Microsoft Ürünleri Güvenlik Açığı Bülteni
- Chromium: CVE-2024-4060 Use after free in Dawn
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
- Chromium: CVE-2024-4059 Out of bounds read in V8 API
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
- Chromium: CVE-2024-4058 Type Confusion in ANGLE
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
- CVE-2024-26198 Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft is announcing the release of a new version of the Microsoft Exchange Server updates to address all known issues that were identified in the March 2024 Security Updates. Microsoft strongly recommends installing these new updates to address the vulnerability identified by CVE-2024-26198.
- CVE-2024-29991 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Information published.
- Chromium: CVE-2024-2883 Use after free in ANGLE
Removed the sentence regarding active attacks because Google was not aware of active attacks using this vulnerability. This is an informational change only.
- Chromium: CVE-2024-2886 Use after free in WebCodecs
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
- Chromium: CVE-2024-2885 Use after free in Dawn
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
- Chromium: CVE-2024-2883 Use after free in ANGLE
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. Google is aware that an exploit for CVE-2024-2883 exists in the wild.
- Chromium: CVE-2024-2887 Type Confusion in WebAssembly
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
- Chromium: CVE-2024-2628 Inappropriate implementation in Downloads
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
- Chromium: CVE-2024-2626 Out of bounds read in Swiftshader
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
- Chromium: CVE-2024-2627 Use after free in Canvas
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
- Chromium: CVE-2024-2629 Incorrect security UI in iOS
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
- CVE-2024-29057 Microsoft Edge (Chromium-based) Spoofing Vulnerability
Information published.
- CVE-2024-26247 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Information published.
- CVE-2024-28916 Xbox Gaming Services Elevation of Privilege Vulnerability
Information published.
- Chromium: CVE-2024-2631 Inappropriate implementation in iOS
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
- Chromium: CVE-2024-2630 Inappropriate implementation in iOS
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
- CVE-2024-29059 .NET Framework Information Disclosure Vulnerability
Information published. This CVE was addressed by updates that were released in January 2024, but the CVE was inadvertently omitted from the January 2024 Security Updates. This is an informational change only. Customers who have already installed the January 2024 updates do not need to take any further action.
- Chromium: CVE-2024-2625 Object lifecycle issue in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
- CVE-2024-21329 Azure Connected Machine Agent Elevation of Privilege Vulnerability
The security update 1.38 for Azure Connected Machine Agent is now available. See the Security Updates table for more information.
- CVE-2024-26246 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Updated CVE Tag. This is an informational change only.
- CVE-2024-26163 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
In the Security Updates table, added Microsoft Edge (Chromium-based) Extended Stable because this versions of Microsoft Edge (Chromium-based) is also affected by this vulnerability. Microsoft strongly recommends that customers running Microsoft Edge (Chromium-based) install the updates to be fully protected from the vulnerability.
- Chromium: CVE-2024-2400 Use after free in Performance Manager
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
- CVE-2024-26163 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Information published.
- CVE-2024-26167 Microsoft Edge for Android Spoofing Vulnerability
The security update 122.0.2365.92 for Edge for Android is now available. See the Security Updates table for more information.
- CVE-2024-26201 Microsoft Intune Linux Agent Elevation of Privilege Vulnerability
Updated the build numbers. This is an informational update only.
- CVE-2024-26246 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Information published.
- CVE-2024-26165 Visual Studio Code Elevation of Privilege Vulnerability
Information published.
- CVE-2024-26161 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
Information published.
- CVE-2024-21407 Windows Hyper-V Remote Code Execution Vulnerability
Information published.
- CVE-2024-26198 Microsoft Exchange Server Remote Code Execution Vulnerability
Information published.
- CVE-2024-26201 Microsoft Intune Linux Agent Elevation of Privilege Vulnerability
Information published.
- CVE-2024-21451 Microsoft ODBC Driver Remote Code Execution Vulnerability
Information published.
- CVE-2024-26159 Microsoft ODBC Driver Remote Code Execution Vulnerability
Information published.
- CVE-2024-21448 Microsoft Teams for Android Information Disclosure Vulnerability
Information published.
- CVE-2024-26162 Microsoft ODBC Driver Remote Code Execution Vulnerability
Information published.
- CVE-2024-21435 Windows OLE Remote Code Execution Vulnerability
Information published.
- CVE-2024-21437 Windows Graphics Component Elevation of Privilege Vulnerability
Information published.
- CVE-2024-21433 Windows Print Spooler Elevation of Privilege Vulnerability
Information published.
- CVE-2024-21431 Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability
Information published.
- CVE-2024-21419 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
Information published.
- CVE-2023-35372 Microsoft Office Visio Remote Code Execution Vulnerability
In the Security Updates table added Microsoft Visio 2016 (32-bit edition) and Microsoft Visio 2016 (64-bit edition) as these versions of Visio are also affected by the vulnerability. Microsoft strongly recommends that customers running any of these versions of Visio install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.
- CVE-2024-26169 Windows Error Reporting Service Elevation of Privilege Vulnerability
Information published.
- CVE-2024-21450 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
Information published.
- CVE-2024-26173 Windows Kernel Elevation of Privilege Vulnerability
Information published.
- CVE-2024-26197 Windows Standards-Based Storage Management Service Denial of Service Vulnerability
Information published.
- CVE-2024-26176 Windows Kernel Elevation of Privilege Vulnerability
Information published.
- CVE-2024-26190 Microsoft QUIC Denial of Service Vulnerability
Information published.
- CVE-2024-26178 Windows Kernel Elevation of Privilege Vulnerability
Information published.
- CVE-2024-26199 Microsoft Office Elevation of Privilege Vulnerability
Information published.
- CVE-2024-26182 Windows Kernel Elevation of Privilege Vulnerability
Information published.
- CVE-2024-26203 Azure Data Studio Elevation of Privilege Vulnerability
Information published.
- CVE-2023-28746 Intel: CVE-2023-28746 Register File Data Sampling (RFDS)
This CVE was assigned by Intel. Please see [CVE-2023-28746](https://www.cve.org/CVERecord?id=CVE-2023-28746) on CVE.org for more information.
- CVE-2024-26164 Microsoft Django Backend for SQL Server Remote Code Execution Vulnerability
Information published.
- CVE-2024-21390 Microsoft Authenticator Elevation of Privilege Vulnerability
Information published.
- CVE-2024-21334 Open Management Infrastructure (OMI) Remote Code Execution Vulnerability
Information published.
- ADV990001 Latest Servicing Stack Updates
Advisory updated to announce new versions of Servicing Stack Updates are available. Please see the FAQ for details.
- CVE-2024-21400 Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability
Information published.
- CVE-2024-20671 Microsoft Defender Security Feature Bypass Vulnerability
Information published.
- CVE-2024-21408 Windows Hyper-V Denial of Service Vulnerability
Information published.
- CVE-2024-21392 .NET and Visual Studio Denial of Service Vulnerability
Information published.
- CVE-2024-21427 Windows Kerberos Security Feature Bypass Vulnerability
Information published.
- CVE-2024-21411 Skype for Consumer Remote Code Execution Vulnerability
Information published.
- CVE-2024-21432 Windows Update Stack Elevation of Privilege Vulnerability
Information published.
- CVE-2024-21418 Software for Open Networking in the Cloud (SONiC) Elevation of Privilege Vulnerability
Information published.
- CVE-2024-21434 Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability
Information published.
- CVE-2024-21421 Azure SDK Spoofing Vulnerability
Information published.
- CVE-2024-21436 Windows Installer Elevation of Privilege Vulnerability
Information published.
- CVE-2024-21426 Microsoft SharePoint Server Remote Code Execution Vulnerability
Information published.
- CVE-2024-21440 Microsoft ODBC Driver Remote Code Execution Vulnerability
Information published.
- CVE-2024-21429 Windows USB Hub Driver Remote Code Execution Vulnerability
Information published.
- CVE-2024-26160 Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability
Information published.
- CVE-2024-21430 Windows USB Attached SCSI (UAS) Protocol Remote Code Execution Vulnerability
Information published.
- CVE-2024-26166 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
Information published.
- CVE-2024-21438 Microsoft AllJoyn API Denial of Service Vulnerability
Information published.
- CVE-2024-26170 Windows Composite Image File System (CimFS) Elevation of Privilege Vulnerability
Information published.
- CVE-2024-21439 Windows Telephony Server Elevation of Privilege Vulnerability
Information published.
- CVE-2024-26174 Windows Kernel Information Disclosure Vulnerability
Information published.
- CVE-2024-21441 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
Information published.
- CVE-2024-26177 Windows Kernel Information Disclosure Vulnerability
Information published.
- CVE-2024-21442 Windows USB Print Driver Elevation of Privilege Vulnerability
Information published.
- CVE-2024-26181 Windows Kernel Denial of Service Vulnerability
Information published.
- CVE-2024-21443 Windows Kernel Elevation of Privilege Vulnerability
Information published.
- CVE-2024-26185 Windows Compressed Folder Tampering Vulnerability
Information published.
- CVE-2024-21444 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
Information published.
- CVE-2024-26204 Outlook for Android Information Disclosure Vulnerability
Information published.
- CVE-2024-21445 Windows USB Print Driver Elevation of Privilege Vulnerability
Information published.
- CVE-2023-36866 Microsoft Office Visio Remote Code Execution Vulnerability
In the Security Updates table added Microsoft Visio 2016 (32-bit edition) and Microsoft Visio 2016 (64-bit edition) as these versions of Visio are also affected by the vulnerability. Microsoft strongly recommends that customers running any of these versions of Visio install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.
- CVE-2024-21446 NTFS Elevation of Privilege Vulnerability
Information published.
- CVE-2024-21330 Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability
Information published.
- CVE-2024-2176
CVE-2024-2176
- CVE-2024-2174
CVE-2024-2174
- CVE-2024-2173
CVE-2024-2173
- CVE-2024-26167 Microsoft Edge for Android Spoofing Vulnerability
Information published.
- CVE-2024-21378 Microsoft Outlook Remote Code Execution Vulnerability
Updated FAQs and updated the CVSS score. These are informational changes only.
- CVE-2024-21410 Microsoft Exchange Server Elevation of Privilege Vulnerability
Updated FAQ information. This is an informational change only.
- Chromium: CVE-2024-1939 Type Confusion in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
- Chromium: CVE-2024-1938 Type Confusion in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
- CVE-2024-26196 Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability
Information published.
- CVE-2024-21338 Windows Kernel Elevation of Privilege Vulnerability
Updated the Exploitability Index to 0 – Exploitation Detected and **Exploited** to Yes. This is an informational change only.
- CVE-2024-21626 GitHub: CVE-2024-21626 Container breakout through process.cwd trickery and leaked fds
Microsoft is announcing that the Azure Kubernetes Service security updates released on 31 January 2024 include runc updates, which addresses this vulnerability. Microsoft recommends that customers install the 31 January 2024 updates to ensure they have the most up-to-date version of Azure Kubernetes Service.
- Chromium: CVE-2024-1676 Inappropriate implementation in Navigation
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
- Chromium: CVE-2024-1675 Insufficient policy enforcement in Download
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
- Chromium: CVE-2024-1674 Inappropriate implementation in Navigation
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
- Chromium: CVE-2024-1673 Use after free in Accessibility
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
- Chromium: CVE-2024-1672 Inappropriate implementation in Content Security Policy
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
- Chromium: CVE-2024-1671 Inappropriate implementation in Site Isolation
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
- Chromium: CVE-2024-1670 Use after free in Mojo
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
- Chromium: CVE-2024-1669 Out of bounds memory access in Blink
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
- CVE-2024-21307 Remote Desktop Client Remote Code Execution Vulnerability
Added acknowledgements. This is an informational change only.
- CVE-2024-21423 Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
Information published.
- CVE-2024-26188 Microsoft Edge (Chromium-based) Spoofing Vulnerability
Information published.
- CVE-2024-26192 Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
Information published.
- CVE-2024-20677 Microsoft Office Remote Code Execution Vulnerability
Updated the Executive Summary with information that the ability to insert FBX files has also been disabled in 3D Viewer as of February 13, 2024. This is an informational change only.
- CVE-2024-21315 Microsoft Defender for Endpoint Protection Elevation of Privilege Vulnerability
Information published. This CVE was addressed by updates that were released in November 2023, but the CVE was inadvertently omitted from the November 2023 Security Updates. Microsoft strongly recommends that customers running affected versions of Microsoft Defender for Endpoint Protection install the November 2023 updates to be protected from this vulnerability.
- CVE-2023-36019 Microsoft Power Platform Connector Spoofing Vulnerability
Added clarifying information to the mitigation. This is an informational change only.
- CVE-2024-21329 Azure Connected Machine Agent Elevation of Privilege Vulnerability
In the Security Updates table, removed the Article and Download links because the update is not available for Azure Connected Machine Agent. Customers will be notified via a revision to this CVE information when the update becomes available.
- CVE-2024-21351 Windows SmartScreen Security Feature Bypass Vulnerability
Updated FAQ information. This is an informational change only.
- CVE-2024-21413 Microsoft Outlook Remote Code Execution Vulnerability
Updated the Exploited flag and Exploitability Assessment to indicate that Microsoft was aware of exploitation of this vulnerability. This is an informational change only.
- CVE-2024-21410 Microsoft Exchange Server Elevation of Privilege Vulnerability
Updated the Exploited flag and Exploitability Assessment to indicate that Microsoft was aware of exploitation of this vulnerability. This is an informational change only.
- CVE-2024-21413 Microsoft Outlook Remote Code Execution Vulnerability
Mistakenly updated exploited flag and exploitability assessment to indicate exploitation existed. Reverting values to no. This is an informational change only.
- CVE-2024-21357 Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
Updated one or more CVSS scores for the affected products and added an FAQ explaining the vector string settings. This is an informational change only.
- CVE-2024-21374 Microsoft Teams for Android Information Disclosure
Information published.
- CVE-2024-21365 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
Information published.
- CVE-2024-21359 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
Information published.
- CVE-2024-21348 Internet Connection Sharing (ICS) Denial of Service Vulnerability
Information published.
- CVE-2021-43890 Windows AppX Installer Spoofing Vulnerability
Updated FAQs and added clarifying information to the mitigation. This is an informational change only.
- CVE-2024-21410 Microsoft Exchange Server Elevation of Privilege Vulnerability
Information published.
- CVE-2024-20667 Azure DevOps Server Remote Code Execution Vulnerability
Information published.
- ADV990001 Latest Servicing Stack Updates
Advisory updated to announce new versions of Servicing Stack Updates are available. Please see the FAQ for details.
- CVE-2024-21380 Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability
Information published.
- CVE-2024-21397 Microsoft Azure File Sync Elevation of Privilege Vulnerability
Information published.
- CVE-2023-50387 MITRE: CVE-2023-50387 DNSSEC verification complexity can be exploited to exhaust CPU resources and stall DNS resolvers
Information published.
- CVE-2024-0057 NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability
To address a known issue with a broken link, corrected Download links in the Security Updates table. This is an informational change only.
- CVE-2024-21339 Windows USB Generic Parent Driver Remote Code Execution Vulnerability
Information published.
- CVE-2024-21327 Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability
Information published.
- CVE-2024-21344 Windows Network Address Translation (NAT) Denial of Service Vulnerability
Information published.
- CVE-2024-21342 Windows DNS Client Denial of Service Vulnerability
Information published.
- CVE-2024-21329 Azure Connected Machine Agent Elevation of Privilege Vulnerability
Information published.
- CVE-2024-21346 Win32k Elevation of Privilege Vulnerability
Information published.
- CVE-2024-21338 Windows Kernel Elevation of Privilege Vulnerability
Information published.
- CVE-2024-21355 Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability
Information published.
- CVE-2024-21340 Windows Kernel Information Disclosure Vulnerability
Information published.
- CVE-2024-21363 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
Information published.
- CVE-2024-21349 Microsoft ActiveX Data Objects Remote Code Execution Vulnerability
Information published.
- CVE-2024-21368 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
Information published.
- CVE-2024-21350 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
Information published.
- CVE-2024-21377 Windows DNS Information Disclosure Vulnerability
Information published.
- CVE-2024-21351 Windows SmartScreen Security Feature Bypass Vulnerability
Information published.
- CVE-2024-21391 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
Information published. This CVE was addressed by updates that were released in January 2024, but the CVE was inadvertently omitted from the January 2024 Security Updates. This is an informational change only. Customers who have already installed the January 2024 updates do not need to take any further action.
- CVE-2024-21352 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
Information published.
- CVE-2024-21405 Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability
Information published.
- CVE-2024-21354 Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability
Information published.
- CVE-2024-20677 Microsoft Office Remote Code Execution Vulnerability
In the Security Updates table, added 3D Viewer as it is affected by this vulnerability. In addition, added an FAQ to explain how customers can get the 3D Viewer update.
- CVE-2024-21357 Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
Information published.
- CVE-2023-36019 Microsoft Power Platform Connector Spoofing Vulnerability
Updated the mitigation to inform customers with existing OAuth 2.0 connectors that these connectors must be updated to use a per-connector redirect URI by March 29, 2024. After March 29, 2024, users will no longer be able to create connections to or use existing OAuth 2.0 custom connectors that have not been updated. For more information see https://learn.microsoft.com/en-us/connectors/custom-connectors/#21-oauth-20. This is an informational change only.
- CVE-2024-21358 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
Information published.
- CVE-2024-20695 Skype for Business Information Disclosure Vulnerability
Information published.
- CVE-2024-21360 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
Information published.
- CVE-2024-20684 Windows Hyper-V Denial of Service Vulnerability
Information published.
- CVE-2024-21361 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
Information published.
- CVE-2024-21341 Windows Kernel Remote Code Execution Vulnerability
Information published.
- CVE-2024-21366 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
Information published.
- CVE-2024-21343 Windows Network Address Translation (NAT) Denial of Service Vulnerability
Information published.
- CVE-2024-21369 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
Information published.
- CVE-2024-21345 Windows Kernel Elevation of Privilege Vulnerability
Information published.
- CVE-2024-21371 Windows Kernel Elevation of Privilege Vulnerability
Information published.
- CVE-2024-21347 Microsoft ODBC Driver Remote Code Execution Vulnerability
Information published.
- CVE-2024-21372 Windows OLE Remote Code Execution Vulnerability
Information published.
- CVE-2024-21353 Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability
Information published.
- CVE-2024-21375 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
Information published.
- CVE-2024-21356 Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
Information published.
- CVE-2024-21379 Microsoft Word Remote Code Execution Vulnerability
Information published.
Arif Akyüz
Bilgi Teknolojileri
Sistem Network Yöneticisi
ve Siber Güvenlik Uzmanı
[email protected]
- .bak sql dosyası açma ve import etme işlemi
- .NET Framework 3.5 yüklemesi başarısız oluyor
- 1. SİBER GÜVENLİK – HEDEF BELİRLEME
- 2. SİBER GÜVENLİK – BİLGİ TOPLAMA
- 2024 Resmi Tatiller
- 3. SİBER GÜVENLİK – TARAMA YAPMA
- 4. SİBER GÜVENLİK – YETKİ YÜKSELTME
- Açık Port Sorgulama CMD
- Active Directory – PDC Primary Active Directory Bulma Komutu
- Active Directory Computer Obje Silme Yetkisi
- Active Directory Güvenliği
- Active Directory Kullanıcı Oluşturma Yetkisi Verme
- Active Directory Silinmiş Nesneleri Kurtarma
- Active directory sunucularının saat ayarlarını dünya saatine göre senkronize etme
- Active Directory Unlock Account Permission
- Active Directory Zamana Dayalı Grup Üyeliği
- Active Directory’den BitLocker Kurtarma Parolası nasıl alınır
- AD üzerinde Kullanıcının Parolasını kim sıfırlamış
- Adobe Illustrator ile Vektörel Logo Nasıl Yapılır
- Adobe Illustrator Yazıyı Vektöre Çevirme
- ADS ile Google Reklam Verme
- Ağırlık ölçü birimleri
- Alfabe
- Alfanümerik Nedir?
- Amerika’da saat kaç?
- Anakart Modeli Nasıl Öğrenilir?
- Anydesk
- ARİF AKYÜZ – SİTE İÇERİĞİ
- ARP Nedir?
- Azure Active Directory
- Backup Policy
- Belirli Bir Süre Sonra Silinen Süreli Mail Gönderme
- Bilgisayar Model Bilgisi Değiştirme Windows
- Bilgisayara uygulanan Group policy görme komutu CMD
- Bilgisayara uygulanan Windows Updatelerin Listesini Çekme
- Bir Monitörün Karbon Ayak İzi
- Bitlocker Gpedit İle Devreye Alma İşlemi
- BitLocker ile USB Disk Şifreleme ve Yönetimi
- Biyometrik Fotoğraf Nedir?
- Bot nedir?
- Bu bilgisayar windows 11’i çalıştıramaz hatası çözümü
- C# XML Dosyası Veri Çekme, Ekleme, Silme, Güncelleme İşlemleri
- Çalışıyorum iş teklifi aldım nasıl bir cevap vermeliyim
- CDN Nedir?
- Centos 7 IP Değiştirme
- Centos Komutları
- Centos Kullanıcı Silme Komutu
- Centos NFS Disk Mount Etme
- Centos VMware Tools kurulumu
- CGNAT Nedir?
- ChatGPT Nedir? Nasıl Kullanılır? Arif Akyüz
- Christmas Lights
- Chrome Tarayıcı Geçmişi Silme
- Cisco Router Yapılandırma
- Cisco switch de açık ve kapalı portları görme
- Cisco Switch Kurulumu
- Cisco Switch Model Öğrenme Komutu
- Cisco Switch Port Açma ve Port Kapatma
- Cisco Switch Üzerinde ki Kullanıcıların Listesini çekme, Kullanıcı Oluşturma ve Kullanıcı Parolası Sıfırlama
- Cisco WLC AP Işıkları Yakma
- Cisco WLC IOS XE HTTP HTTPS Arayüzü Kapatma
- CMD ile Ağdaki Bilgisayarların Hostname Bilgisini Öğrenme
- CMD ile Bilgisayara Yüklü Uygulamaların Listesini Çekme
- CMD ile Bilgisayarı Kapatma
- CMD ile Bilgisayarı Yeniden Başlatma
- CMD ile dış IP öğrenme
- CMD ile Domaine Alma
- CMD ile Dosya Silme Komutu
- CMD ile Dosya ve Klasör arama
- CMD ile Dosya veya Klasör adı Değiştirme
- CMD ile Format Atma ve Diskpart ile Format Atma
- CMD ile Klasör Oluşturma
- CMD ile Klasör Silme
- CMD ile kullanıcı oluşturma
- CMD ile kullanıcı şifresi değiştirme
- CMD ile kullanıcı silme
- CMD ile Notebook’un Seri Numarasını Öğrenme
- CMD ile Time Zone Değiştirme Komutu
- CMD ile toplu ping atma
- CMD ile Uzak Bilgisayarı Kapatma
- CMD ile Web Sitesi Açma
- CMD komutları
- Çocuklar için Çarpım Tablosu
- Command to Learn Cisco Switch Serial Number With Putty and CLI
- Computer Management CMD Command
- Computer SID Öğrenme
- Copilot Nedir
- Cryptolocker Extension List
- CryptoLog – Cryptosim
- CSS icon Paket
- CSS ile div Gizleme İşlemi
- Deleting User Profile Files with Powershell
- DHCP Fail-over on Windows Server 2019
- Dijital Dönüşüm Nedir
- Dikkat çekici YouTube reklamları oluşturma rehberiniz
- Disable RDP Clipboard Group Policy
- Diskpart
- DNS Önbelleği Temizleme
- Domain Admin Grubu Üyelerinin Listesi Çekme
- Domain Functional Level Upgrade
- Dosya İzinleri Sembolleri
- Doviz Çeviri
- Download VMware Tools
- DryTek Syslog Utility
- Duvar Kağıtları
- E-Ticaret Sitesi Nasıl Kurulur
- Edge Explorer Mode
- Edge Tarayıcı Geçmişi Silme
- En büyük 10 siber saldırı
- En çok kullanılan portlar
- En iyi Online Siber Güvenlik Araçları – Arif Akyüz
- Endpoint Central – FortiClient VPN Dağıtımı
- Endpoint Central – FortiClient VPN Un install
- EternalBlue nedir?
- Etkili Geri Bildirim
- Event ID – 6272 Network Policy Server Granted Access To A User
- Excel de Rastgele Sayı Üretme
- Excel de sütunları alt alta birleştirme
- Excel Filtrelenmiş Hücrelere Yapıştırma
- Excel klasör içindeki dosyaları listeleme
- Exchange CU bilgisi Öğrenme komutu
- Exchange versiyon bilgisi öğrenme komutu
- Exchange: Bypass Malware Filtering
- Facebook Pixel Kodu Nedir Nasıl Alınır
- Fake Hacker Screen
- Flash Diski Normal Diske Çevirme
- Formatlanan disk üzerinden veri kurtarma
- Forti Firewall – Forti Manager ile log izleme
- Forti Firewall Gelişmiş Filtreleme
- Forti Firewall IP verme
- Forti Firewall log kontrolü
- Forti Firewall tarih ve saat aralığına göre log izleme
- Forti Gate v7.4.1 KVM Kurulumu ve İncelemesi
- Forti IP verme
- FortiClient EMS Nedir
- FortiGate CLI ile Model Numarası Öğrenme
- FortiGate FortiOS 7.0 kurulumu
- Fortigate Yedek Alma
- FreeFileSync – Dosya eşitleme Programı
- Gelişim
- Gerçek Zamanlı Siber Tehdit Haritası
- Gizlilik politikası
- Google ADS dönüşüm izleme
- Google Bard ile Tanışın
- Google Chrome Allow cookies on These sites
- Google Chrome Allow JavaScipt on These sites
- Google Chrome Allow pop-ups on These sites
- Google Chrome Maskelenmiş Şifreleri Görüntüleme
- Google Chrome şifreleri içe aktarma
- Google DNS
- Google Gmail Uygulama şifresi oluşturma
- Google Reklam Verme
- Google Tag Manager Kurulumu Türkçe Anlatım
- Google Tag Manager Tıklama Takibi
- GPO – SMB signing not required
- GPO ile domain admin hesaplarının RDP yapmasını engelleme
- GPO ile Yalnızca Uzak masaüstü’nü Ağ Düzeyinde Kimlik Doğrulama ile çalıştıran bilgisayarlardan yapılan bağlantılara izin ver
- GRC Nedir?
- Group Policy ile OneDrive Ayarlarını Yönetme
- Güvenilir ve hızlı DNS Server Listesi
- Güvenli olmayan TLS Versiyonlarını kapatma
- Güvenlik Açığı Bilgi Bankası 07 Ağustos 2023 – 13 Ağustos 2023
- Hesap devamlı kilitleniyor
- hiberfil.sys nedir? hiberfil.sys Nasıl Silinir?
- Hız testi
- Hollanda’da saat kaç?
- Hong Kong’da saat kaç?
- How to configure Kaspersky VPN on pfSense using OpenVPN
- How to configure Proton VPN on pfSense using OpenVPN
- How to Create Trusted Self-Signed SSL Certificates and Local Domains for Testing
- HPE StoreOnce Systems
- HTML Dosyasına CSS Ekleme
- HTML Dosyasına JavaScript Bağlama
- HTML Satır Aralığı
- Html Sayfalarında Satır Atlama ve Alt Satıra Geçme
- HTTP/1.1 ve HTTP/2: Fark Nedir?
- Hyper-V Sanal Makinesinin Kısayolu Nasıl Oluşturulur
- İç Network Saldırıları
- IE Prevent running First Run Wizard
- IIS Üzerinden CSR Kodu Nasıl Oluşturulur
- indir
- İngilizce Ölçü Birimlerini Okunuşu
- İngilizce Paranın Okunuşu
- İngilizce Sayılar ve Türkçe Okunuşları
- İngilizce Tanışma Soruları ve Cevapları
- İngilizce Yılların Okunuşu
- İngilizce Yüzdeli Sayıların Okunuşu
- INSTAGRAM REKLAM EĞİTİMİ
- Instagram Reklam Hesabı Kapatıldı
- Instagram Reklam Hesabım Kapatıldı Nasıl Açabilirim?
- Internet Explorer Devre Dışı Bırakma
- IP ile MAC adresi Öğrenme
- IPv6 Nedir?
- IPv6 Proxy
- IPv6 URL olarak nasıl yazılır
- İş teklifi alıyorum nasıl bir cevap vermeliyim
- ISP’lerin IP Blokları Firewall Kurallarınız İçin
- ISP’lerin Kullandığı IP Bloklarını Sorgulama
- İstanbul’da saat kaç?
- IT Denetim Maddeleri
- Kali Linux Crackmapexec Smb
- Kali Linux Hostname Değiştirme Komutu
- Kali Linux ile Güvenlik Açığı Tespit Etme
- Kali Linux Kurulumu
- Kali Linux NMAP Açık Port Sorgulama
- Kali Linux Özel Komutlar
- Kali Linux Program Kaldırma
- Kali Linux Python 3 Kurulumu ve HTTP Servisini Etkinleştirme
- Kali Linux Root Şifre Sıfırlama
- Kali Linux SNMPWALK
- Kali Linux SSH Portunu Aktif Etme
- Kali Linux Türkçe Yapma Kodu
- Kali Linux Update Komutu
- Kali Linux VMware tools kurulumu
- Kali Linux’a Apache Web Sunucusu Kurma
- Kali Linux’a NGINX Web Sunucusu Kurma
- Kali Root Şifresini Sıfırlama
- Kaspersky Security Center Sürüm Geçmişi
- Kendimi Nasıl Geliştirebilirim
- Komut İstemi kullanarak Windows Server Windows Update
- Kronometre
- Kullanıcı hesabının sürekli kilitlenmesi
- LAPS Komutları
- LAPS Kurulumu ve Yapılandırma
- Laptop bataryası dolduğunda ekranda bildirim çıkması
- Let’s Encrypt®FileZilla Server ile Nasıl Yapılandırılır
- Link-Local Multicast Name Resolution (LLMNR) enabled
- Linux için Log4j taraması
- Linux Ubuntu Apache de bir den fazla Web Sitesi Yayınlama
- Linux’ ta Process Yönetimi
- Linux’ta Dizin Yapısı
- Linux’ta Dosya İzinleri
- Linux’ta Kritik Dosyalar
- Linux’ta Paket Yönetimi
- Linux’ta Dosya komutları
- Linux’ta Kullanıcı yönetimi
- Lokasyon Yedekliliği
- Londra’da saat kaç?
- MAC Adresi Değiştirme
- Mağaza VLAN IP Genişletme
- Makaleler
- Mbps to kbps Converter
- Meditasyon Müzikleri
- Microsoft Edge Kaldırma
- Microsoft Edge Update Gif Video
- Microsoft Endpoint Manager
- Microsoft Entra Nedir?
- Microsoft Intune EDR import Server
- Microsoft Purview eDiscovery
- Microsoft Security Compliance Toolkit 1.0
- Microsoft Volume Licensing Service Center – 365
- Mozilla Firefox’u Active Directory GPO ile kaldırma
- msfconsole update
- MSFvenom ile Daha Güvenli Kod Elde Etme
- MSI ve EXE Dosyaları İçin Gözetimsiz Kurulum Parametreleri – Unattended Installation Parameters for MSI and EXE Files
- Multi Bootable USB Hazırlama
- NBTSTAT NEDİR
- NMAP Komutları
- Normal Kullanıcı ile Açılmış CMD üzerinden Yönetici olarak CMD Penceresine geçme
- Office 365 aktarım parametresi
- Office 365 Message Trace
- Office 365 Raporlama Paneli
- Office 365 Yönetim Paneli
- OneDrive Sürüm Geçmişi
- OneDrive Yüksek Ram Kullanımı
- Online Hesap Makinesi
- Online Kamera Test
- Online PDF Birleştirme
- Opencart Google Ads dönüşüm izleme kodu ekleme ( snippet ekleme )
- Opencart sosyal medya icon paketi
- Oracle Linux SSH Port Restart
- Oracle Linux SSH Services Status
- Oracle Linux Update Komutu
- Outlook ileri tarihli mail gönderme
- Outlook Mail Geri Çekme
- Password Expiration Date AD User
- Password Policy
- PDF Şifreleme ve PDF dosyasını şifreleme
- PfSense Güvenlik Duvarında IPSec VPN Nasıl Yapılandırılır
- Pfsense Güvenlik Duvarınızı Koruma: Let’s Encrypt ile Ücretsiz SSL Sertifikası Kurulumu
- pfSense HA Yapılandırması
- PfSENSE ile Network Trafiği İzleme
- pfSense OpenVPN Kurulumu
- PfSense URL Filter – URL Block
- PfSense’te GUI erişimi için 2FA nasıl yapılandırılır
- phpmyadmin Upload size değiştirme
- Ping IPv6
- PowerShell ile Active Directory de Kullanıcı Bilgileri Güncelleme
- PowerShell ile Active Directory de Kullanıcı Oluşturma
- PowerShell ile Active Directory de Toplu Kullanıcı Oluşturma
- PowerShell ile Active Directory Kurulumu Windows 10 ve Windows 11 için
- Powershell ile domain deki cihazların local admin hesaplarını çekme
- PowerShell ile Hostname ve İşletim sisitemi bilgilerini çekme
- PowerShell ile Script Yazma
- Powershell ile Uzaktaki Bilgisayarlara Dosya Gönderme
- PowerShell Komutları
- PowerShell Komutu ile User Profile Dosyasını Silme
- PowerShell Nasıl Kullanılır
- Programsız CPU Sıcaklığını Görme
- PX to PT Converter
- Qualys Client Agent Manual Synchronization
- Qualys komutları – Arif Akyüz
- Qualys Kullanıcıların Açık Olduğu Cihazları Bulma
- Qualys Nedir? Nasıl Kurulur?
- Random MAC adresi Oluşturma
- Random password generator
- Ransomware Simulasyonu Nedir?
- Rastgele Şifre Oluşturucu
- RDP – Set time limit for disconnected sessions (30 minute)
- RDP Event Viewer ID
- RDP Network Level Authentication
- RDP Port Değiştirme
- Resmi Yazıya Dönüştürme Resmi Worde Dönüştürme
- rsync nedir nasıl çalışır komutları nelerdir?
- RVTools
- Sağ Tık Menüsüne Program Ekleme
- Sağlam Kurtarma Bölümü Silme
- Samsung tablet rom atma
- Samsung telefon rom atma
- SCP ile Linux Makinadan Dosya Alma
- Seçtiğiniz parolanın güvenli olduğuna emin olun!
- Server 2025 İndirme ve İnceleme
- Server odası Kontrol Listesi
- SharePoint site oluşturma
- Siber Farkındalık Mesajları
- Siber Güvenlik – Uzaktan Kamera Açma ve Konsol Elde Etme
- Siber Güvenlik – Websitesi Zafiyet Keşfi
- Siber Güvenlik Bülteni
- Siber Güvenlik Sertifikaları
- Siber Haberler
- SID ID Öğrenme
- Şifreli mail gönderme
- Sistem Güvenliği Nasıl Sağlanır?
- Sızma Testi nedir? Zafiyet taraması nedir?
- SM; FTP, SMB2, SMB3 (şifrelenmiş), AFP, NFS ve WebDAV
- SMB Signing Disabled
- SMB Signing Disabled or SMB Signing Not Required Solution
- SNMP V3 ve SNMPWALK V3 Kullanımı
- Snow Java Script Efect
- Snow-test
- Sosyal Mühendislik Atakları – Social Engineering
- Split Tunnel Nedir? Full Tunnel Nedir?
- SQL Injection Attack
- SQL Server 2019 kurulumu
- SSDP ne için kullanılır?
- Stelaer Saldırılarına Karşı Nasıl Güvende Olurum
- Sunucular için Sürdürülebilirlik
- Switch komutları
- Synology ds1515+ NAS Disk Kurulum
- Task Scheduler ile Dosya ve Klasör silme PowerShell ile Dosya ve Klasör silme
- Terminal Sunucularda tüm kullanıcılar için aynı proxy adresi tanımlama
- This device is joined to azure ad
- Time zones – Windows Time zones
- TÜM MAKALELER
- Ubuntu 22.04 LAMP Kurulumu
- Ubuntu 22.04 Mysql Kullanıcı Silme Mysql Database Silme Mysql Kullanıcı Listeleme Mysql Database Listeleme
- Ubuntu 22.04 Program Kaldırma
- Ubuntu 22.04 üzerine ownCloud Kurulumu
- Ubuntu 22.04’e Samba kurmak ve yapılandırmak
- Ubuntu Disk Genişletme (Disk Extend)
- Ubuntu dosya kopyalama komutu
- Ubuntu Kurulu Olan PHP Versiyonlarını Görme ve Değiştirme
- Ubuntu ManageEngine Endpoint Central Agent Installation.
- Ubuntu ManageEngine Endpoint Central Agent Removal.
- Ubuntu Masaüstüne Kısayol Oluşturma
- Ubuntu php8.1 Kaldırma Komutu
- Ubuntu Server Change IP Adress
- Ubuntu SSH Portunu açma
- Ubuntu Terminal Klavyeden Zoom Yapma Kısayolu
- Ubuntu Update ve Upgrade Komutu
- Ubuntu VMware Tools kurulumu
- Ubuntu’da Root Hesabı ile Oturum Açma
- Ubuntu’da Root Şifrenizi Değiştirme
- Uninstall Kaspersky Agent
- URL Filter Listesi
- USB Disk Engelleme Programsız
- USB İşletim Sistemi
- User SID Öğrenme
- Uzunluk ölçü birimleri
- vCenter Kullanıcı Yetkilendirme
- vCenter Kurulumu
- Viritual Box Sanal Makineler için Ağ Ayarları
- Virtual IPs nedir?
- Virtualized Intel VT-X/EPT is not supported on this platform Sorununun Çözümü
- Virüslerle Yeniden Tanışın Siber Farkındalık
- VM Backup Restore İşlemi
- Vmware Workstation Encryption Kırma
- VMware Workstation Network Ayarları ve Anlamları
- VMWare Workstation Sanal Makinaları Otomatik Olarak Başlatın
- WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!
- We couldn’t update the system reserved partition – Server 2012 Upgrade to 2019
- What’s my IP
- Whatsapp sipariş butonu ekleme
- Whoami komutları
- Windows 10 Şifre Kırma Programsız
- Windows 10 Startup Folder
- Windows 10 sürüm geçmişi
- Windows 10 ve Windows 11 için PIN ile Oturum Açma
- Windows 11 – RSAT Active Directory, DHCP, DNS ve Bitlocker Yönetim Toolarının Kurulumu
- Windows 11 Görev Çubuğuna Masaüstü Klasörünü ekleme
- Windows 11 Startup Folder
- Windows 11 tema görünüm özelleştirme
- Windows 2016 Startup Folder
- Windows Boot Ekranındaki İsmi Değiştirme
- Windows da standart bir kullanıcının bir uygulamayı yönetici olarak çalıştırmasına izin verme
- Windows da uygulamanın hangi portu kullandığını bulma
- Windows için Log4j Taraması
- Windows SMB Version 1 (SMBv1) Detected
- Windows Terminal ile SSH Yapma
- Windows Üzerinde Port Yönlendirme
- Windows üzerine MacOS kurulumu VMware
- Windows’da İlgili Dosyaya Sadece Yazma Yetkisi Verme Taşıma ve Kopyalama Engelleme
- Windows’ta WireGuard Sunucusunu Kurun ve Yapılandırın
- Woocommerce Alışverişe kapatma
- WooCommerce Belirli Kategorilerde Fiyat Gizleme
- Woocommerce Bir kategoriyi Sepet Sayfasında Zorunlu Kılma
- WooCommerce Fiyat Gizleme
- WooCommerce Minimum ve Maximum Adet
- WooCommerce Seçenekli Ürünlerde En Düşük Fiyatı Gösterme
- Woocommerce sepete ekle düğmesinin üzerindeki ADET alanını gizleme
- WooCommerce SEPETE EKLE yazısı değiştirme
- Woocommerce ürün fiyatlarının yanına yazı yazma
- WooCommerce ürün sayfasında ürün açıklaması kaldırma
- Word Belgesine Şifre Koyma
- Word Belgesinin Korumasını Kaldırma
- Word İçindekiler tablosu oluşturma
- WordPress Arama butonu kaldırma gizleme
- WordPress Google Ads dönüşüm izleme kodu ekleme
- WordPress Whatsapp butonu ekleme
- Yapay Zeka Platformları
- Yönetim Konsollarım
- Zombi Video Wallpaper