1 hafta önce
12
Microsoft bu aylık yayınladığı Patch Tuesday güncellemeleri ile 2 adet zero-day güvenlik açığı ve toplamda 79 zafiyeti kapattı.
| .NET | CVE-2026-26131 | .NET Elevation of Privilege Vulnerability | Important |
| .NET | CVE-2026-26127 | .NET Denial of Service Vulnerability | Important |
| Active Directory Domain Services | CVE-2026-25177 | Active Directory Domain Services Elevation of Privilege Vulnerability | Important |
| ASP.NET Core | CVE-2026-26130 | ASP.NET Core Denial of Service Vulnerability | Important |
| Azure Arc | CVE-2026-26141 | Hybrid Worker Extension (Arc-enabled Windows VMs) Elevation of Privilege Vulnerability | Important |
| Azure Compute Gallery | CVE-2026-23651 | Microsoft ACI Confidential Containers Elevation of Privilege Vulnerability | Critical |
| Azure Compute Gallery | CVE-2026-26124 | Microsoft ACI Confidential Containers Elevation of Privilege Vulnerability | Critical |
| Azure Compute Gallery | CVE-2026-26122 | Microsoft ACI Confidential Containers Information Disclosure Vulnerability | Critical |
| Azure Entra ID | CVE-2026-26148 | Microsoft Azure AD SSH Login uzantılar for Linux Elevation of Privilege Vulnerability | Important |
| Azure IoT Explorer | CVE-2026-26121 | Azure IOT Explorer Spoofing Vulnerability | Important |
| Azure IoT Explorer | CVE-2026-23662 | Azure IoT Explorer Information Disclosure Vulnerability | Important |
| Azure IoT Explorer | CVE-2026-23661 | Azure IoT Explorer Information Disclosure Vulnerability | Important |
| Azure IoT Explorer | CVE-2026-23664 | Azure IoT Explorer Information Disclosure Vulnerability | Important |
| Azure Linux Virtual Machines | CVE-2026-23665 | Linux Azure Diagnostic uzantılar (LAD) Elevation of Privilege Vulnerability | Important |
| Azure MCP Server | CVE-2026-26118 | Azure MCP Server Tools Elevation of Privilege Vulnerability | Important |
| Azure Portal Windows Admin Center | CVE-2026-23660 | Windows Admin Center içinde Azure Portal Elevation of Privilege Vulnerability | Important |
| Azure Windows Virtual Machine Agent | CVE-2026-26117 | Arc Enabled Servers – Azure Connected Machine Agent Elevation of Privilege Vulnerability | Important |
| Broadcast DVR | CVE-2026-23667 | Broadcast DVR Elevation of Privilege Vulnerability | Important |
| Connected Devices Platform Service (Cdpsvc) | CVE-2026-24292 | Windows Connected Devices Platform Service Elevation of Privilege Vulnerability | Important |
| GitHub Repo: zero-shot-scfoundation | CVE-2026-23654 | GitHub: Zero Shot SCFoundation Remote Code Execution Vulnerability | Important |
| Mariner | CVE-2026-23235 | f2fs: düzelten out-of-bounds access içinde sysfs attribute read/write | Important |
| Mariner | CVE-2026-23234 | f2fs: düzelten to avoid UAF içinde f2fs_write_end_io() | Important |
| Mariner | CVE-2026-3713 | pnggroup libpng pnm2png pnm2png.c do_pnm2png heap-based overflow | Moderate |
| Mariner | CVE-2026-23237 | platform/x86: classmate-laptop: Add missing NULL pointer checks | Moderate |
| Mariner | CVE-2026-26017 | CoreDNS ACL Bypass | Important |
| Mariner | CVE-2026-26018 | CoreDNS Loop Detection Denial of Service Vulnerability | Important |
| Mariner | CVE-2026-2297 | SourcelessFileLoader does hatırlatma use io.open_code() | Moderate |
| Mariner | CVE-2026-0038 | In çoklu functions of mem_protect.c, there is a mümkün olan way to execute arbitrary code nedeniyle to a logic hatalar içinde the code. This could önderlik eden to yerel escalation of privilege with hayır additional execution privileges needed. User etkileşimler is hatırlatma needed for exploitation. | Important |
| Mariner | CVE-2026-27601 | Underscore.js has unlimited recursion içinde _.flatten and _.isEqual, potansiyeller for DoS attack | Important |
| Mariner | CVE-2026-23236 | fbdev: smscufx: uygun şekilde copy ioctl hafızalar to kernelspace | Moderate |
| Mariner | CVE-2026-23865 | An integer overflow içinde the tt_var_load_item_variation_store işlevler of the Freetype kütüphaneler içinde versions 2.13.2 and 2.13.3 mayıs allow for an dışarı of bounds okuyan operasyonlar when parsing HVAR/VVAR/MVAR tables içinde OpenType variable fonts. This konular is fixed içinde version 2.14.2. | Moderate |
| Mariner | CVE-2025-71238 | scsi: qla2xxx: Fix bsg_done() causing iki kat free | Moderate |
| Mariner | CVE-2026-3338 | PKCS7_verify Signature Validation Bypass içinde AWS-LC | Important |
| Mariner | CVE-2026-23231 | netfilter: nf_tables: düzelten use-after-free içinde nf_tables_addchain() | Important |
| Mariner | CVE-2026-3381 | Compress::Raw::Zlib versions through 2.219 for Perl use potansiyel olarak insecure versions of zlib | Critical |
| Mariner | CVE-2026-0031 | In çoklu functions of mem_protect.c, there is a mümkün olan dışarı of bounds write nedeniyle to an integer overflow. This could önderlik eden to yerel escalation of privilege with hayır additional execution privileges needed. User etkileşimler is hatırlatma needed for exploitation. | Important |
| Mariner | CVE-2026-23238 | romfs: check sb_set_blocksize() dönen value | Moderate |
| Mariner | CVE-2026-3494 | MariaDB Server Audit Plugin Comment Handling Bypass | Moderate |
| Mariner | CVE-2026-3336 | PKCS7_verify Certificate Chain Validation Bypass içinde AWS-LC | Important |
| Mariner | CVE-2026-0032 | In çoklu functions of mem_protect.c, there is a mümkün olan out-of-bounds write nedeniyle to a logic hatalar içinde the code. This could önderlik eden to yerel escalation of privilege with hayır additional execution privileges needed. User etkileşimler is hatırlatma needed for exploitation. | Important |
| Microsoft Authenticator | CVE-2026-26123 | Microsoft Authenticator Information Disclosure Vulnerability | Important |
| Microsoft Brokering File System | CVE-2026-25167 | Microsoft Brokering File System Elevation of Privilege Vulnerability | Important |
| Microsoft Devices Pricing Program | CVE-2026-21536 | Microsoft Devices Pricing Program Remote Code Execution Vulnerability | Critical |
| Microsoft Edge (Chromium-based) | CVE-2026-3544 | Chromium: CVE-2026-3544 Heap buffer overflow içinde WebCodecs | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2026-3540 | Chromium: CVE-2026-3540 Inappropriate implementation içinde WebAudio | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2026-3536 | Chromium: CVE-2026-3536 Integer overflow içinde ANGLE | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2026-3538 | Chromium: CVE-2026-3538 Integer overflow içinde Skia | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2026-3545 | Chromium: CVE-2026-3545 Insufficient data validation içinde Navigation | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2026-3541 | Chromium: CVE-2026-3541 Inappropriate implementation içinde CSS | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2026-3543 | Chromium: CVE-2026-3543 Inappropriate implementation içinde V8 | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2026-3539 | Chromium: CVE-2026-3539 Object lifecycle konular içinde DevTools | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2026-3542 | Chromium: CVE-2026-3542 Inappropriate implementation içinde WebAssembly | Unknown |
| Microsoft Graphics Component | CVE-2026-25169 | Windows Graphics Component Denial of Service Vulnerability | Important |
| Microsoft Graphics Component | CVE-2026-25180 | Windows Graphics Component Information Disclosure Vulnerability | Important |
| Microsoft Graphics Component | CVE-2026-25168 | Windows Graphics Component Denial of Service Vulnerability | Important |
| Microsoft Graphics Component | CVE-2026-23668 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
| Microsoft Office | CVE-2026-26110 | Microsoft Office Remote Code Execution Vulnerability | Critical |
| Microsoft Office | CVE-2026-26113 | Microsoft Office Remote Code Execution Vulnerability | Critical |
| Microsoft Office | CVE-2026-26134 | Microsoft Office Elevation of Privilege Vulnerability | Important |
| Microsoft Office Excel | CVE-2026-26144 | Microsoft Excel Information Disclosure Vulnerability | Critical |
| Microsoft Office Excel | CVE-2026-26109 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2026-26108 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2026-26107 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2026-26112 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2026-26105 | Microsoft SharePoint Server Spoofing Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2026-26114 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2026-26106 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
| Microsoft Semantic Kernel Python SDK | CVE-2026-26030 | GitHub: CVE-2026-26030 Microsoft Semantic Kernel InMemoryVectorStore filter functionality vulnerable | Important |
| Payment Orchestrator Service | CVE-2026-26125 | Payment Orchestrator Service Elevation of Privilege Vulnerability | Critical |
| Push Message Routing Service | CVE-2026-24282 | Push mesajlar Routing Service Elevation of Privilege Vulnerability | Important |
| Role: Windows Hyper-V | CVE-2026-25170 | Windows Hyper-V Elevation of Privilege Vulnerability | Important |
| SQL Server | CVE-2026-21262 | SQL Server Elevation of Privilege Vulnerability | Important |
| SQL Server | CVE-2026-26116 | SQL Server Elevation of Privilege Vulnerability | Important |
| SQL Server | CVE-2026-26115 | SQL Server Elevation of Privilege Vulnerability | Important |
| System Center Operations Manager | CVE-2026-20967 | System Center Operations Manager (SCOM) Elevation of Privilege Vulnerability | Important |
| Windows Accessibility Infrastructure (ATBroker.exe) | CVE-2026-25186 | Windows Accessibility Infrastructure (ATBroker.exe) Information Disclosure Vulnerability | Important |
| Windows Accessibility Infrastructure (ATBroker.exe) | CVE-2026-24291 | Windows Accessibility Infrastructure (ATBroker.exe) Elevation of Privilege Vulnerability | Important |
| Windows Ancillary Function Driver for WinSock | CVE-2026-25179 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important |
| Windows Ancillary Function Driver for WinSock | CVE-2026-24293 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important |
| Windows Ancillary Function Driver for WinSock | CVE-2026-25176 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important |
| Windows Ancillary Function Driver for WinSock | CVE-2026-25178 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important |
| Windows App Installer | CVE-2026-23656 | Windows App Installer Spoofing Vulnerability | Important |
| Windows Authentication Methods | CVE-2026-25171 | Windows Authentication Elevation of Privilege Vulnerability | Important |
| Windows Bluetooth RFCOM Protocol Driver | CVE-2026-23671 | Windows Bluetooth RFCOM Protocol Driver Elevation of Privilege Vulnerability | Important |
| Windows Device Association Service | CVE-2026-24296 | Windows Device Association Service Elevation of Privilege Vulnerability | Important |
| Windows Device Association Service | CVE-2026-24295 | Windows Device Association Service Elevation of Privilege Vulnerability | Important |
| Windows DWM Core Library | CVE-2026-25189 | Windows DWM Core Library Elevation of Privilege Vulnerability | Important |
| Windows Extensible File Allocation | CVE-2026-25174 | Windows Extensible File Allocation Table Elevation of Privilege Vulnerability | Important |
| Windows File Server | CVE-2026-24283 | Multiple UNC Provider Kernel Driver Elevation of Privilege Vulnerability | Important |
| Windows GDI | CVE-2026-25190 | GDI Remote Code Execution Vulnerability | Important |
| Windows GDI+ | CVE-2026-25181 | GDI+ Information Disclosure Vulnerability | Important |
| Windows Kerberos | CVE-2026-24297 | Windows Kerberos Security Feature Bypass Vulnerability | Important |
| Windows Kernel | CVE-2026-26132 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2026-24289 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2026-24287 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows MapUrlToZone | CVE-2026-23674 | MapUrlToZone Security Feature Bypass Vulnerability | Important |
| Windows Mobile Broadband | CVE-2026-24288 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important |
| Windows NTFS | CVE-2026-25175 | Windows NTFS Elevation of Privilege Vulnerability | Important |
| Windows Performance Counters | CVE-2026-25165 | Performance Counters for Windows Elevation of Privilege Vulnerability | Important |
| Windows Print Spooler Components | CVE-2026-23669 | Windows Print Spooler Remote Code Execution Vulnerability | Important |
| Windows Projected File System | CVE-2026-24290 | Windows Projected File System Elevation of Privilege Vulnerability | Important |
| Windows Resilient File System (ReFS) | CVE-2026-23673 | Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2026-26111 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2026-25173 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2026-25172 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Shell Link Processing | CVE-2026-25185 | Windows Shell Link Processing Spoofing Vulnerability | Important |
| Windows SMB Server | CVE-2026-26128 | Windows SMB Server Elevation of Privilege Vulnerability | Important |
| Windows SMB Server | CVE-2026-24294 | Windows SMB Server Elevation of Privilege Vulnerability | Important |
| Windows System Image Manager | CVE-2026-25166 | Windows System Image Manager Assessment and Deployment Kit (ADK) Remote Code Execution Vulnerability | Important |
| Windows Telephony Service | CVE-2026-25188 | Windows Telephony Service Elevation of Privilege Vulnerability | Important |
| Windows Universal Disk Format File System Driver (UDFS) | CVE-2026-23672 | Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability | Important |
| Windows Win32K | CVE-2026-24285 | Win32k Elevation of Privilege Vulnerability | Important |
| Winlogon | CVE-2026-25187 | Winlogon Elevation of Privilege Vulnerability | Important |
.png?format=webp&width=1200&height=630)
English (US) ·