TR-20-597 (Microsoft Ağustos 2020 Güvenlik Güncellemelerini Yayınladı)

Genel Bilgi

Microsoft, kümülatif güvenlik güncellemesini Ağustos ayı için yayınladı. Windows Masaüstü ve Suncular için Uzak Kod Çalıştırma, Hizmet Reddi, Bilgi İfşası ve XSS zafiyetleri onarmayı hedefleyen bu güncelleme bir çok Microsoft ürünlerini kapsıyor.

Etki

Mevcut güvenlik açıklıkları nedeniyle etkilenen sistemlerin siber saldırganlar tarafından kontrol altına alınması ihtimal dâhilindedir. Güncellemelerle ilgili bir çok CVE zafiyet kodları listelenmiştir CVE-2020-5902, CVE-2020-1380, CVE-2020-1464, CVE-2020-1509, CVE-2020-1585, CVE-2020-1472, CVE-2020-1337, CVE-2020-1048, CVE-2020-17479, CVE-2019-19507, CVE-2020-1476, CVE-2020-1046, CVE-2020-1597, CVE-2020-1567, CVE-2020-1591, CVE-2020-1569, CVE-2020-1568, CVE-2020-1562, CVE-2020-1577, CVE-2020-1561, CVE-2020-1510, CVE-2020-1529, CVE-2020-1473, CVE-2020-1558, CVE-2020-1557, CVE-2020-1564, CVE-2020-1483, CVE-2020-1504, CVE-2020-1503, CVE-2020-1495, CVE-2020-1494, CVE-2020-1493, CVE-2020-1496, CVE-2020-1502, CVE-2020-1498, CVE-2020-1497, CVE-2020-1581, CVE-2020-1563, CVE-2020-1582, CVE-2020-1583, CVE-2020-1505, CVE-2020-1573, CVE-2020-1499, CVE-2020-1500, CVE-2020-1580, CVE-2020-1501, CVE-2020-1570, CVE-2020-1555, CVE-2020-1492, CVE-2020-1485, CVE-2020-1587, CVE-2020-1551, CVE-2020-1484, CVE-2020-1489, CVE-2020-1584, CVE-2020-1486, CVE-2020-1488, CVE-2020-1490, CVE-2020-1515, CVE-2020-1513, CVE-2020-1553, CVE-2020-1552, CVE-2020-1566, CVE-2020-1579, CVE-2020-1512, CVE-2020-1511, CVE-2020-1480, CVE-2020-1542, CVE-2020-1543, CVE-2020-1540, CVE-2020-1541, CVE-2020-1544, CVE-2020-1547, CVE-2020-1519, CVE-2020-1545, CVE-2020-1546, CVE-2020-1539, CVE-2020-1528, CVE-2020-1530, CVE-2020-1526, CVE-2020-1527, CVE-2020-1534, CVE-2020-1537, CVE-2020-1520, CVE-2020-1535, CVE-2020-1536, CVE-2020-1470, CVE-2020-1459, CVE-2020-1538, CVE-2020-1475, CVE-2020-1467, CVE-2020-1550, CVE-2020-1517, CVE-2020-1518, CVE-2020-1516, CVE-2020-1549, CVE-2020-1383, CVE-2020-1574, CVE-2020-1560, CVE-2020-1455, CVE-2020-0604, CVE-2020-1521, CVE-2020-1522, CVE-2020-1524, CVE-2020-1474, CVE-2020-1578, CVE-2020-1417, CVE-2020-1479, CVE-2020-1379, CVE-2020-1554, CVE-2020-1339, CVE-2020-1525, CVE-2020-1487, CVE-2020-1478, CVE-2020-1477, CVE-2020-1466, CVE-2020-1377, CVE-2020-1378, CVE-2020-1565, CVE-2020-1531, CVE-2020-1571, CVE-2020-1548, CVE-2020-1556 ve CVE-2020-1533 .

Çözüm

Ulusal Siber Olaylara Müdahale Merkezi (USOM), kullanıcı ve sistem yöneticilerine; Microsoft'un Ağustos ayı güvenlik bildirim özetini incelemelerini ve gerekli güncellemeleri yapmalarını tavsiye etmektedir.

Kaynaklar

https://us-cert.cisa.gov/ncas/current-activity/2020/08/11/microsoft-addresses-rce-and-spoofing-vulnerabilities-under-active

https://isc.sans.edu/diary/rss/26452

https://support.microsoft.com/en-us/help/4557222/how-to-manage-the-changes-in-netlogon-secure-channel-connections-assoc

https://patchtuesdaydashboard.com

https://securityboulevard.com/2020/08/microsoft-patch-tuesday-august-2020-edition

https://us-cert.cisa.gov/ncas/current-activity/2020/08/11/microsoft-releases-august-2020-security-updates

2020-08-12