{"id":9814,"date":"2021-07-09T14:45:52","date_gmt":"2021-07-09T11:45:52","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=9814"},"modified":"2022-05-05T14:25:18","modified_gmt":"2022-05-05T11:25:18","slug":"printnightmare-vulnerability","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/printnightmare-vulnerability\/9814\/","title":{"rendered":"PrintNightmare: Windows Yazd\u0131rma Biriktiricisi g\u00fcvenlik a\u00e7\u0131\u011f\u0131"},"content":{"rendered":"<p>G\u00fcvenlik ara\u015ft\u0131rmac\u0131lar\u0131, PrintNightmare ad\u0131n\u0131 verdikleri Windows Yazd\u0131rma Biriktiricisi hizmetindeki bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131 Haziran ay\u0131n\u0131n sonuna dek aktif olarak de\u011ferlendirdiler. Sal\u0131 g\u00fcn\u00fc yay\u0131nlanan Haziran ay\u0131 yamas\u0131yla, g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131n kapat\u0131lmas\u0131 gerekiyordu ve a\u00e7\u0131k ger\u00e7ekten de kapand\u0131; ancak ger\u00e7ekte sorun iki g\u00fcvenlik a\u00e7\u0131\u011f\u0131na neden oluyordu. Yama, <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2021-1675\" target=\"_blank\" rel=\"noopener nofollow\">CVE-2021-1675<\/a> no.lu a\u00e7\u0131\u011f\u0131 kapatt\u0131 ancak <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2021-34527\" target=\"_blank\" rel=\"noopener nofollow\">CVE-2021-34527<\/a>\u2018yi kapatmad\u0131. Windows Yazd\u0131rma Biriktiricisi\u2019nin varsay\u0131lan olarak t\u00fcm Windows i\u015fletim sistemlerinde etkinle\u015ftirilmi\u015f olmas\u0131 nedeniyle s\u00f6z konusu a\u00e7\u0131k, k\u00f6t\u00fc niyetli ki\u015filer taraf\u0131ndan yama uygulanmam\u0131\u015f Windows tabanl\u0131 bilgisayarlar\u0131n veya sunucular\u0131n kontrol\u00fcn\u00fc ele ge\u00e7irmek i\u00e7in kullan\u0131labilir.<\/p>\n<p>Microsoft, PrintNightmare ad\u0131n\u0131 yaln\u0131zca CVE-2021-34527 i\u00e7in kullan\u0131rken di\u011ferleri hem CVE-2021-34527 hem de CVE-2021-1675 g\u00fcvenlik a\u00e7\u0131\u011f\u0131 i\u00e7in kullan\u0131yor.<\/p>\n<p>Uzmanlar\u0131m\u0131z, her iki g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131 da ayr\u0131nt\u0131l\u0131 olarak inceledi ve <a href=\"https:\/\/www.kaspersky.com\/enterprise-security\/wiki-section\/products\/exploit-prevention\" target=\"_blank\" rel=\"noopener nofollow\">a\u00e7\u0131klardan yararlan\u0131lmas\u0131n\u0131 \u00f6nleme teknolojisi<\/a> ve <a href=\"https:\/\/www.kaspersky.com\/enterprise-security\/wiki-section\/products\/behavior-based-protection\" target=\"_blank\" rel=\"noopener nofollow\">davran\u0131\u015fa dayal\u0131 korumas\u0131na<\/a> sahip <a href=\"https:\/\/www.kaspersky.com.tr\/small-to-medium-business-security?icid=tr_kdailyplacehold_acq_ona_smm__onl_b2b_kasperskydaily_wpplaceholder_______\" target=\"_blank\" rel=\"noopener\">Kaspersky g\u00fcvenlik \u00e7\u00f6z\u00fcmlerinin<\/a>, bu g\u00fcvenlik a\u00e7\u0131klar\u0131ndan yararlanma giri\u015fimlerini engelledi\u011finden emin oldu.<\/p>\n<h2>Peki PrintNightmare neden bu kadar tehlikeli?<\/h2>\n<p>PrintNightmare\u2019in son derece tehlikeli olarak kabul edilmesinin iki temel nedeni var. Birincisi, Windows Yazd\u0131rma Biriktiricisinin, domain denetleme ve sistem y\u00f6neticisi ayr\u0131cal\u0131klar\u0131na sahip bilgisayarlar da dahil olmak \u00fczere t\u00fcm Windows tabanl\u0131 sistemlerde varsay\u0131lan olarak etkinle\u015ftirilmi\u015f olmas\u0131; t\u00fcm bu bilgisayarlar\u0131 savunmas\u0131z hale getiriyor.<\/p>\n<p>\u0130kincisi ise, ara\u015ft\u0131rma ekipleri aras\u0131ndaki bir yanl\u0131\u015f anlama (ve belki de basit bir hata), PrintNightmare\u2019in, <a href=\"https:\/\/encyclopedia.kaspersky.com\/glossary\/poc-proof-of-concept\/\" target=\"_blank\" rel=\"noopener\">teorik de\u011fil ayn\u0131 zamanda uygulanabilir<\/a> (Kavram Kan\u0131t\u0131 \u2013 PoC) bir a\u00e7\u0131k oldu\u011funun <a href=\"https:\/\/therecord.media\/poc-released-for-dangerous-windows-printnightmare-bug\/\" target=\"_blank\" rel=\"noopener nofollow\">internette payla\u015f\u0131lmas\u0131na<\/a> neden oldu. S\u00f6z konusu ara\u015ft\u0131rmac\u0131lar, Microsoft\u2019un Haziran ay\u0131nda yay\u0131nlad\u0131\u011f\u0131 yaman\u0131n sorunu \u00e7\u00f6zd\u00fc\u011f\u00fcnden olduk\u00e7a emindi, bu y\u00fczden \u00e7al\u0131\u015fmalar\u0131n\u0131 uzman toplulukla payla\u015ft\u0131lar. Ancak, g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131n neden oldu\u011fu tehlike devam ediyordu. PoC\u2019nin h\u0131zla internetten kald\u0131r\u0131lsa da halihaz\u0131rda bir\u00e7ok ki\u015fi taraf\u0131ndan kopyalanm\u0131\u015f olmas\u0131 nedeniyle Kaspersky uzmanlar\u0131, PrintNightmare g\u00fcvenlik a\u00e7\u0131\u011f\u0131ndan yararlanma giri\u015fimlerinde bir art\u0131\u015f \u00f6ng\u00f6r\u00fcyor.<\/p>\n<h2>G\u00fcvenlik a\u00e7\u0131klar\u0131 ve bunlardan faydalan\u0131lmas\u0131<\/h2>\n<p><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2021-1675\" target=\"_blank\" rel=\"noopener nofollow\">CVE-2021-1675<\/a>, bir <a href=\"https:\/\/encyclopedia.kaspersky.com\/glossary\/privilege-escalation\/\" target=\"_blank\" rel=\"noopener\">ayr\u0131cal\u0131k y\u00fckselmesi<\/a> g\u00fcvenlik a\u00e7\u0131\u011f\u0131d\u0131r. Bu a\u00e7\u0131k, d\u00fc\u015f\u00fck seviye eri\u015fim ayr\u0131cal\u0131klar\u0131na sahip bir sald\u0131rgan\u0131n, bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131 kullanmak ve daha y\u00fcksek ayr\u0131cal\u0131klar elde etmek i\u00e7in k\u00f6t\u00fc ama\u00e7l\u0131 bir DLL dosyas\u0131 olu\u015fturmas\u0131na ve kullanmas\u0131n\u0131 sa\u011flar. Ancak bu, yaln\u0131zca sald\u0131rgan\u0131n s\u00f6z konusu g\u00fcvenlik a\u00e7\u0131\u011f\u0131na sahip bilgisayara do\u011frudan eri\u015fimi s\u00f6z konusuysa m\u00fcmk\u00fcnd\u00fcr. Microsoft, bu g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131 g\u00f6rece d\u00fc\u015f\u00fck riskli olarak de\u011ferlendiriyor.<\/p>\n<p><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2021-34527\" target=\"_blank\" rel=\"noopener nofollow\">CVE-2021-34527<\/a> ise b\u00fcy\u00fck \u00f6l\u00e7\u00fcde daha tehlikelidir: CVE-2021-1675 ile benzer olmas\u0131na ra\u011fmen, <a href=\"https:\/\/encyclopedia.kaspersky.com\/glossary\/remote-code-execution-rce\/\" target=\"_blank\" rel=\"noopener\">uzaktan kod y\u00fcr\u00fctme<\/a> (remote code execution \u2013 RCE) g\u00fcvenlik a\u00e7\u0131\u011f\u0131d\u0131r, yani uzaktan DLL enjeksiyonu yap\u0131labilmesini sa\u011flar. Microsoft taraf\u0131ndan bu g\u00fcvenlik a\u00e7\u0131klar\u0131ndan yararlan\u0131ld\u0131\u011f\u0131 zaten biliniyordu. Hem g\u00fcvenlik a\u00e7\u0131klar\u0131na hem de bunlardan yararlanma tekniklerine ili\u015fkin daha ayr\u0131nt\u0131l\u0131 teknik bilgi <a href=\"https:\/\/securelist.com\/quick-look-at-cve-2021-1675-cve-2021-34527-aka-printnightmare\/103123\/\" target=\"_blank\" rel=\"noopener\">Securelist\u2019te yer al\u0131yor<\/a>.<\/p>\n<p>PrintNightmare\u2019in, k\u00f6t\u00fc niyetli ki\u015filer taraf\u0131ndan kurumsal altyap\u0131daki verilere eri\u015fmek i\u00e7in kullanabilmesi ayn\u0131 zamanda s\u00f6z konusu g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131n fidye yaz\u0131l\u0131m\u0131 sald\u0131r\u0131lar\u0131 i\u00e7in de kullanabilmesini sa\u011fl\u0131yor.<\/p>\n<h2>Altyap\u0131n\u0131z\u0131 PrintNightmare\u2019e kar\u015f\u0131 nas\u0131l korursunuz?<\/h2>\n<p>PrintNightmare sald\u0131r\u0131lar\u0131na kar\u015f\u0131 korunmak i\u00e7in ataca\u011f\u0131n\u0131z ilk ad\u0131m, Microsoft taraf\u0131ndan yay\u0131nlanan, <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2021-1675\" target=\"_blank\" rel=\"noopener nofollow\">Haziran<\/a> ve <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2021-34527\" target=\"_blank\" rel=\"noopener nofollow\">Temmuz<\/a> aylar\u0131na ait her iki yamay\u0131 da y\u00fcklemek olmal\u0131d\u0131r. Bundan sonraki ad\u0131mlar, yamalar\u0131 kullanamaman\u0131z ihtimaline kar\u015f\u0131 Microsoft taraf\u0131ndan sunulan baz\u0131 ge\u00e7ici \u00e7\u00f6z\u00fcmlerdir ve bu \u00e7\u00f6z\u00fcmlerden biri Windows Yazd\u0131rma Biriktiricisi\u2019nin devre d\u0131\u015f\u0131 b\u0131rak\u0131lmas\u0131n\u0131 bile gerektirmez.<\/p>\n<p>Bununla birlikte, bu hizmetin kullan\u0131lmas\u0131na gerek olmayan bilgisayarlarda <a href=\"https:\/\/docs.microsoft.com\/en-us\/defender-for-identity\/cas-isp-print-spooler\" target=\"_blank\" rel=\"noopener nofollow\">Windows Yazd\u0131rma Biriktiricisi\u2019nin devre d\u0131\u015f\u0131 b\u0131rak\u0131lmas\u0131n\u0131<\/a> \u00f6neriyoruz. \u00d6zellikle, domain denetleme sunucular\u0131nda yazd\u0131rma \u00f6zelli\u011fine genellikle ihtiya\u00e7 duyulmaz.<\/p>\n<p>Ayr\u0131ca t\u00fcm sunucularda ve bilgisayarlarda, PrintNightmare da dahil olmak \u00fczere bilinen ve bilinmeyen t\u00fcm g\u00fcvenlik a\u00e7\u0131klar\u0131ndan yararlanma giri\u015fimlerini \u00f6nleyen <a href=\"https:\/\/www.kaspersky.com.tr\/small-to-medium-business-security?icid=tr_kdailyplacehold_acq_ona_smm__onl_b2b_kasperskydaily_wpplaceholder_______\" target=\"_blank\" rel=\"noopener\">g\u00fcvenilir u\u00e7 nokta g\u00fcvenlik \u00e7\u00f6z\u00fcmleri<\/a> kullan\u0131lmas\u0131 gerekir.<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"kesb-trial-leadgen\">\n","protected":false},"excerpt":{"rendered":"<p>Windows Yazd\u0131rma Biriktiricisi hizmetinde tespit edilen CVE-2021-1675 ve CVE-2021-34527 no.lu g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131 kapatmak i\u00e7in bir an \u00f6nce t\u00fcm Windows i\u015fletim sistemlerini g\u00fcncelleyin.<\/p>\n","protected":false},"author":2706,"featured_media":9815,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1726,1194,1727],"tags":[1886,790,2157,113],"class_list":{"0":"post-9814","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-enterprise","8":"category-business","9":"category-smb","10":"tag-guncellemeler","11":"tag-guvenlik-aciklari","12":"tag-sifir-gun","13":"tag-windows"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/printnightmare-vulnerability\/9814\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/printnightmare-vulnerability\/23044\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/printnightmare-vulnerability\/18526\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/printnightmare-vulnerability\/9266\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/printnightmare-vulnerability\/24996\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/printnightmare-vulnerability\/23004\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/printnightmare-vulnerability\/22297\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/printnightmare-vulnerability\/25616\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/printnightmare-vulnerability\/25086\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/printnightmare-vulnerability\/31025\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/printnightmare-vulnerability\/40520\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/printnightmare-vulnerability\/17307\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/printnightmare-vulnerability\/17782\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/printnightmare-vulnerability\/15021\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/printnightmare-vulnerability\/27047\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/printnightmare-vulnerability\/31190\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/printnightmare-vulnerability\/27276\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/printnightmare-vulnerability\/24088\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/printnightmare-vulnerability\/29420\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/printnightmare-vulnerability\/29212\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/guvenlik-aciklari\/","name":"g\u00fcvenlik a\u00e7\u0131klar\u0131"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/9814","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/2706"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=9814"}],"version-history":[{"count":1,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/9814\/revisions"}],"predecessor-version":[{"id":9816,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/9814\/revisions\/9816"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/9815"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=9814"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=9814"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=9814"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}