Ara\u015ft\u0131rmac\u0131lar\u0131m\u0131z bulgular\u0131 ile ilgili Microsoft\u2019u bilgilendirdiklerinde, \u015firket ikinci g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131 (sistem hizmetinde) zaten bildi\u011fini ve hatta bu g\u00fcvenlik a\u00e7\u0131\u011f\u0131 i\u00e7in bir yama yay\u0131nlam\u0131\u015f olduklar\u0131n\u0131 s\u00f6yledi. Ancak Microsoft\u2019u ilk g\u00fcvenlik a\u00e7\u0131\u011f\u0131 ile ilgili bilgilendirene kadar (IE11\u2019de), Microsoft bu a\u00e7\u0131\u011f\u0131n olas\u0131 olmad\u0131\u011f\u0131n\u0131 d\u00fc\u015f\u00fcn\u00fcyordu.
\n![\"\"](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/91\/2020\/08\/24115734\/CVE-2020-1380_list.png\")
<\/p>\n
CVE-2020-1380 neden tehlikelidir?<\/h2>\n
\u0130lk g\u00fcvenlik a\u00e7\u0131\u011f\u0131, IE9\u2019dan bu yana t\u00fcm Internet Explorer s\u00fcr\u00fcmlerinin varsay\u0131lan olarak kulland\u0131\u011f\u0131 jscript9.dll kitapl\u0131\u011f\u0131ndad\u0131r. Ba\u015fka bir deyi\u015fle, bu g\u00fcvenlik a\u00e7\u0131\u011f\u0131ndan yararlan\u0131lmas\u0131 taray\u0131c\u0131n\u0131n modern s\u00fcr\u00fcmleri i\u00e7in tehlikelidir (Microsoft\u2019un Windows 10 ile birlikte Edge\u2019i piyasaya s\u00fcrmesinin ard\u0131ndan Internet Explorer\u2019\u0131 geli\u015ftirmeyi durdurdu\u011fu d\u00fc\u015f\u00fcn\u00fcld\u00fc\u011f\u00fcnde \u201cmodern\u201d kelimesi belki de \u00e7ok do\u011fru bir s\u0131fat de\u011fildir). Ancak, Edge ile birlikte Internet Explorer, h\u00e2l\u00e2 Windows\u2019un son s\u00fcr\u00fcm\u00fcnde varsay\u0131lan olarak y\u00fckl\u00fcd\u00fcr ve i\u015fletim sisteminin \u00f6nemli bir bile\u015feni olmaya devam etmektedir.<\/p>\n
Internet Explorer\u2019\u0131 isteyerek kullanmasan\u0131z ya da varsay\u0131lan taray\u0131c\u0131n\u0131z olmasa bile bu, sisteminizin bir Internet Explorer g\u00fcvenlik a\u00e7\u0131\u011f\u0131ndan etkilenemeyece\u011fi anlam\u0131na gelmez \u00e7\u00fcnk\u00fc baz\u0131 uygulamalar zaman zaman Internet Explorer kullan\u0131r. \u00d6rne\u011fin Microsoft Office\u2019i ele alal\u0131m: Microsoft Office, belgelerdeki video i\u00e7eri\u011fini g\u00f6r\u00fcnt\u00fclemek i\u00e7in Internet Explorer\u2019\u0131 kullan\u0131r. Siber su\u00e7lular da, di\u011fer g\u00fcvenlik a\u00e7\u0131klar\u0131 arac\u0131l\u0131\u011f\u0131yla Internet Explorer\u2019\u0131 kullanabilirler.<\/p>\n
CVE-2020-1380, Use-After-Free<\/a> s\u0131n\u0131f\u0131na aittir ve dinamik belle\u011fin yanl\u0131\u015f kullan\u0131m\u0131ndan yararlan\u0131r. Securelist internet sitesinde yer alan \u201cPowerFall Operasyonu\u2019nda kullan\u0131lan Internet Explorer 11 ve Windows s\u0131f\u0131r g\u00fcn g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131n tam zinciri<\/a>\u201d ba\u015fl\u0131kl\u0131 yaz\u0131da, g\u00fcvenlik ihlali g\u00f6stergeleriyle birlikte k\u00f6t\u00fcye kullan\u0131m\u0131n ayr\u0131nt\u0131l\u0131 teknik a\u00e7\u0131klamas\u0131n\u0131 okuyabilirsiniz.<\/p>\n Microsoft, 9 Haziran 2020\u2019de CVE-2020-0986<\/a> (Windows \u00e7ekirde\u011finde) i\u00e7in bir yama yay\u0131nlad\u0131. \u0130kinci g\u00fcvenlik a\u00e7\u0131\u011f\u0131 olan CVE-2020-1380, 11 A\u011fustos\u2019ta d\u00fczeltildi<\/a>. \u0130\u015fletim sistemlerinizi d\u00fczenli olarak g\u00fcncellerseniz PowerFall Operasyonu gibi sald\u0131r\u0131lara kar\u015f\u0131 sisteminiz zaten korunmu\u015f olmal\u0131d\u0131r.<\/p>\nNas\u0131l korunabilirsiniz?<\/h2>\n