Microsoft ออกแพตช์อุดช่องโหว่ 66 รายการ – พบ 2 ช่องโหว่ถูกใช้โจมตีจริง!
ไมโครซอฟท์ออกอัปเดตด้านความปลอดภัยรายเดือน หรือที่เรียกว่า “Patch Tuesday” โดยรอบเดือนมิถุนายนนี้ มีการอุดช่องโหว่รวมทั้งหมด 66 รายการ ซึ่งครอบคลุมผลิตภัณฑ์ต่างๆ ทั้ง Windows, Microsoft Office, Remote Desktop Client, Visual Studio, Windows Remote Access Connection Manager และระบบอื่น ๆ ที่ใช้งานในองค์หรอย่างแพร่หลาย
จากทั้งหมด 66 รายการ มีช่องโหว่ถึง 10 รายการที่อยู่ในโหว่ระดับวิกฤต (Critical) ซึ่งอาจเปิดโอกาสให้แฮกเกอร์เข้าควบคุมเครื่องจากระยะไกล (Remote Code Execution) หรือยกระดับสิทธิ์โดยไม่ต้องมีรหัสผ่าน (Elevation of Privilege)
ที่น่ากังวลคือ Microsoft ยืนยันว่ามี 2 ช่องโหว่ Zero Day ที่ถูกใช้โจมตีจริงแล้วได้แก่:
- CVE‑2025‑33053 (WebDAV RCE) – ใช้ช่องทาง WebDAV หลอกให้ผู้ใช้คลิกไฟล์ที่ดูเหมือนปลอดภัย เพื่อรันโค้ดอันตราย
- CVE‑2025‑33073 (SMB Privilege Escalation) – ใช้ SMB Server หลอกให้เครื่องของเหยื่อเชื่อมต่อกลับ แล้วแฮกเกอร์จะสามารถยกระดับสิทธิ์ได้ทันที
ทั้งสองช่องโหว่นี้เป็นที่รู้กันว่าถูกใช้โดยกลุ่ม APT ที่มีเป้าหมายโจมตีองค์กรภาครัฐและเอกชนในหลายประเทศ
ภาพรวมช่องต่างๆ ประกอบด้วย
- Elevation of Privilege: 13 รายการ
- Remote Code Execution: 25 รายการ
- Information Disclosure: 17 รายการ
- อื่น ๆ (Security Bypass, DoS, Spoofing): 11 รายการ
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| .NET and Visual Studio | CVE-2025-30399 | .NET and Visual Studio Remote Code Execution Vulnerability | Important |
| App Control for Business (WDAC) | CVE-2025-33069 | Windows App Control for Business Security Feature Bypass Vulnerability | Important |
| Microsoft AutoUpdate (MAU) | CVE-2025-47968 | Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability | Important |
| Microsoft Local Security Authority Server (lsasrv) | CVE-2025-33056 | Windows Local Security Authority (LSA) Denial of Service Vulnerability | Important |
| Microsoft Office | CVE-2025-47164 | Microsoft Office Remote Code Execution Vulnerability | Critical |
| Microsoft Office | CVE-2025-47167 | Microsoft Office Remote Code Execution Vulnerability | Critical |
| Microsoft Office | CVE-2025-47162 | Microsoft Office Remote Code Execution Vulnerability | Critical |
| Microsoft Office | CVE-2025-47173 | Microsoft Office Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2025-47953 | Microsoft Office Remote Code Execution Vulnerability | Critical |
| Microsoft Office Excel | CVE-2025-47165 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-47174 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Outlook | CVE-2025-47171 | Microsoft Outlook Remote Code Execution Vulnerability | Important |
| Microsoft Office Outlook | CVE-2025-47176 | Microsoft Outlook Remote Code Execution Vulnerability | Important |
| Microsoft Office PowerPoint | CVE-2025-47175 | Microsoft PowerPoint Remote Code Execution Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2025-47172 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Critical |
| Microsoft Office SharePoint | CVE-2025-47166 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2025-47163 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
| Microsoft Office Word | CVE-2025-47170 | Microsoft Word Remote Code Execution Vulnerability | Important |
| Microsoft Office Word | CVE-2025-47957 | Microsoft Word Remote Code Execution Vulnerability | Important |
| Microsoft Office Word | CVE-2025-47169 | Microsoft Word Remote Code Execution Vulnerability | Important |
| Microsoft Office Word | CVE-2025-47168 | Microsoft Word Remote Code Execution Vulnerability | Important |
| Nuance Digital Engagement Platform | CVE-2025-47977 | Nuance Digital Engagement Platform Spoofing Vulnerability | Important |
| Remote Desktop Client | CVE-2025-32715 | Remote Desktop Protocol Client Information Disclosure Vulnerability | Important |
| Visual Studio | CVE-2025-47959 | Visual Studio Remote Code Execution Vulnerability | Important |
| WebDAV | CVE-2025-33053 | Web Distributed Authoring and Versioning (WEBDAV) Remote Code Execution Vulnerability | Important |
| Windows Common Log File System Driver | CVE-2025-32713 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important |
| Windows Cryptographic Services | CVE-2025-29828 | Windows Schannel Remote Code Execution Vulnerability | Critical |
| Windows DHCP Server | CVE-2025-33050 | DHCP Server Service Denial of Service Vulnerability | Important |
| Windows DHCP Server | CVE-2025-32725 | DHCP Server Service Denial of Service Vulnerability | Important |
| Windows DWM Core Library | CVE-2025-33052 | Windows DWM Core Library Information Disclosure Vulnerability | Important |
| Windows Hello | CVE-2025-47969 | Windows Virtualization-Based Security (VBS) Information Disclosure Vulnerability | Important |
| Windows Installer | CVE-2025-33075 | Windows Installer Elevation of Privilege Vulnerability | Important |
| Windows Installer | CVE-2025-32714 | Windows Installer Elevation of Privilege Vulnerability | Important |
| Windows KDC Proxy Service (KPSSVC) | CVE-2025-33071 | Windows KDC Proxy Service (KPSSVC) Remote Code Execution Vulnerability | Critical |
| Windows Kernel | CVE-2025-33067 | Windows Task Scheduler Elevation of Privilege Vulnerability | Important |
| Windows Local Security Authority (LSA) | CVE-2025-33057 | Windows Local Security Authority (LSA) Denial of Service Vulnerability | Important |
| Windows Local Security Authority Subsystem Service (LSASS) | CVE-2025-32724 | Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability | Important |
| Windows Media | CVE-2025-32716 | Windows Media Elevation of Privilege Vulnerability | Important |
| Windows Netlogon | CVE-2025-33070 | Windows Netlogon Elevation of Privilege Vulnerability | Critical |
| Windows Recovery Driver | CVE-2025-32721 | Windows Recovery Driver Elevation of Privilege Vulnerability | Important |
| Windows Remote Access Connection Manager | CVE-2025-47955 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | Important |
| Windows Remote Desktop Services | CVE-2025-32710 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Critical |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-33064 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-33066 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows SDK | CVE-2025-47962 | Windows SDK Elevation of Privilege Vulnerability | Important |
| Windows Secure Boot | CVE-2025-3052 | Cert CC: CVE-2025-3052 InsydeH2O Secure Boot Bypass | Important |
| Windows Security App | CVE-2025-47956 | Windows Security App Spoofing Vulnerability | Important |
| Windows Shell | CVE-2025-47160 | Windows Shortcut Files Security Feature Bypass Vulnerability | Important |
| Windows SMB | CVE-2025-33073 | Windows SMB Client Elevation of Privilege Vulnerability | Important |
| Windows SMB | CVE-2025-32718 | Windows SMB Client Elevation of Privilege Vulnerability | Important |
| Windows Standards-Based Storage Management Service | CVE-2025-33068 | Windows Standards-Based Storage Management Service Denial of Service Vulnerability | Important |
| Windows Storage Management Provider | CVE-2025-32719 | Windows Storage Management Provider Information Disclosure Vulnerability | Important |
| Windows Storage Management Provider | CVE-2025-24065 | Windows Storage Management Provider Information Disclosure Vulnerability | Important |
| Windows Storage Management Provider | CVE-2025-24068 | Windows Storage Management Provider Information Disclosure Vulnerability | Important |
| Windows Storage Management Provider | CVE-2025-33055 | Windows Storage Management Provider Information Disclosure Vulnerability | Important |
| Windows Storage Management Provider | CVE-2025-24069 | Windows Storage Management Provider Information Disclosure Vulnerability | Important |
| Windows Storage Management Provider | CVE-2025-33060 | Windows Storage Management Provider Information Disclosure Vulnerability | Important |
| Windows Storage Management Provider | CVE-2025-33059 | Windows Storage Management Provider Information Disclosure Vulnerability | Important |
| Windows Storage Management Provider | CVE-2025-33062 | Windows Storage Management Provider Information Disclosure Vulnerability | Important |
| Windows Storage Management Provider | CVE-2025-33061 | Windows Storage Management Provider Information Disclosure Vulnerability | Important |
| Windows Storage Management Provider | CVE-2025-33058 | Windows Storage Management Provider Information Disclosure Vulnerability | Important |
| Windows Storage Management Provider | CVE-2025-32720 | Windows Storage Management Provider Information Disclosure Vulnerability | Important |
| Windows Storage Management Provider | CVE-2025-33065 | Windows Storage Management Provider Information Disclosure Vulnerability | Important |
| Windows Storage Management Provider | CVE-2025-33063 | Windows Storage Management Provider Information Disclosure Vulnerability | Important |
| Windows Storage Port Driver | CVE-2025-32722 | Windows Storage Port Driver Information Disclosure Vulnerability | Important |
| Windows Win32K – GRFX | CVE-2025-32712 | Win32k Elevation of Privilege Vulnerability | Important |
ที่มา : bleepingcomputer