microsoft ODBC Driver for SQL Server Remote Code Execution VulnerabilityВажная
SQL ServerCVE-2024-29044Microsoft OLE DB Driver for SQL Server Remote Code Execution VulnerabilityВажная
SQL ServerCVE-2024-28935Microsoft ODBC Driver for SQL Server Remote Code Execution VulnerabilityВажная
SQL ServerCVE-2024-28940Microsoft OLE DB Driver for SQL Server Remote Code Execution VulnerabilityВажная
SQL ServerCVE-2024-28943Microsoft ODBC Driver for SQL Server Remote Code Execution VulnerabilityВажная
SQL ServerCVE-2024-28941Microsoft ODBC Driver for SQL Server Remote Code Execution VulnerabilityВажная
SQL ServerCVE-2024-28910Microsoft OLE DB Driver for SQL Server Remote Code Execution VulnerabilityВажная
SQL ServerCVE-2024-28944Microsoft OLE DB Driver for SQL Server Remote Code Execution VulnerabilityВажная
SQL ServerCVE-2024-28908Microsoft OLE DB Driver for SQL Server Remote Code Execution VulnerabilityВажная
SQL ServerCVE-2024-28909Microsoft OLE DB Driver for SQL Server Remote Code Execution VulnerabilityВажная
SQL ServerCVE-2024-29985Microsoft OLE DB Driver for SQL Server Remote Code Execution VulnerabilityВажная
SQL ServerCVE-2024-28906Microsoft OLE DB Driver for SQL Server Remote Code Execution VulnerabilityВажная
SQL ServerCVE-2024-28926Microsoft OLE DB Driver for SQL Server Remote Code Execution VulnerabilityВажная
SQL ServerCVE-2024-28933Microsoft ODBC Driver for SQL Server Remote Code Execution VulnerabilityВажная
SQL ServerCVE-2024-28934Microsoft ODBC Driver for SQL Server Remote Code Execution VulnerabilityВажная
SQL ServerCVE-2024-28927Microsoft OLE DB Driver for SQL Server Remote Code Execution VulnerabilityВажная
SQL ServerCVE-2024-28930Microsoft ODBC Driver for SQL Server Remote Code Execution VulnerabilityВажная
SQL ServerCVE-2024-29046Microsoft OLE DB Driver for SQL Server Remote Code Execution VulnerabilityВажная
SQL ServerCVE-2024-28932Microsoft ODBC Driver for SQL Server Remote Code Execution VulnerabilityВажная
SQL ServerCVE-2024-29047Microsoft OLE DB Driver for SQL Server Remote Code Execution VulnerabilityВажная
SQL ServerCVE-2024-28931Microsoft ODBC Driver for SQL Server Remote Code Execution VulnerabilityВажная
SQL ServerCVE-2024-29984Microsoft OLE DB Driver for SQL Server Remote Code Execution VulnerabilityВажная
SQL ServerCVE-2024-28929Microsoft ODBC Driver for SQL Server Remote Code Execution VulnerabilityВажная
SQL ServerCVE-2024-28939Microsoft OLE DB Driver for SQL Server Remote Code Execution VulnerabilityВажная
SQL ServerCVE-2024-28942Microsoft OLE DB Driver for SQL Server Remote Code Execution VulnerabilityВажная
SQL ServerCVE-2024-29043Microsoft ODBC Driver for SQL Server Remote Code Execution VulnerabilityВажная
SQL ServerCVE-2024-28936Microsoft ODBC Driver for SQL Server Remote Code Execution VulnerabilityВажная
SQL ServerCVE-2024-29045Microsoft OLE DB Driver for SQL Server Remote Code Execution VulnerabilityВажная
SQL ServerCVE-2024-28915Microsoft OLE DB Driver for SQL Server Remote Code Execution VulnerabilityВажная
SQL ServerCVE-2024-28913Microsoft OLE DB Driver for SQL Server Remote Code Execution VulnerabilityВажная
SQL ServerCVE-2024-28945Microsoft OLE DB Driver for SQL Server Remote Code Execution VulnerabilityВажная
SQL ServerCVE-2024-29048Microsoft OLE DB Driver for SQL Server Remote Code Execution VulnerabilityВажная
SQL ServerCVE-2024-28912Microsoft OLE DB Driver for SQL Server Remote Code Execution VulnerabilityВажная
SQL ServerCVE-2024-28914Microsoft OLE DB Driver for SQL Server Remote Code Execution VulnerabilityВажная
SQL ServerCVE-2024-29983Microsoft OLE DB Driver for SQL Server Remote Code Execution VulnerabilityВажная
SQL ServerCVE-2024-28911Microsoft OLE DB Driver for SQL Server Remote Code Execution VulnerabilityВажная
SQL ServerCVE-2024-29982Microsoft OLE DB Driver for SQL Server Remote Code Execution VulnerabilityВажная
Windows Authentication MethodsCVE-2024-29056Windows Authentication Elevation of Privilege VulnerabilityВажная
Windows Authentication MethodsCVE-2024-21447Windows Authentication Elevation of Privilege VulnerabilityВажная
Windows BitLockerCVE-2024-20665BitLocker Security Feature Bypass VulnerabilityВажная
Windows Compressed FolderCVE-2024-26256libarchive Remote Code Execution VulnerabilityВажная
Windows Cryptographic ServicesCVE-2024-26228Windows Cryptographic Services Security Feature Bypass VulnerabilityВажная
Windows Cryptographic ServicesCVE-2024-29050Windows Cryptographic Services Remote Code Execution VulnerabilityВажная
Windows Defender Credential GuardCVE-2024-26237Windows Defender Credential Guard Elevation of Privilege VulnerabilityВажная
Windows DHCP ServerCVE-2024-26212DHCP Server Service Denial of Service VulnerabilityВажная
Windows DHCP ServerCVE-2024-26215DHCP Server Service Denial of Service VulnerabilityВажная
Windows DHCP ServerCVE-2024-26195DHCP Server Service Remote Code Execution VulnerabilityВажная
Windows DHCP ServerCVE-2024-26202DHCP Server Service Remote Code Execution VulnerabilityВажная
Windows Distributed File System (DFS)CVE-2024-29066Windows Distributed File System (DFS) Remote Code Execution VulnerabilityВажная
Windows Distributed File System (DFS)CVE-2024-26226Windows Distributed File System (DFS) Information Disclosure VulnerabilityВажная
Windows DWM Core LibraryCVE-2024-26172Windows DWM Core Library Information Disclosure VulnerabilityВажная
Windows File Server Resource Management ServiceCVE-2024-26216Windows File Server Resource Management Service Elevation of Privilege VulnerabilityВажная
Windows HTTP.sysCVE-2024-26219HTTP.sys Denial of Service VulnerabilityВажная
Windows Internet Connection Sharing (ICS)CVE-2024-26253Windows rndismp6.sys Remote Code Execution VulnerabilityВажная
Windows Internet Connection Sharing (ICS)CVE-2024-26252Windows rndismp6.sys Remote Code Execution VulnerabilityВажная
Windows KerberosCVE-2024-26183Windows Kerberos Denial of Service VulnerabilityВажная
Windows KerberosCVE-2024-26248Windows Kerberos Elevation of Privilege VulnerabilityВажная
Windows KernelCVE-2024-20693Windows Kernel Elevation of Privilege VulnerabilityВажная
Windows KernelCVE-2024-26245Windows SMB Elevation of Privilege VulnerabilityВажная
Windows KernelCVE-2024-26229Windows CSC Service Elevation of Privilege VulnerabilityВажная
Windows KernelCVE-2024-26218Windows Kernel Elevation of Privilege VulnerabilityВажная
Windows Local Security Authority Subsystem Service (LSASS)CVE-2024-26209Microsoft Local Security Authority Subsystem Service Information Disclosure VulnerabilityВажная
Windows Message QueuingCVE-2024-26232Microsoft Message Queuing (MSMQ) Remote Code Execution VulnerabilityВажная
Windows Message QueuingCVE-2024-26208Microsoft Message Queuing (MSMQ) Remote Code Execution VulnerabilityВажная
Windows Mobile HotspotCVE-2024-26220Windows Mobile Hotspot Information Disclosure VulnerabilityВажная
Windows Proxy DriverCVE-2024-26234Proxy Driver Spoofing VulnerabilityВажная
Windows Remote Access Connection ManagerCVE-2024-28902Windows Remote Access Connection Manager Information Disclosure VulnerabilityВажная
Windows Remote Access Connection ManagerCVE-2024-28900Windows Remote Access Connection Manager Information Disclosure VulnerabilityВажная
Windows Remote Access Connection ManagerCVE-2024-28901Windows Remote Access Connection Manager Information Disclosure VulnerabilityВажная
Windows Remote Access Connection ManagerCVE-2024-26255Windows Remote Access Connection Manager Information Disclosure VulnerabilityВажная
Windows Remote Access Connection ManagerCVE-2024-26230Windows Telephony Server Elevation of Privilege VulnerabilityВажная
Windows Remote Access Connection ManagerCVE-2024-26239Windows Telephony Server Elevation of Privilege VulnerabilityВажная
Windows Remote Access Connection ManagerCVE-2024-26207Windows Remote Access Connection Manager Information Disclosure VulnerabilityВажная
Windows Remote Access Connection ManagerCVE-2024-26217Windows Remote Access Connection Manager Information Disclosure VulnerabilityВажная
Windows Remote Access Connection ManagerCVE-2024-26211Windows Remote Access Connection Manager Elevation of Privilege VulnerabilityВажная
Windows Remote Procedure CallCVE-2024-20678Remote Procedure Call Runtime Remote Code Execution VulnerabilityВажная
Windows Routing and Remote Access Service (RRAS)CVE-2024-26200Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityВажная
Windows Routing and Remote Access Service (RRAS)CVE-2024-26179Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityВажная
Windows Routing and Remote Access Service (RRAS)CVE-2024-26205Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityВажная
Windows Secure BootCVE-2024-29061Secure Boot Security Feature Bypass VulnerabilityВажная
Windows Secure BootCVE-2024-28921Secure Boot Security Feature Bypass VulnerabilityВажная
Windows Secure BootCVE-2024-20689Secure Boot Security Feature Bypass VulnerabilityВажная
Windows Secure BootCVE-2024-26250Secure Boot Security Feature Bypass VulnerabilityВажная
Windows Secure BootCVE-2024-28922Secure Boot Security Feature Bypass VulnerabilityВажная
Windows Secure BootCVE-2024-29062Secure Boot Security Feature Bypass VulnerabilityВажная
Windows Secure BootCVE-2024-20669Secure Boot Security Feature Bypass VulnerabilityВажная
Windows Secure BootCVE-2024-28898Secure Boot Security Feature Bypass VulnerabilityВажная
Windows Secure BootCVE-2024-20688Secure Boot Security Feature Bypass VulnerabilityВажная
Windows Secure BootCVE-2024-23593Lenovo: CVE-2024-23593 Zero Out Boot Manager and drop to UEFI ShellВажная
Windows Secure BootCVE-2024-28896Secure Boot Security Feature Bypass VulnerabilityВажная
Windows Secure BootCVE-2024-28919Secure Boot Security Feature Bypass VulnerabilityВажная
Windows Secure BootCVE-2024-23594Lenovo: CVE-2024-23594 Stack Buffer Overflow in LenovoBT.efiВажная
Windows Secure BootCVE-2024-28923Secure Boot Security Feature Bypass VulnerabilityВажная
Windows Secure BootCVE-2024-28903Secure Boot Security Feature Bypass VulnerabilityВажная
Windows Secure BootCVE-2024-26189Secure Boot Security Feature Bypass VulnerabilityВажная
Windows Secure BootCVE-2024-26240Secure Boot Security Feature Bypass VulnerabilityВажная
Windows Secure BootCVE-2024-28924Secure Boot Security Feature Bypass VulnerabilityВажная
Windows Secure BootCVE-2024-28897Secure Boot Security Feature Bypass VulnerabilityВажная
Windows Secure BootCVE-2024-28925Secure Boot Security Feature Bypass VulnerabilityВажная
Windows Secure BootCVE-2024-26175Secure Boot Security Feature Bypass VulnerabilityВажная
Windows Secure BootCVE-2024-28920Secure Boot Security Feature Bypass VulnerabilityВажная
Windows Secure BootCVE-2024-26194Secure Boot Security Feature Bypass VulnerabilityВажная
Windows Secure BootCVE-2024-26180Secure Boot Security Feature Bypass VulnerabilityВажная
Windows Secure BootCVE-2024-26171Secure Boot Security Feature Bypass VulnerabilityВажная
Windows Secure BootCVE-2024-26168Secure Boot Security Feature Bypass VulnerabilityВажная
Windows StorageCVE-2024-29052Windows Storage Elevation of Privilege VulnerabilityВажная
Windows Telephony ServerCVE-2024-26242Windows Telephony Server Elevation of Privilege VulnerabilityВажная
Windows Update StackCVE-2024-26236Windows Update Stack Elevation of Privilege VulnerabilityВажная
Windows Update StackCVE-2024-26235Windows Update Stack Elevation of Privilege VulnerabilityВажная
Windows USB Print DriverCVE-2024-26243Windows USB Print Driver Elevation of Privilege VulnerabilityВажная
Windows Virtual Machine BusCVE-2024-26254Microsoft Virtual Machine Bus (VMBus) Denial of Service VulnerabilityВажная
Windows Win32K - ICOMPCVE-2024-26241Win32k Elevation of Privilege VulnerabilityВажная
Данные о правообладателе фото и видеоматериалов взяты с сайта «Anti-Malware.ru», подробнее в Правилах сервиса
Анализ
×
Организации
Рейтинг организаций
154
Microsoft
Сфера деятельности:Связь и ИТ
154
Технологии
Рейтинг технологий
Microsoft Azure
Производитель:Microsoft
9
Microsoft Edge
Производитель:Microsoft
9
Windows Mobile
Производитель:Microsoft
118
118
39
Сеть 5G
Технологии
39