{"id":10458,"date":"2022-01-17T16:11:06","date_gmt":"2022-01-17T13:11:06","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=10458"},"modified":"2022-05-05T14:25:12","modified_gmt":"2022-05-05T11:25:12","slug":"microsoft-patches-about-a-hundred-vulnerabilities","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/microsoft-patches-about-a-hundred-vulnerabilities\/10458\/","title":{"rendered":"Yeni bir y\u0131l, yeni yamalar"},"content":{"rendered":"<p>Microsoft, y\u0131la b\u00fcy\u00fck bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131 d\u00fczeltmesiyle ba\u015flad\u0131 ve tek seferde <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\" target=\"_blank\" rel=\"noopener nofollow\">toplam 96 g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131 kapsayan<\/a> ilk Sal\u0131 g\u00fcncellemesini yay\u0131nlamakla kalmad\u0131, ayn\u0131 zamanda Microsoft Edge taray\u0131c\u0131s\u0131 i\u00e7in (temelde Chromium motoruyla ilgili olan) bir dizi d\u00fczeltme de yay\u0131nlad\u0131. Bu sayede y\u0131l\u0131n ba\u015f\u0131ndan beri 120\u2019den fazla g\u00fcvenlik a\u00e7\u0131\u011f\u0131 i\u00e7in yama \u00e7\u0131kar\u0131lm\u0131\u015f oluyor. Bu, i\u015fletim sistemini ve baz\u0131 Microsoft uygulamalar\u0131n\u0131 m\u00fcmk\u00fcn olan en k\u0131sa s\u00fcrede g\u00fcncellemek i\u00e7in yeterli bir nedendir.<\/p>\n<h2>En ciddi g\u00fcvenlik a\u00e7\u0131klar\u0131<\/h2>\n<p>Bu Sal\u0131 kapat\u0131lan g\u00fcvenlik a\u00e7\u0131klar\u0131ndan 9\u2019u, CVSS 3.1 \u00f6l\u00e7e\u011finde kritik bir dereceye sahip. Bunlardan ikisi <a href=\"https:\/\/encyclopedia.kaspersky.com\/glossary\/privilege-escalation\/\" target=\"_blank\" rel=\"noopener\">ayr\u0131cal\u0131k y\u00fckseltme<\/a> ile ilgilidir: Sanal Makine IDE S\u00fcr\u00fcc\u00fcs\u00fcndeki <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-21833\" target=\"_blank\" rel=\"noopener nofollow\">CVE-2022-21833<\/a> g\u00fcvenlik a\u00e7\u0131\u011f\u0131 ile Active Directory Etki Alan\u0131 Hizmetlerindeki <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-21857\" target=\"_blank\" rel=\"noopener nofollow\">CVE-2022-21857<\/a> g\u00fcvenlik a\u00e7\u0131\u011f\u0131. Di\u011fer 7 g\u00fcvenlik a\u00e7\u0131\u011f\u0131, bir sald\u0131rgana <a href=\"https:\/\/encyclopedia.kaspersky.com\/glossary\/remote-code-execution-rce\/\" target=\"_blank\" rel=\"noopener\">uzaktan kod y\u00fcr\u00fctebilme<\/a> imkan\u0131 sa\u011fl\u0131yor:<\/p>\n<ul>\n<li>HEVC Video Uzant\u0131lar\u0131ndaki <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-21917\" target=\"_blank\" rel=\"noopener nofollow\">CVE-2022-21917<\/a>,<\/li>\n<li>DirectX Graphics Kernel\u2019indeki <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-21912\" target=\"_blank\" rel=\"noopener nofollow\">CVE-2022-21912<\/a> ve <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-21898\" target=\"_blank\" rel=\"noopener nofollow\">CVE-2022-21898<\/a>,<\/li>\n<li>Microsoft Exchange Server\u2019daki <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-21846\" target=\"_blank\" rel=\"noopener nofollow\">CVE-2022-21846<\/a>,<\/li>\n<li>Microsoft Office\u2019teki <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-21840\" target=\"_blank\" rel=\"noopener nofollow\">CVE-2022-21840<\/a>,<\/li>\n<li>Open Source Curl\u2019deki <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2021-22947\" target=\"_blank\" rel=\"noopener nofollow\">CVE-2021-22947<\/a>,<\/li>\n<li>ve HTTP Protokol Y\u0131\u011f\u0131n\u0131ndaki <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-21907\" target=\"_blank\" rel=\"noopener nofollow\">CVE-2022-21907<\/a> g\u00fcvenlik a\u00e7\u0131\u011f\u0131.<\/li>\n<\/ul>\n<p>En can s\u0131k\u0131c\u0131 g\u00fcvenlik a\u00e7\u0131\u011f\u0131 sonuncusu gibi g\u00f6r\u00fcn\u00fcyor. HTTP protokol y\u0131\u011f\u0131n\u0131ndaki bir hata teorik olarak sald\u0131rganlar\u0131n yaln\u0131zca etkilenen bilgisayarda rastgele kod y\u00fcr\u00fctmesine de\u011fil, ayn\u0131 zamanda sald\u0131r\u0131y\u0131 yerel a\u011f \u00fczerinden yaymas\u0131na da olanak tan\u0131r (Microsoft terminolojisine g\u00f6re, s\u00f6z konusu g\u00fcvenlik a\u00e7\u0131\u011f\u0131 &lt;em&gt;<em>solucanla\u015ft\u0131r\u0131labilir&lt;\/em&gt;<\/em> olarak s\u0131n\u0131fland\u0131r\u0131l\u0131yor) \u2014 yani bir <a href=\"https:\/\/encyclopedia.kaspersky.com\/glossary\/worm\/\" target=\"_blank\" rel=\"noopener\">solucan<\/a> olu\u015fturmak i\u00e7in kullan\u0131labilir). Bu g\u00fcvenlik a\u00e7\u0131\u011f\u0131 Windows 10, Windows 11, Windows Server 2022 ve Windows Server 2019 ile ilgili. Ancak Microsoft\u2019a g\u00f6re, yaln\u0131zca kay\u0131t defterindeki EnableTrailerSupport anahtar\u0131n\u0131 kullan\u0131lmas\u0131yla HTTP Trailer Deste\u011fi etkinle\u015ftirilebildi\u011fi i\u00e7in Windows Server 2019 ve Windows 10 s\u00fcr\u00fcm 1809 kullan\u0131c\u0131lar\u0131 i\u00e7in de tehlikelidir.<\/p>\n<p>Uzmanlar ayr\u0131ca Microsoft Exchange Server\u2019daki \u2014 <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-21846\" target=\"_blank\" rel=\"noopener nofollow\">CVE-2022-21846<\/a> no.lu ba\u015fka bir ciddi g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131n (bu arada, listedeki tek Exchange hatas\u0131 de\u011fil, sadece en tehlikelisi) varl\u0131\u011f\u0131na dair endi\u015felerini de dile getirdiler. Endi\u015felerinde olduk\u00e7a hakl\u0131lar \u2014 kimse ge\u00e7en y\u0131l kullan\u0131lan Exchange g\u00fcvenlik a\u00e7\u0131klar\u0131 dalgas\u0131n\u0131n tekrarlanmas\u0131n\u0131 istemiyor.<\/p>\n<h2>PoC\u2019lerle ilgili g\u00fcvenlik a\u00e7\u0131klar\u0131<\/h2>\n<p>Sabit g\u00fcvenlik a\u00e7\u0131klar\u0131ndan baz\u0131lar\u0131 g\u00fcvenlik toplulu\u011fu taraf\u0131ndan zaten biliniyordu. Dahas\u0131, birisi bu g\u00fcvenlik a\u00e7\u0131klar\u0131na ili\u015fkin kavram kan\u0131tlar\u0131n\u0131 (PoC) zaten yay\u0131nlam\u0131\u015ft\u0131:<\/p>\n<ul>\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2022-21836\" target=\"_blank\" rel=\"noopener nofollow\">CVE-2022-21836<\/a> \u2014 Windows sertifika s\u0131zd\u0131rma g\u00fcvenlik a\u00e7\u0131\u011f\u0131,<\/li>\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2022-21839\" target=\"_blank\" rel=\"noopener nofollow\">CVE-2022-21839<\/a> \u2014 Windows olay izleme iste\u011fe ba\u011fl\u0131 eri\u015fim denetim listesi hizmet reddi g\u00fcvenlik a\u00e7\u0131\u011f\u0131,<\/li>\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2022-21919\" target=\"_blank\" rel=\"noopener nofollow\">CVE-2022-21919<\/a> \u2014 Windows kullan\u0131c\u0131 profili hizmetinde ayr\u0131cal\u0131k y\u00fckselmesi g\u00fcvenlik a\u00e7\u0131\u011f\u0131.<\/li>\n<\/ul>\n<p>Hen\u00fcz bu g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131 kullanan ger\u00e7ek sald\u0131r\u0131lar g\u00f6zlemlemedik. Bununla birlikte, kavram\u0131n kan\u0131tlar\u0131 zaten halka a\u00e7\u0131k, bu nedenle her an bu a\u00e7\u0131klar kullan\u0131lmaya ba\u015flayabilir.<\/p>\n<h2>Kendinizi koruman\u0131n yollar\u0131<\/h2>\n<p>\u0130lk olarak, i\u015fletim sisteminizi (ve Microsoft\u2019un di\u011fer programlar\u0131n\u0131) m\u00fcmk\u00fcn olan en k\u0131sa s\u00fcrede g\u00fcncellemeniz gerekiyor. Genel olarak, kritik yaz\u0131l\u0131mlara ait yamalar\u0131 y\u00fcklemeyi geciktirmemek ak\u0131ll\u0131ca olacakt\u0131r.<\/p>\n<p>\u0130kinci olarak da, internet\u2019e ba\u011fl\u0131 herhangi bir bilgisayar veya sunucuya, yaln\u0131zca bilinen g\u00fcvenlik a\u00e7\u0131klar\u0131ndan faydalan\u0131lmas\u0131n\u0131 engellemekle kalmay\u0131p, ayn\u0131 zamanda hen\u00fcz bilinmeyen a\u00e7\u0131klara ili\u015fkin sald\u0131r\u0131lar\u0131 tespit edebilen g\u00fcvenilir <a href=\"https:\/\/www.kaspersky.com.tr\/small-to-medium-business-security?icid=tr_kdailyplacehold_acq_ona_smm__onl_b2b_kasperskydaily_wpplaceholder_______\" target=\"_blank\" rel=\"noopener\">bir g\u00fcvenlik \u00e7\u00f6z\u00fcm\u00fc<\/a> y\u00fcklenmelidir.<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"kesb-trial-leadgen\">\n","protected":false},"excerpt":{"rendered":"<p>Microsoft, Windows 10 ve 11, Windows Server 2019 ve 2022, Exchange Server, Office ve Edge taray\u0131c\u0131s\u0131nda 100&#8217;den fazla g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131 d\u00fczeltiyor.<\/p>\n","protected":false},"author":2706,"featured_media":10459,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1726,1194,1727,1351],"tags":[2517,1970,2376,790,38,113],"class_list":{"0":"post-10458","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-enterprise","8":"category-business","9":"category-smb","10":"category-threats","11":"tag-0days","12":"tag-edge","13":"tag-exchange","14":"tag-guvenlik-aciklari","15":"tag-microsoft","16":"tag-windows"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/microsoft-patches-about-a-hundred-vulnerabilities\/10458\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/microsoft-patches-about-a-hundred-vulnerabilities\/23840\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/microsoft-patches-about-a-hundred-vulnerabilities\/19337\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/microsoft-patches-about-a-hundred-vulnerabilities\/9695\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/microsoft-patches-about-a-hundred-vulnerabilities\/26072\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/microsoft-patches-about-a-hundred-vulnerabilities\/24040\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/microsoft-patches-about-a-hundred-vulnerabilities\/23756\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/microsoft-patches-about-a-hundred-vulnerabilities\/26728\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/microsoft-patches-about-a-hundred-vulnerabilities\/26321\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/microsoft-patches-about-a-hundred-vulnerabilities\/32215\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/microsoft-patches-about-a-hundred-vulnerabilities\/43348\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/microsoft-patches-about-a-hundred-vulnerabilities\/18435\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/microsoft-patches-about-a-hundred-vulnerabilities\/18816\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/microsoft-patches-about-a-hundred-vulnerabilities\/15695\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/microsoft-patches-about-a-hundred-vulnerabilities\/27974\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/microsoft-patches-about-a-hundred-vulnerabilities\/32313\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/microsoft-patches-about-a-hundred-vulnerabilities\/28027\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/microsoft-patches-about-a-hundred-vulnerabilities\/24784\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/microsoft-patches-about-a-hundred-vulnerabilities\/30185\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/microsoft-patches-about-a-hundred-vulnerabilities\/29975\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/guvenlik-aciklari\/","name":"g\u00fcvenlik a\u00e7\u0131klar\u0131"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/10458","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/2706"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=10458"}],"version-history":[{"count":1,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/10458\/revisions"}],"predecessor-version":[{"id":10460,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/10458\/revisions\/10460"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/10459"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=10458"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=10458"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=10458"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}