{"id":5870,"date":"2019-04-16T13:56:37","date_gmt":"2019-04-16T10:56:37","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=5870"},"modified":"2019-11-15T14:30:10","modified_gmt":"2019-11-15T11:30:10","slug":"cve-2019-0859-detected","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/cve-2019-0859-detected\/5870\/","title":{"rendered":"CVE-2019-0859: Windows&#8217;ta bir s\u0131f\u0131r g\u00fcn sistem a\u00e7\u0131\u011f\u0131"},"content":{"rendered":"<p>Mart ba\u015f\u0131nda, proaktif g\u00fcvenlik teknolojilerimiz Microsoft Windows\u2019taki bir sistem a\u00e7\u0131\u011f\u0131n\u0131 istismar etmeye y\u00f6nelik bir hamle tespit etti. Bu analizde, daha \u00f6nce zaten d\u00f6rt kez benzer sistem a\u00e7\u0131klar\u0131 bulunmu\u015f olan eski dostumuz win32k.sys\u2019de bir s\u0131f\u0131r g\u00fcn sistem a\u00e7\u0131\u011f\u0131 ortaya \u00e7\u0131kar\u0131ld\u0131. Bu sorunu bir geli\u015ftiriciye bildirdik ve bu sistem a\u00e7\u0131\u011f\u0131 10 Nisan tarihinde piyasaya s\u00fcr\u00fclen bir <a href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2019-0859\" target=\"_blank\" rel=\"noopener nofollow\">yama<\/a> ile onar\u0131ld\u0131.<\/p>\n<h2>Neyle u\u011fra\u015f\u0131yoruz?<\/h2>\n<p>CVE-2019-0859 diyalog pencereleriyle, daha do\u011frusu bunlar\u0131n ilave tarzlar\u0131yla ilgili bir sistem fonksiyonundaki bir Use-After-Free sistem a\u00e7\u0131\u011f\u0131d\u0131r. Kullan\u0131mda oldu\u011fu tespit edilen istismar modeli Windows 7\u2019den itibaren Windows 10\u2019un son yap\u0131mlar\u0131na kadar OS\u2019nin 64-bit s\u00fcr\u00fcmlerini hedef al\u0131yordu. Bu sistem a\u00e7\u0131\u011f\u0131 istismar edildi\u011finde k\u00f6t\u00fcc\u00fc yaz\u0131l\u0131m sald\u0131rganlar\u0131n yazd\u0131\u011f\u0131 bir komut dosyas\u0131n\u0131 indirerek y\u00fcr\u00fctmeye ba\u015fl\u0131yor ve sonunda da i\u015f vir\u00fcs bula\u015fan PC\u2019nin tamamen kontrolden \u00e7\u0131kmas\u0131na kadar varabiliyor.<\/p>\n<p>Ya da, en az\u0131ndan, hala tan\u0131mlanamam\u0131\u015f olan APT grubu bunu b\u00f6yle kullanmaya \u00e7al\u0131\u015ft\u0131. Bu a\u00e7\u0131ktan yararlanarak Windows PowerShell ile olu\u015fturulan bir gizli kap\u0131y\u0131 kurmak i\u00e7in gereken imtiyaz\u0131 elde ettiler. Teoride, bu durum siber su\u00e7lular\u0131n kendilerini gizlemesini sa\u011flamal\u0131yd\u0131. Silah bu gizli kap\u0131dan dolduruldu ve b\u00f6ylece de siber su\u00e7lular vir\u00fcs bula\u015fan bilgisayar\u0131n tamam\u0131na eri\u015fim sa\u011flayabildiler. Bu istismar\u0131n nas\u0131l \u00e7al\u0131\u015ft\u0131\u011f\u0131na dair detaylar i\u00e7in <a href=\"https:\/\/securelist.com\/new-win32k-zero-day-cve-2019-0859\/90435\/\" target=\"_blank\" rel=\"noopener\">Securelist<\/a>\u2018e bak\u0131n.<\/p>\n<h2>Kendinizi nas\u0131l koruyabilirsiniz?<\/h2>\n<p>A\u015fa\u011f\u0131daki korunma metotlar\u0131n\u0131n tamam\u0131 daha \u00f6nce birka\u00e7 kez listelendi ve bunlara \u00f6zellikle eklenecek yeni bir \u015fey yok.<\/p>\n<ul>\n<li>\u00d6ncelikle, <a href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2019-0859\" target=\"_blank\" rel=\"noopener nofollow\">Microsoft\u2019un g\u00fcncellemesini<\/a> y\u00fckleyerek sistem a\u00e7\u0131\u011f\u0131n\u0131 kapat\u0131n.<\/li>\n<li>\u0130\u015fletim sistemleri ba\u015fta olmak \u00fczere firman\u0131zda kullan\u0131lan b\u00fct\u00fcn yaz\u0131l\u0131mlar\u0131n\u0131 d\u00fczenli olarak en son s\u00fcr\u00fcmlerine g\u00fcncelleyin.<\/li>\n<li>Hen\u00fcz bilinmeyen tehditleri bile tespit edebilen davran\u0131\u015fsal analiz teknolojilerine sahip g\u00fcvenlik \u00e7\u00f6z\u00fcmlerini kullan\u0131n.<\/li>\n<\/ul>\n<p>CVE-2019-0859 sistem a\u00e7\u0131\u011f\u0131n\u0131n istismar\u0131 ba\u015flang\u0131\u00e7ta <a href=\"https:\/\/kas.pr\/kdkesbtr\" target=\"_blank\" rel=\"noopener\">Kaspersky Endpoint Security for Business<\/a> \u00e7\u00f6z\u00fcm\u00fcm\u00fcz\u00fcn bir par\u00e7as\u0131 olan Davran\u0131\u015fsal Tespit Motoru ve Otomatik \u0130stismar \u00d6nleme teknolojileri ile belirlenmi\u015fti.<\/p>\n<p>Y\u00f6neticilerinizin veya bilgi g\u00fcvenli\u011fi ekibinizin Microsoft s\u0131f\u0131r g\u00fcn tehditlerini tespit etmede kullan\u0131lan metotlar\u0131 daha iyi kavramas\u0131 gerekiyorsa, <a href=\"https:\/\/www.brighttalk.com\/webcast\/15591\/348704?utm_source=kdaily&amp;utm_medium=blog&amp;utm_campaign=tr_webinar_mh0090_organic&amp;utm_content=sm-post&amp;utm_term=tr_kdaily_organic_mh0090_sm-post_blog_webinar\" target=\"_blank\" rel=\"noopener nofollow\">\u00dc\u00e7 ayda \u00fc\u00e7 Windows Zero Day<\/a> webinar\u0131m\u0131z\u0131 \u00f6neririz.<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"kesb-trial-leadgen\">\n","protected":false},"excerpt":{"rendered":"<p>Mart ba\u015f\u0131nda, proaktif g\u00fcvenlik teknolojilerimiz Microsoft Windows&#8217;taki bir sistem a\u00e7\u0131\u011f\u0131n\u0131 istismar etmeye y\u00f6nelik bir hamle tespit etti. Bu analizde, daha \u00f6nce zaten d\u00f6rt kez benzer sistem a\u00e7\u0131klar\u0131 bulunmu\u015f olan eski dostumuz win32k.sys&#8217;de bir s\u0131f\u0131r g\u00fcn sistem a\u00e7\u0131\u011f\u0131 ortaya \u00e7\u0131kar\u0131ld\u0131.<\/p>\n","protected":false},"author":2506,"featured_media":5871,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1194,1727],"tags":[493,1737,877],"class_list":{"0":"post-5870","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-smb","9":"tag-apt","10":"tag-cve","11":"tag-sistem-aciklari"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/cve-2019-0859-detected\/5870\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/cve-2019-0859-detected\/15614\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/cve-2019-0859-detected\/13157\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/cve-2019-0859-detected\/17533\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/cve-2019-0859-detected\/15681\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/cve-2019-0859-detected\/14382\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/cve-2019-0859-detected\/18262\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/cve-2019-0859-detected\/17179\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/cve-2019-0859-detected\/22620\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/cve-2019-0859-detected\/26451\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/cve-2019-0859-detected\/11606\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/cve-2019-0859-detected\/11640\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/cve-2019-0859-detected\/10604\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/cve-2019-0859-detected\/19034\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/cve-2019-0859-detected\/23073\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/cve-2019-0859-detected\/18271\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/cve-2019-0859-detected\/22464\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/cve-2019-0859-detected\/22401\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/sistem-aciklari\/","name":"sistem a\u00e7\u0131klar\u0131"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/5870","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/2506"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=5870"}],"version-history":[{"count":2,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/5870\/revisions"}],"predecessor-version":[{"id":6804,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/5870\/revisions\/6804"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/5871"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=5870"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=5870"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=5870"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}