В марте 2023-го Microsoft устранила 83 уязвимости, две из которых

В марте 2023-го Microsoft устранила 83 уязвимости, две из которых — 0-day

Екатерина Быстрова 15 Марта 2023 - 08:52

Домашние пользователи

Уязвимость нулевого дня

Патчи

...

В марте 2023-го Microsoft устранила 83 уязвимости, две из которых — 0-day

Вчера был второй по счёту вторник марта, а значит, Microsoft подготовила очередной набор патчей. В общей сложности разработчики устранили 83 уязвимости, две из которых активно эксплуатируются в реальных кибератаках.

Девять брешей из набора получили статус критических, с их помощью атакующие могут выполнить код удалённо, вызвать отказ в обслуживании (DoS) и повысить свои права в системе. Баги распределились по категориям следующим образом:

21 дыра, способная привести к повышению привилегий;
2 бага обхода защитных механизмов;
27 уязвимостей удалённого выполнения кода;
15 проблем раскрытия информации;
4 DoS-бреши;
10 проблем спуфинга;
1 дыра в Edge.

Что касается уязвимостей нулевого дня (0-day), Microsoft устранила две особо опасных проблемы:

CVE-2023-23397 — повышение привилегий в Microsoft Outlook. Злоумышленники эксплуатируют её с помощью специально подготовленных электронных писем. Устройство жертвы принудительно подключается к удалённому URL и передаёт туда хеш Net-NTLMv2 Windows-аккаунта.
CVE-2023-24880 — обход защитной функции Windows SmartScreen. Атакующие готовят специальный вредоносный файл, который помогает им обойти Mark of tde Web (MOTW). Соответствующий эксплойт помогает распространять вредоносные программы.

Полный список уязвимостей, устранённых в этом месяце: выглядит так:

Затронутый компонент	CVE-идентификатор	Название CVE	Уровень опасности
Azure	CVE-2023-23408	Azure Apache Ambari Spoofing Vulnerability	Высокая
Client Server Run-time Subsystem (CSRSS)	CVE-2023-23409	Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability	Высокая
Client Server Run-time Subsystem (CSRSS)	CVE-2023-23394	Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability	Высокая
Internet Control Message Protocol (ICMP)	CVE-2023-23415	Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability	Критическая
Mariner	CVE-2023-0567	Неизвестно	Неизвестно
Mariner	CVE-2023-20052	Неизвестно	Неизвестно
Mariner	CVE-2023-20032	Неизвестно	Неизвестно
Microsoft Bluetootd Driver	CVE-2023-23388	Windows Bluetootd Driver Elevation of Privilege Vulnerability	Высокая
Microsoft Dynamics	CVE-2023-24920	Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability	Высокая
Microsoft Dynamics	CVE-2023-24879	Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability	Высокая
Microsoft Dynamics	CVE-2023-24919	Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability	Высокая
Microsoft Dynamics	CVE-2023-24891	Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability	Высокая
Microsoft Dynamics	CVE-2023-24922	Microsoft Dynamics 365 Information Disclosure Vulnerability	Высокая
Microsoft Dynamics	CVE-2023-24921	Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability	Высокая
Microsoft Edge (Chromium-based)	CVE-2023-1236	Chromium: CVE-2023-1236 Inappropriate implementation in Internals	Неизвестно
Microsoft Edge (Chromium-based)	CVE-2023-1235	Chromium: CVE-2023-1235 Type Confusion in DevTools	Неизвестно
Microsoft Edge (Chromium-based)	CVE-2023-1213	Chromium: CVE-2023-1213 Use after free in Swiftshader	Неизвестно
Microsoft Edge (Chromium-based)	CVE-2023-24892	Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability	Высокая
Microsoft Edge (Chromium-based)	CVE-2023-1234	Chromium: CVE-2023-1234 Inappropriate implementation in Intents	Неизвестно
Microsoft Edge (Chromium-based)	CVE-2023-1223	Chromium: CVE-2023-1223 Insufficient policy enforcement in Autofill	Неизвестно
Microsoft Edge (Chromium-based)	CVE-2023-1222	Chromium: CVE-2023-1222 Heap buffer overflow in Web Audio API	Неизвестно
Microsoft Edge (Chromium-based)	CVE-2023-1221	Chromium: CVE-2023-1221 Insufficient policy enforcement in Extensions API	Неизвестно
Microsoft Edge (Chromium-based)	CVE-2023-1229	Chromium: CVE-2023-1229 Inappropriate implementation in Permission prompts	Неизвестно
Microsoft Edge (Chromium-based)	CVE-2023-1228	Chromium: CVE-2023-1228 Insufficient policy enforcement in Intents	Неизвестно
Microsoft Edge (Chromium-based)	CVE-2023-1224	Chromium: CVE-2023-1224 Insufficient policy enforcement in Web Payments API	Неизвестно
Microsoft Edge (Chromium-based)	CVE-2023-1220	Chromium: CVE-2023-1220 Heap buffer overflow in UMA	Неизвестно
Microsoft Edge (Chromium-based)	CVE-2023-1216	Chromium: CVE-2023-1216 Use after free in DevTools	Неизвестно
Microsoft Edge (Chromium-based)	CVE-2023-1215	Chromium: CVE-2023-1215 Type Confusion in CSS	Неизвестно
Microsoft Edge (Chromium-based)	CVE-2023-1214	Chromium: CVE-2023-1214 Type Confusion in V8	Неизвестно
Microsoft Edge (Chromium-based)	CVE-2023-1219	Chromium: CVE-2023-1219 Heap buffer overflow in Metrics	Неизвестно
Microsoft Edge (Chromium-based)	CVE-2023-1218	Chromium: CVE-2023-1218 Use after free in WebRTC	Неизвестно
Microsoft Edge (Chromium-based)	CVE-2023-1217	Chromium: CVE-2023-1217 Stack buffer overflow in Crash reporting	Неизвестно
Microsoft Edge (Chromium-based)	CVE-2023-1230	Chromium: CVE-2023-1230 Inappropriate implementation in WebApp Installs	Неизвестно
Microsoft Edge (Chromium-based)	CVE-2023-1232	Chromium: CVE-2023-1232 Insufficient policy enforcement in Resource Timing	Неизвестно
Microsoft Edge (Chromium-based)	CVE-2023-1233	Chromium: CVE-2023-1233 Insufficient policy enforcement in Resource Timing	Неизвестно
Microsoft Edge (Chromium-based)	CVE-2023-1231	Chromium: CVE-2023-1231 Inappropriate implementation in Autofill	Неизвестно
Microsoft Graphics Component	CVE-2023-24910	Windows Graphics Component Elevation of Privilege Vulnerability	Высокая
Microsoft Office Excel	CVE-2023-23398	Microsoft Excel Spoofing Vulnerability	Высокая
Microsoft Office Excel	CVE-2023-23396	Microsoft Excel Denial of Service Vulnerability	Высокая
Microsoft Office Excel	CVE-2023-23399	Microsoft Excel Remote Code Execution Vulnerability	Высокая
Microsoft Office Outlook	CVE-2023-23397	Microsoft Outlook Elevation of Privilege Vulnerability	Критическая
Microsoft Office SharePoint	CVE-2023-23395	Microsoft SharePoint Server Spoofing Vulnerability	Высокая
Microsoft OneDrive	CVE-2023-24890	Microsoft OneDrive for iOS Security Feature Bypass Vulnerability	Высокая
Microsoft OneDrive	CVE-2023-24930	Microsoft OneDrive for MacOS Elevation of Privilege Vulnerability	Высокая
Microsoft OneDrive	CVE-2023-24882	Microsoft OneDrive for Android Information Disclosure Vulnerability	Высокая
Microsoft OneDrive	CVE-2023-24923	Microsoft OneDrive for Android Information Disclosure Vulnerability	Высокая
Microsoft PostScript Printer Driver	CVE-2023-24907	Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability	Высокая
Microsoft PostScript Printer Driver	CVE-2023-24857	Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability	Высокая
Microsoft PostScript Printer Driver	CVE-2023-24868	Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability	Высокая
Microsoft PostScript Printer Driver	CVE-2023-24872	Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability	Высокая
Microsoft PostScript Printer Driver	CVE-2023-24876	Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability	Высокая
Microsoft PostScript Printer Driver	CVE-2023-24913	Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability	Высокая
Microsoft PostScript Printer Driver	CVE-2023-24864	Microsoft PostScript and PCL6 Class Printer Driver Elevation of Privilege Vulnerability	Высокая
Microsoft PostScript Printer Driver	CVE-2023-24866	Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability	Высокая
Microsoft PostScript Printer Driver	CVE-2023-24906	Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability	Высокая
Microsoft PostScript Printer Driver	CVE-2023-24867	Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability	Высокая
Microsoft PostScript Printer Driver	CVE-2023-24863	Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability	Высокая
Microsoft PostScript Printer Driver	CVE-2023-24858	Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability	Высокая
Microsoft PostScript Printer Driver	CVE-2023-24911	Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability	Высокая
Microsoft PostScript Printer Driver	CVE-2023-24870	Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability	Высокая
Microsoft PostScript Printer Driver	CVE-2023-24909	Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability	Высокая
Microsoft PostScript Printer Driver	CVE-2023-23406	Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability	Высокая
Microsoft PostScript Printer Driver	CVE-2023-23413	Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability	Высокая
Microsoft PostScript Printer Driver	CVE-2023-24856	Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability	Высокая
Microsoft Printer Drivers	CVE-2023-24865	Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability	Высокая
Microsoft Printer Drivers	CVE-2023-23403	Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability	Высокая
Microsoft Windows Codecs Library	CVE-2023-23401	Windows Media Remote Code Execution Vulnerability	Высокая
Microsoft Windows Codecs Library	CVE-2023-23402	Windows Media Remote Code Execution Vulnerability	Высокая
Office for Android	CVE-2023-23391	Office for Android Spoofing Vulnerability	Высокая
Remote Access Service Point-to-Point Tunneling Protocol	CVE-2023-23404	Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability	Критическая
Role: DNS Server	CVE-2023-23400	Windows DNS Server Remote Code Execution Vulnerability	Высокая
Role: Windows Hyper-V	CVE-2023-23411	Windows Hyper-V Denial of Service Vulnerability	Критическая
Service Fabric	CVE-2023-23383	Service Fabric Explorer Spoofing Vulnerability	Высокая
Visual Studio	CVE-2023-23618	Gitdub: CVE-2023-23618 Git for Windows Remote Code Execution Vulnerability	Высокая
Visual Studio	CVE-2023-22743	Gitdub: CVE-2023-22743 Git for Windows Installer Elevation of Privilege Vulnerability	Высокая
Visual Studio	CVE-2023-23946	Gitdub: CVE-2023-23946 mingit Remote Code Execution Vulnerability	Высокая
Visual Studio	CVE-2023-22490	Gitdub: CVE-2023-22490 mingit Information Disclosure Vulnerability	Высокая
Windows Accounts Control	CVE-2023-23412	Windows Accounts Picture Elevation of Privilege Vulnerability	Высокая
Windows Bluetootd Service	CVE-2023-24871	Windows Bluetootd Service Remote Code Execution Vulnerability	Высокая
Windows Central Resource Manager	CVE-2023-23393	Windows BrokerInfrastructure Service Elevation of Privilege Vulnerability	Высокая
Windows Cryptographic Services	CVE-2023-23416	Windows Cryptographic Services Remote Code Execution Vulnerability	Критическая
Windows Defender	CVE-2023-23389	Microsoft Defender Elevation of Privilege Vulnerability	Высокая
Windows HTTP Protocol Stack	CVE-2023-23392	HTTP Protocol Stack Remote Code Execution Vulnerability	Критическая
Windows HTTP.sys	CVE-2023-23410	Windows HTTP.sys Elevation of Privilege Vulnerability	Высокая
Windows Internet Key Exchange (IKE) Protocol	CVE-2023-24859	Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability	Высокая
Windows Kernel	CVE-2023-23420	Windows Kernel Elevation of Privilege Vulnerability	Высокая
Windows Kernel	CVE-2023-23422	Windows Kernel Elevation of Privilege Vulnerability	Высокая
Windows Kernel	CVE-2023-23421	Windows Kernel Elevation of Privilege Vulnerability	Высокая
Windows Kernel	CVE-2023-23423	Windows Kernel Elevation of Privilege Vulnerability	Высокая
Windows Partition Management Driver	CVE-2023-23417	Windows Partition Management Driver Elevation of Privilege Vulnerability	Высокая
Windows Point-to-Point Protocol over Etdernet (PPPoE)	CVE-2023-23407	Windows Point-to-Point Protocol over Etdernet (PPPoE) Remote Code Execution Vulnerability	Высокая
Windows Point-to-Point Protocol over Etdernet (PPPoE)	CVE-2023-23385	Windows Point-to-Point Protocol over Etdernet (PPPoE) Elevation of Privilege Vulnerability	Высокая
Windows Point-to-Point Protocol over Etdernet (PPPoE)	CVE-2023-23414	Windows Point-to-Point Protocol over Etdernet (PPPoE) Remote Code Execution Vulnerability	Высокая
Windows Remote Procedure Call	CVE-2023-21708	Remote Procedure Call Runtime Remote Code Execution Vulnerability	Критическая
Windows Remote Procedure Call Runtime	CVE-2023-23405	Remote Procedure Call Runtime Remote Code Execution Vulnerability	Высокая
Windows Remote Procedure Call Runtime	CVE-2023-24869	Remote Procedure Call Runtime Remote Code Execution Vulnerability	Высокая
Windows Remote Procedure Call Runtime	CVE-2023-24908	Remote Procedure Call Runtime Remote Code Execution Vulnerability	Высокая
Windows Resilient File System (ReFS)	CVE-2023-23419	Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability	Высокая
Windows Resilient File System (ReFS)	CVE-2023-23418	Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability	Высокая
Windows Secure Channel	CVE-2023-24862	Windows Secure Channel Denial of Service Vulnerability	Высокая
Windows SmartScreen	CVE-2023-24880	Windows SmartScreen Security Feature Bypass Vulnerability	Средняя
Windows TPM	CVE-2023-1017	CERT/CC: CVE-2023-1017 TPM2.0 Module Library Elevation of Privilege Vulnerability	Критическая
Windows TPM	CVE-2023-1018	CERT/CC: CVE-2023-1018 TPM2.0 Module Library Elevation of Privilege Vulnerability	Критическая
Windows Win32K	CVE-2023-24861	Windows Graphics Component Elevation of Privilege Vulnerability	Высокая

Следующая главная новость »

Подписывайтесь на канал "AM Live" в Telegram, чтобы первыми узнавать о главных событиях и предстоящих мероприятиях по информационной безопасности.

Екатерина Быстрова 15 Января 2025 - 09:30

Windows Уязвимости программ Домашние пользователи Корпорации Microsoft

Microsoft начала год с устранения 159 уязвимостей, из которых 8 — 0-day

Первый набор патчей от Microsoft в 2025 году принёс заплатки в общей сложности для 159 дыр, среди которых нашлись восемь уязвимостей нулевого дня. Критических проблем в этот закрыли целых 12 штук.

Наиболее опасные бреши способны привести к раскрытию информации, повышению привилегий и удалённому выполнению кода.

По категориям уязвимости в этот раз распределились так:

40 багов повышения привилегий;
14 возможностей обхода защитной функциональности;
58 проблем удалённого выполнения кода;
24 бага раскрытия информации;
20 —DoS;
5 возможностей спуфинга.

Три устранённые уязвимости активно используются злоумышленниками в реальных кибератаках: CVE-2025-21333, CVE-2025-21334, CVE-2025-21335. Они затрагивают Windows Hyper-V и позволяют повысить права в системе.

Ещё для пяти дыр есть общедоступные эксплойты:

CVE-2025-21275 — затрагивает инсталлятор Windows App Package и допускает повышения привилегий.
CVE-2025-21308 — проблема спуфинга в Windows Themes. Эксплуатируется с помощью вывода специально созданного файла темы в Проводнике Windows. Пользователя придётся обманом заставить скачать такой файл.
CVE-2025-21186, CVE-2025-21366, CVE-2025-21395 — возможность удалённого выполнения кода в Microsoft Access. Для эксплуатации достаточно заставить пользователя открыть специально созданные документы Microsoft Access. Интересно, что эти бреши выявила платформа Unpatched.ai, активно использующая искусственный интеллект.

Таблицу со всеми пропатченными дырами приводим ниже:

Затронутый компонент	Идентификатор CVE	Наименование CVE	Степень риска
.NET	CVE-2025-21171	.NET Remote Code Execution Vulnerability	Важная
.NET	CVE-2025-21173	.NET Elevation of Privilege Vulnerability	Важная
.NET and Visual Studio	CVE-2025-21172	.NET and Visual Studio Remote Code Execution Vulnerability	Важная
.NET, .NET Framework, Visual Studio	CVE-2025-21176	.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability	Важная
Active Directory Domain Services	CVE-2025-21293	Active Directory Domain Services Elevation of Privilege Vulnerability	Важная
Active Directory Federation Services	CVE-2025-21193	Active Directory Federation Server Spoofing Vulnerability	Важная
Azure Marketplace SaaS Resources	CVE-2025-21380	Azure Marketplace SaaS Resources Information Disclosure Vulnerability	Критическая
BranchCache	CVE-2025-21296	BranchCache Remote Code Execution Vulnerability	Критическая
Internet Explorer	CVE-2025-21326	Internet Explorer Remote Code Execution Vulnerability	Важная
IP Helper	CVE-2025-21231	IP Helper Denial of Service Vulnerability	Важная
Line Printer Daemon Service (LPD)	CVE-2025-21224	Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability	Важная
Microsoft AutoUpdate (MAU)	CVE-2025-21360	Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability	Важная
Microsoft Azure Gateway Manager	CVE-2025-21403	On-Premises Data Gateway Information Disclosure Vulnerability	Важная
Microsoft Brokering File System	CVE-2025-21315	Microsoft Brokering File System Elevation of Privilege Vulnerability	Важная
Microsoft Brokering File System	CVE-2025-21372	Microsoft Brokering File System Elevation of Privilege Vulnerability	Важная
Microsoft Digest Authentication	CVE-2025-21294	Microsoft Digest Authentication Remote Code Execution Vulnerability	Критическая
Microsoft Graphics Component	CVE-2025-21382	Windows Graphics Component Elevation of Privilege Vulnerability	Важная
Microsoft Office	CVE-2025-21346	Microsoft Office Security Feature Bypass Vulnerability	Важная
Microsoft Office	CVE-2025-21365	Microsoft Office Remote Code Execution Vulnerability	Важная
Microsoft Office Access	CVE-2025-21186	Microsoft Access Remote Code Execution Vulnerability	Важная
Microsoft Office Access	CVE-2025-21366	Microsoft Access Remote Code Execution Vulnerability	Важная
Microsoft Office Access	CVE-2025-21395	Microsoft Access Remote Code Execution Vulnerability	Важная
Microsoft Office Excel	CVE-2025-21364	Microsoft Excel Security Feature Bypass Vulnerability	Важная
Microsoft Office Excel	CVE-2025-21362	Microsoft Excel Remote Code Execution Vulnerability	Критическая
Microsoft Office Excel	CVE-2025-21354	Microsoft Excel Remote Code Execution Vulnerability	Критическая
Microsoft Office OneNote	CVE-2025-21402	Microsoft Office OneNote Remote Code Execution Vulnerability	Важная
Microsoft Office Outlook	CVE-2025-21357	Microsoft Outlook Remote Code Execution Vulnerability	Важная
Microsoft Office Outlook for Mac	CVE-2025-21361	Microsoft Outlook Remote Code Execution Vulnerability	Важная
Microsoft Office SharePoint	CVE-2025-21344	Microsoft SharePoint Server Remote Code Execution Vulnerability	Важная
Microsoft Office SharePoint	CVE-2025-21348	Microsoft SharePoint Server Remote Code Execution Vulnerability	Важная
Microsoft Office SharePoint	CVE-2025-21393	Microsoft SharePoint Server Spoofing Vulnerability	Важная
Microsoft Office Visio	CVE-2025-21345	Microsoft Office Visio Remote Code Execution Vulnerability	Важная
Microsoft Office Visio	CVE-2025-21356	Microsoft Office Visio Remote Code Execution Vulnerability	Важная
Microsoft Office Word	CVE-2025-21363	Microsoft Word Remote Code Execution Vulnerability	Важная
Microsoft Purview	CVE-2025-21385	Microsoft Purview Information Disclosure Vulnerability	Критическая
Microsoft Windows Search Component	CVE-2025-21292	Windows Search Service Elevation of Privilege Vulnerability	Важная
Power Automate	CVE-2025-21187	Microsoft Power Automate Remote Code Execution Vulnerability	Важная
Reliable Multicast Transport Driver (RMCAST)	CVE-2025-21307	Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability	Критическая
Visual Studio	CVE-2025-21405	Visual Studio Elevation of Privilege Vulnerability	Важная
Visual Studio	CVE-2024-50338	GitHub: CVE-2024-50338 Malformed URL allows information disclosure through git-credential-manager	Важная
Visual Studio	CVE-2025-21178	Visual Studio Remote Code Execution Vulnerability	Важная
Windows BitLocker	CVE-2025-21213	Secure Boot Security Feature Bypass Vulnerability	Важная
Windows BitLocker	CVE-2025-21214	Windows BitLocker Information Disclosure Vulnerability	Важная
Windows Boot Loader	CVE-2025-21211	Secure Boot Security Feature Bypass Vulnerability	Важная
Windows Boot Manager	CVE-2025-21215	Secure Boot Security Feature Bypass Vulnerability	Важная
Windows Client-Side Caching (CSC) Service	CVE-2025-21374	Windows CSC Service Information Disclosure Vulnerability	Важная
Windows Client-Side Caching (CSC) Service	CVE-2025-21378	Windows CSC Service Elevation of Privilege Vulnerability	Важная
Windows Cloud Files Mini Filter Driver	CVE-2025-21271	Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability	Важная
Windows COM	CVE-2025-21281	Microsoft COM for Windows Elevation of Privilege Vulnerability	Важная
Windows COM	CVE-2025-21272	Windows COM Server Information Disclosure Vulnerability	Важная
Windows COM	CVE-2025-21288	Windows COM Server Information Disclosure Vulnerability	Важная
Windows Connected Devices Platform Service	CVE-2025-21207	Windows Connected Devices Platform Service (Cdpsvc) Denial of Service Vulnerability	Важная
Windows Cryptographic Services	CVE-2025-21336	Windows Cryptographic Information Disclosure Vulnerability	Важная
Windows Digital Media	CVE-2025-21261	Windows Digital Media Elevation of Privilege Vulnerability	Важная
Windows Digital Media	CVE-2025-21258	Windows Digital Media Elevation of Privilege Vulnerability	Важная
Windows Digital Media	CVE-2025-21232	Windows Digital Media Elevation of Privilege Vulnerability	Важная
Windows Digital Media	CVE-2025-21256	Windows Digital Media Elevation of Privilege Vulnerability	Важная
Windows Digital Media	CVE-2025-21255	Windows Digital Media Elevation of Privilege Vulnerability	Важная
Windows Digital Media	CVE-2025-21226	Windows Digital Media Elevation of Privilege Vulnerability	Важная
Windows Digital Media	CVE-2025-21310	Windows Digital Media Elevation of Privilege Vulnerability	Важная
Windows Digital Media	CVE-2025-21324	Windows Digital Media Elevation of Privilege Vulnerability	Важная
Windows Digital Media	CVE-2025-21249	Windows Digital Media Elevation of Privilege Vulnerability	Важная
Windows Digital Media	CVE-2025-21341	Windows Digital Media Elevation of Privilege Vulnerability	Важная
Windows Digital Media	CVE-2025-21227	Windows Digital Media Elevation of Privilege Vulnerability	Важная
Windows Digital Media	CVE-2025-21260	Windows Digital Media Elevation of Privilege Vulnerability	Важная
Windows Digital Media	CVE-2025-21265	Windows Digital Media Elevation of Privilege Vulnerability	Важная
Windows Digital Media	CVE-2025-21263	Windows Digital Media Elevation of Privilege Vulnerability	Важная
Windows Digital Media	CVE-2025-21228	Windows Digital Media Elevation of Privilege Vulnerability	Важная
Windows Digital Media	CVE-2025-21327	Windows Digital Media Elevation of Privilege Vulnerability	Важная
Windows Digital Media	CVE-2025-21229	Windows Digital Media Elevation of Privilege Vulnerability	Важная
Windows Direct Show	CVE-2025-21291	Windows Direct Show Remote Code Execution Vulnerability	Важная
Windows DWM Core Library	CVE-2025-21304	Microsoft DWM Core Library Elevation of Privilege Vulnerability	Важная
Windows Event Tracing	CVE-2025-21274	Windows Event Tracing Denial of Service Vulnerability	Важная
Windows Geolocation Service	CVE-2025-21301	Windows Geolocation Service Information Disclosure Vulnerability	Важная
Windows Hello	CVE-2025-21340	Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability	Важная
Windows Hyper-V NT Kernel Integration VSP	CVE-2025-21335	Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability	Важная
Windows Hyper-V NT Kernel Integration VSP	CVE-2025-21334	Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability	Важная
Windows Hyper-V NT Kernel Integration VSP	CVE-2025-21333	Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability	Важная
Windows Installer	CVE-2025-21275	Windows App Package Installer Elevation of Privilege Vulnerability	Важная
Windows Installer	CVE-2025-21331	Windows Installer Elevation of Privilege Vulnerability	Важная
Windows Installer	CVE-2025-21287	Windows Installer Elevation of Privilege Vulnerability	Важная
Windows Kerberos	CVE-2025-21242	Windows Kerberos Information Disclosure Vulnerability	Важная
Windows Kerberos	CVE-2025-21299	Windows Kerberos Security Feature Bypass Vulnerability	Важная
Windows Kerberos	CVE-2025-21218	Windows Kerberos Denial of Service Vulnerability	Важная
Windows Kernel Memory	CVE-2025-21316	Windows Kernel Memory Information Disclosure Vulnerability	Важная
Windows Kernel Memory	CVE-2025-21318	Windows Kernel Memory Information Disclosure Vulnerability	Важная
Windows Kernel Memory	CVE-2025-21321	Windows Kernel Memory Information Disclosure Vulnerability	Важная
Windows Kernel Memory	CVE-2025-21320	Windows Kernel Memory Information Disclosure Vulnerability	Важная
Windows Kernel Memory	CVE-2025-21317	Windows Kernel Memory Information Disclosure Vulnerability	Важная
Windows Kernel Memory	CVE-2025-21319	Windows Kernel Memory Information Disclosure Vulnerability	Важная
Windows Kernel Memory	CVE-2025-21323	Windows Kernel Memory Information Disclosure Vulnerability	Важная
Windows MapUrlToZone	CVE-2025-21268	MapUrlToZone Security Feature Bypass Vulnerability	Важная
Windows MapUrlToZone	CVE-2025-21269	Windows HTML Platforms Security Feature Bypass Vulnerability	Важная
Windows MapUrlToZone	CVE-2025-21332	MapUrlToZone Security Feature Bypass Vulnerability	Важная
Windows MapUrlToZone	CVE-2025-21276	Windows MapUrlToZone Denial of Service Vulnerability	Важная
Windows MapUrlToZone	CVE-2025-21219	MapUrlToZone Security Feature Bypass Vulnerability	Важная
Windows MapUrlToZone	CVE-2025-21328	MapUrlToZone Security Feature Bypass Vulnerability	Важная
Windows MapUrlToZone	CVE-2025-21329	MapUrlToZone Security Feature Bypass Vulnerability	Важная
Windows MapUrlToZone	CVE-2025-21189	MapUrlToZone Security Feature Bypass Vulnerability	Важная
Windows Message Queuing	CVE-2025-21251	Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability	Важная
Windows Message Queuing	CVE-2025-21230	Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability	Важная
Windows Message Queuing	CVE-2025-21220	Microsoft Message Queuing Information Disclosure Vulnerability	Важная
Windows Message Queuing	CVE-2025-21270	Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability	Важная
Windows Message Queuing	CVE-2025-21285	Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability	Важная
Windows Message Queuing	CVE-2025-21290	Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability	Важная
Windows Message Queuing	CVE-2025-21289	Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability	Важная
Windows Message Queuing	CVE-2025-21277	Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability	Важная
Windows NTLM	CVE-2025-21217	Windows NTLM Spoofing Vulnerability	Важная
Windows NTLM	CVE-2025-21311	Windows NTLM V1 Elevation of Privilege Vulnerability	Критическая
Windows OLE	CVE-2025-21298	Windows OLE Remote Code Execution Vulnerability	Критическая
Windows PrintWorkflowUserSvc	CVE-2025-21235	Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability	Важная
Windows PrintWorkflowUserSvc	CVE-2025-21234	Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability	Важная
Windows Recovery Environment Agent	CVE-2025-21202	Windows Recovery Environment Agent Elevation of Privilege Vulnerability	Важная
Windows Remote Desktop Services	CVE-2025-21309	Windows Remote Desktop Services Remote Code Execution Vulnerability	Критическая
Windows Remote Desktop Services	CVE-2025-21297	Windows Remote Desktop Services Remote Code Execution Vulnerability	Критическая
Windows Remote Desktop Services	CVE-2025-21225	Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability	Важная
Windows Remote Desktop Services	CVE-2025-21330	Windows Remote Desktop Services Denial of Service Vulnerability	Важная
Windows Remote Desktop Services	CVE-2025-21278	Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability	Важная
Windows Secure Boot	CVE-2024-7344	Cert CC: CVE-2024-7344 Howyar Taiwan Secure Boot Bypass	Важная
Windows Security Account Manager	CVE-2025-21313	Windows Security Account Manager (SAM) Denial of Service Vulnerability	Важная
Windows Smart Card	CVE-2025-21312	Windows Smart Card Reader Information Disclosure Vulnerability	Важная
Windows SmartScreen	CVE-2025-21314	Windows SmartScreen Spoofing Vulnerability	Важная
Windows SPNEGO Extended Negotiation	CVE-2025-21295	SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability	Критическая
Windows Telephony Service	CVE-2025-21243	Windows Telephony Service Remote Code Execution Vulnerability	Важная
Windows Telephony Service	CVE-2025-21244	Windows Telephony Service Remote Code Execution Vulnerability	Важная
Windows Telephony Service	CVE-2025-21241	Windows Telephony Service Remote Code Execution Vulnerability	Важная
Windows Telephony Service	CVE-2025-21303	Windows Telephony Service Remote Code Execution Vulnerability	Важная
Windows Telephony Service	CVE-2025-21246	Windows Telephony Service Remote Code Execution Vulnerability	Важная
Windows Telephony Service	CVE-2025-21252	Windows Telephony Service Remote Code Execution Vulnerability	Важная
Windows Telephony Service	CVE-2025-21417	Windows Telephony Service Remote Code Execution Vulnerability	Важная
Windows Telephony Service	CVE-2025-21248	Windows Telephony Service Remote Code Execution Vulnerability	Важная
Windows Telephony Service	CVE-2025-21306	Windows Telephony Service Remote Code Execution Vulnerability	Важная
Windows Telephony Service	CVE-2025-21233	Windows Telephony Service Remote Code Execution Vulnerability	Важная
Windows Telephony Service	CVE-2025-21411	Windows Telephony Service Remote Code Execution Vulnerability	Важная
Windows Telephony Service	CVE-2025-21413	Windows Telephony Service Remote Code Execution Vulnerability	Важная
Windows Telephony Service	CVE-2025-21237	Windows Telephony Service Remote Code Execution Vulnerability	Важная
Windows Telephony Service	CVE-2025-21239	Windows Telephony Service Remote Code Execution Vulnerability	Важная
Windows Telephony Service	CVE-2025-21339	Windows Telephony Service Remote Code Execution Vulnerability	Важная
Windows Telephony Service	CVE-2025-21236	Windows Telephony Service Remote Code Execution Vulnerability	Важная
Windows Telephony Service	CVE-2025-21245	Windows Telephony Service Remote Code Execution Vulnerability	Важная
Windows Telephony Service	CVE-2025-21409	Windows Telephony Service Remote Code Execution Vulnerability	Важная
Windows Telephony Service	CVE-2025-21223	Windows Telephony Service Remote Code Execution Vulnerability	Важная
Windows Telephony Service	CVE-2025-21282	Windows Telephony Service Remote Code Execution Vulnerability	Важная
Windows Telephony Service	CVE-2025-21305	Windows Telephony Service Remote Code Execution Vulnerability	Важная
Windows Telephony Service	CVE-2025-21273	Windows Telephony Service Remote Code Execution Vulnerability	Важная
Windows Telephony Service	CVE-2025-21266	Windows Telephony Service Remote Code Execution Vulnerability	Важная
Windows Telephony Service	CVE-2025-21250	Windows Telephony Service Remote Code Execution Vulnerability	Важная
Windows Telephony Service	CVE-2025-21302	Windows Telephony Service Remote Code Execution Vulnerability	Важная
Windows Telephony Service	CVE-2025-21240	Windows Telephony Service Remote Code Execution Vulnerability	Важная
Windows Telephony Service	CVE-2025-21286	Windows Telephony Service Remote Code Execution Vulnerability	Важная
Windows Telephony Service	CVE-2025-21238	Windows Telephony Service Remote Code Execution Vulnerability	Важная
Windows Themes	CVE-2025-21308	Windows Themes Spoofing Vulnerability	Важная
Windows UPnP Device Host	CVE-2025-21300	Windows upnphost.dll Denial of Service Vulnerability	Важная
Windows UPnP Device Host	CVE-2025-21389	Windows upnphost.dll Denial of Service Vulnerability	Важная
Windows Virtual Trusted Platform Module	CVE-2025-21210	Windows BitLocker Information Disclosure Vulnerability	Важная
Windows Virtual Trusted Platform Module	CVE-2025-21284	Windows Virtual Trusted Platform Module Denial of Service Vulnerability	Важная
Windows Virtual Trusted Platform Module	CVE-2025-21280	Windows Virtual Trusted Platform Module Denial of Service Vulnerability	Важная
Windows Virtualization-Based Security (VBS) Enclave	CVE-2025-21370	Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability	Важная
Windows Web Threat Defense User Service	CVE-2025-21343	Windows Web Threat Defense User Service Information Disclosure Vulnerability	Важная
Windows Win32K - GRFX	CVE-2025-21338	GDI+ Remote Code Execution Vulnerability	Важная
Windows WLAN Auto Config Service	CVE-2025-21257	Windows WLAN AutoConfig Service Information Disclosure Vulnerability	Важная

В марте 2023-го Microsoft устранила 83 уязвимости, две из которых — 0-day

Читайте также