{"id":3856,"date":"2022-03-31T06:36:05","date_gmt":"2022-03-31T03:36:05","guid":{"rendered":"https:\/\/kutaybilen.com.tr\/?p=3856"},"modified":"2022-03-31T06:36:05","modified_gmt":"2022-03-31T03:36:05","slug":"windows-10da-guvenlik-acigi-yaratan-zero-day-kodu-aciklandi","status":"publish","type":"post","link":"https:\/\/kutaybilen.com.tr\/?p=3856","title":{"rendered":"Windows 10\u2019da G\u00fcvenlik A\u00e7\u0131\u011f\u0131 Yaratan Zero-Day Kodu A\u00e7\u0131kland\u0131"},"content":{"rendered":"

\u0130nternetin bilinen g\u00fcvenlik ara\u015ft\u0131rmac\u0131lar\u0131 ortas\u0131nda yer alan SandboxEscaper, GitHub \u00fczerinden bir Windows 10 zero-day a\u00e7\u0131\u011f\u0131 payla\u015ft\u0131.<\/p>\n

LPE a\u00e7\u0131klar\u0131 direkt sistemlere giri\u015f i\u00e7in kullan\u0131lamasalar da bir sefer sisteme girmi\u015f olan hackerlar taraf\u0131ndan, ata\u011f\u0131n ilerleyen etaplar\u0131nda tesir alanlar\u0131n\u0131 geni\u015fletmek hedefiyle kullan\u0131labiliyorlar. Bu a\u00e7\u0131klardan faydalanan \u015fah\u0131slar, sistem y\u00f6neticisi pozisyonuna eri\u015ferek b\u00fct\u00fcn ayg\u0131t\u0131 denetim alt\u0131na alabiliyorlar.<\/p>\n

<\/p>\n

GitHub\u2019da yap\u0131lan tan\u0131mlamaya nazaran yeni a\u00e7\u0131k, Windows Misyon Zamanlay\u0131c\u0131 s\u00fcrecinde ortaya \u00e7\u0131k\u0131yor. Sald\u0131rganlar, hasarl\u0131 bir i\u015f evrak\u0131 \u00e7al\u0131\u015ft\u0131r\u0131yor ve bu evraktaki kusur sayesinde DACL (iste\u011fe ba\u011fl\u0131 eri\u015fim denetim listesi) izinlerinde a\u015fik\u00e2r bir evrak i\u00e7in a\u00e7\u0131k yarat\u0131yor. Bu a\u00e7\u0131k kullan\u0131ld\u0131\u011f\u0131nda hackerlar\u0131n d\u00fc\u015f\u00fck d\u00fczeyli kullan\u0131c\u0131 profilleri y\u00f6netici eri\u015fim m\u00fcsaadelerine kavu\u015fmu\u015f oluyor ve b\u00fct\u00fcn sistem \u00fczerinde denetim sa\u011fl\u0131yor.<\/p>\n

Zero-day \u015fu ana kadar Windows 10 32 bit sistemlerde test edildi ve kullan\u0131labildi\u011fi onayland\u0131. Windows 10 64 bit versiyon \u00fczerinde \u015fimdi yap\u0131lm\u0131\u015f ve sonucu a\u00e7\u0131klanm\u0131\u015f bir test yok.<\/p>\n

Zero-day teorik olarak biraz ayarlama ile b\u00fct\u00fcn Windows versiyonlar\u0131 ile \u00e7al\u0131\u015fabilir durumda, buna eski Windows XP ve Server 2003 \u00fczere versiyonlar da dahil. Bu sistemler i\u00e7in de testler yap\u0131lmas\u0131 gerekiyor.<\/p>\n

SandboxEscaper, daha evvel de Microsoft\u2019u yanl\u0131\u015flar konusunda uyarmadan evvel zero-day a\u00e7\u0131klar\u0131 payla\u015fm\u0131\u015ft\u0131. Bu a\u00e7\u0131klardan biri etkin olarak ziyanl\u0131 yaz\u0131l\u0131mlar taraf\u0131ndan kullan\u0131lm\u0131\u015ft\u0131.<\/p>\n

Microsoft, bu \u00e7e\u015fit g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131 ke\u015ffedildikten sonra 1 ya da 2 ay i\u00e7erisinde \u00e7\u0131kard\u0131\u011f\u0131 yamalar ile d\u00fczeltiyor. Bir sonraki Microsoft yamas\u0131 ise 11 Haziran\u2019da gelecek.<\/p>\n

<\/div>\n
\n
<\/div>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"

\u0130nternetin bilinen g\u00fcvenlik ara\u015ft\u0131rmac\u0131lar\u0131 ortas\u0131nda yer alan SandboxEscaper, GitHub \u00fczerinden bir Windows 10 zero-day a\u00e7\u0131\u011f\u0131 payla\u015ft\u0131. LPE …<\/p>\n","protected":false},"author":1,"featured_media":3857,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[854],"tags":[1035,938],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/posts\/3856"}],"collection":[{"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3856"}],"version-history":[{"count":1,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/posts\/3856\/revisions"}],"predecessor-version":[{"id":3858,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/posts\/3856\/revisions\/3858"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/media\/3857"}],"wp:attachment":[{"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3856"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3856"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3856"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}