{"id":10168,"date":"2021-10-18T15:05:19","date_gmt":"2021-10-18T12:05:19","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=10168"},"modified":"2021-10-18T15:05:19","modified_gmt":"2021-10-18T12:05:19","slug":"october-patch-tuesday-vulnerabilities","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/october-patch-tuesday-vulnerabilities\/10168\/","title":{"rendered":"Windows’u hemen g\u00fcncellemeniz i\u00e7in 71 neden"},"content":{"rendered":"

En son Sal\u0131 Yamas\u0131 ile Microsoft, toplam 71 g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131 kapatt\u0131. Bunlar\u0131n en tehlikelisi, siber su\u00e7lular\u0131n halihaz\u0131rda kulland\u0131\u011f\u0131<\/a>, Win32k s\u00fcr\u00fcc\u00fcs\u00fcndeki use-after-free<\/a> g\u00fcvenlik a\u00e7\u0131\u011f\u0131 olan CVE-2021-40449.<\/p>\n

Buna ek olarak Microsoft, herkes taraf\u0131ndan bilinen \u00fc\u00e7 ciddi g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131 daha kapatt\u0131. Microsoft uzmanlar\u0131 \u015fu an i\u00e7in bu g\u00fcvenlik a\u00e7\u0131klar\u0131ndan yaralanma ihtimalini \u201cdaha az olas\u0131\u201d olarak de\u011ferlendiriyor. Bununla birlikte g\u00fcvenlik uzmanlar\u0131, aktif olarak bu g\u00fcvenlik a\u00e7\u0131klar\u0131 \u00fczerinde tart\u0131\u015fmaya devam ediyor ve bu a\u00e7\u0131klara ili\u015fkin kavram kan\u0131tlar\u0131na<\/a> (proofs-of-concept) internetten ula\u015f\u0131labiliyor \u2014 dolay\u0131s\u0131yla birisi bu a\u00e7\u0131klardan birini kullanmaya \u00e7al\u0131\u015fabilir.<\/p>\n

Microsoft Windows \u00e7ekirdek g\u00fcvenlik a\u00e7\u0131\u011f\u0131<\/h2>\n

Bu \u00fc\u00e7 g\u00fcvenlik a\u00e7\u0131\u011f\u0131ndan en tehlikelisi olan CVE-2021-41335<\/a>, CVSS \u00f6l\u00e7e\u011finde 7,8 puana sahip. Microsoft Windows \u00e7ekirde\u011finde bulunan a\u00e7\u0131k, potansiyel k\u00f6t\u00fc ama\u00e7l\u0131 bir i\u015flemin ayr\u0131cal\u0131k y\u00fckseltebilmesine izin veriyor.<\/p>\n

Windows AppContainer\u2019\u0131 atlama<\/h2>\n

\u0130kinci g\u00fcvenlik a\u00e7\u0131\u011f\u0131, CVE-2021-41338<\/a>, uygulamalar\u0131 ve i\u015flemleri koruyan Windows AppContainer ortam\u0131n\u0131n k\u0131s\u0131tlamalar\u0131n\u0131 atlamay\u0131 sa\u011fl\u0131yor. Belirli ko\u015fullar\u0131n olu\u015fmas\u0131 halinde, yetkisiz bir ki\u015fi, varsay\u0131lan Windows Filtre Platformu kurallar\u0131 sayesinde bu a\u00e7\u0131ktan yararlanabiliyor. Bunun sonucunda da ayr\u0131cal\u0131k y\u00fckseltilmesi sa\u011flanabiliyor.<\/p>\n

Google Project Zero \u00fcyeleri, g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131 Temmuz ay\u0131nda tespit etti<\/a> ve Microsoft\u2019a bildirdi. \u015eirkete d\u00fczeltmesi i\u00e7in 90 g\u00fcnl\u00fck bir s\u00fcre verdi ve s\u00fcre sonunda kavram kan\u0131t\u0131n\u0131 herkesin eri\u015fimine a\u00e7\u0131k \u015fekilde yay\u0131nlad\u0131. G\u00fcvenlik a\u00e7\u0131\u011f\u0131 CVSS \u00f6l\u00e7e\u011finde 7,8 puana sahip.<\/p>\n

Windows DNS Sunucusu g\u00fcvenlik a\u00e7\u0131\u011f\u0131<\/h2>\n

CVE-2021-40469<\/a> g\u00fcvenlik a\u00e7\u0131\u011f\u0131 ise, yaln\u0131zca DNS sunucusu olarak \u00e7al\u0131\u015fan Microsoft Windows makinelerde kullan\u0131labiliyor. Ancak i\u015fletim sisteminin, Server 2008 ile ba\u015flayan ve k\u0131sa s\u00fcre \u00f6nce \u00e7\u0131kan Server 2022\u2019ye kadar t\u00fcm sunucu s\u00fcr\u00fcmleri bu g\u00fcvenlik a\u00e7\u0131\u011f\u0131 kar\u015f\u0131s\u0131nda savunmas\u0131z durumda. CVE-2021-40469, sunucuda uzaktan kod y\u00fcr\u00fct\u00fclmesine<\/a> izin veriyor ve CVSS \u00f6l\u00e7e\u011finde 7,2 puana sahip.<\/p>\n

\u015eirketinizi nas\u0131l korursunuz?<\/h2>\n

Olay M\u00fcdahalesi<\/a>\u2018ndeki \u00e7al\u0131\u015fma arkada\u015flar\u0131m\u0131z\u0131n haz\u0131rlad\u0131\u011f\u0131 Olay M\u00fcdahalesi Analiz Raporu 2021\u2019in sonu\u00e7lar\u0131<\/a>, g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131n pop\u00fcler ilk sald\u0131r\u0131 vekt\u00f6r\u00fc olmaya devam etti\u011fini g\u00f6steriyor. Ayr\u0131ca, g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131n mutlaka yeni olmas\u0131 da gerekmiyor \u2014 buradaki ana tehdit s\u0131f\u0131r g\u00fcn g\u00fcvenlik a\u00e7\u0131klar\u0131 de\u011fil, genel olarak g\u00fcncellemelerin y\u00fcklenmesinde ge\u00e7 kal\u0131nmas\u0131d\u0131r. Bu nedenle her zaman, g\u00fcncellemelerin, m\u00fcmk\u00fcn olan en k\u0131sa s\u00fcrede t\u00fcm ba\u011fl\u0131 cihazlarda y\u00fcklenmesini \u00f6neriyoruz. G\u00fcncelleme, \u00f6zellikle i\u015fletim sistemleri, taray\u0131c\u0131lar ve g\u00fcvenlik \u00e7\u00f6z\u00fcmleri gibi kritik uygulamalar i\u00e7in olduk\u00e7a \u00f6nemlidir.<\/p>\n

\u015eirketinizi hen\u00fcz bilinmeyen g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131n kullan\u0131ld\u0131\u011f\u0131 sald\u0131r\u0131lara kar\u015f\u0131 korumak i\u00e7in s\u0131f\u0131r g\u00fcn a\u00e7\u0131klar\u0131n\u0131 tespit edebilen\u00a0proaktif koruma teknolojilerine sahip g\u00fcvenlik \u00e7\u00f6z\u00fcmleri<\/a> kullan\u0131n.<\/p>\n\n","protected":false},"excerpt":{"rendered":"

Ekim’deki Sal\u0131 Yamas\u0131’nda Microsoft, baz\u0131lar\u0131 \u00f6zellikle olduk\u00e7a ciddi olan 71 g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131 kapatt\u0131.<\/p>\n","protected":false},"author":2581,"featured_media":10169,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1726,1194,1727],"tags":[790,113],"class_list":{"0":"post-10168","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-enterprise","8":"category-business","9":"category-smb","10":"tag-guvenlik-aciklari","11":"tag-windows"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/october-patch-tuesday-vulnerabilities\/10168\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/october-patch-tuesday-vulnerabilities\/23494\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/october-patch-tuesday-vulnerabilities\/18971\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/october-patch-tuesday-vulnerabilities\/25571\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/october-patch-tuesday-vulnerabilities\/23643\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/october-patch-tuesday-vulnerabilities\/23096\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/october-patch-tuesday-vulnerabilities\/26225\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/october-patch-tuesday-vulnerabilities\/25779\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/october-patch-tuesday-vulnerabilities\/31715\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/october-patch-tuesday-vulnerabilities\/42462\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/october-patch-tuesday-vulnerabilities\/17881\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/october-patch-tuesday-vulnerabilities\/18284\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/october-patch-tuesday-vulnerabilities\/15415\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/october-patch-tuesday-vulnerabilities\/27560\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/october-patch-tuesday-vulnerabilities\/31817\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/october-patch-tuesday-vulnerabilities\/27724\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/october-patch-tuesday-vulnerabilities\/24485\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/october-patch-tuesday-vulnerabilities\/29846\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/october-patch-tuesday-vulnerabilities\/29644\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/guvenlik-aciklari\/","name":"g\u00fcvenlik a\u00e7\u0131klar\u0131"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/10168","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/2581"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=10168"}],"version-history":[{"count":1,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/10168\/revisions"}],"predecessor-version":[{"id":10170,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/10168\/revisions\/10170"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/10169"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=10168"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=10168"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=10168"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}