A ranar 13th Yuni, a matsayin wani ɓangare na yau da kullun Sabunta jadawalin Talata, Microsoft ya saki tsaro sabuntawa don a total na 96 raunin tsaro a cikin nau'ikan tsarin aiki na Windows da software, gami da gyaran gaba daya yanayin rauni waɗanda aka yi amfani da su a cikin daji.
Daga cikin raunin tsaro 96, 12% na waɗannan batutuwa sun fito ne ta hanyar shirin ZDI (Zero-Day Initiative) a wani lokaci. Adadin 18 daga cikin waɗannan batutuwa an ƙaddara su masu mahimmanci, an ƙaddara 76 Mahimmanci, ɗayan yana ƙaddara Matsakaici, ɗayan kuma shine ƙarancin ƙarancin ƙarancin ƙarfi. An bayyana wasu daga cikin wadannan kwarin da farko yayin gasar Pwn2Own na wannan shekara, amma wasu kwari daga gasar har yanzu ana ci gaba da yin facin su. Biyu daga cikin wadannan kwari suna fuskantar hari yayin da aka lissafa uku kamar yadda aka sani a fili.
Idan kun tuna, watan da ya gabata ya yadu WannaCry harin fansa, wanda ya kamu da kwamfutoci kusan 300,000 a cikin sama da kasashe 150, ya tilasta Microsoft sakin labaran tsaro kan MadawwamiBlue SMB amfani don nau'ikan Windows mara tallafi, amma kamfanin ya bar wasu abubuwa uku na Windows ba tare da rana ba, wanda Inuwa Dillalai a cikin Afrilu, ba a buga ba. Fitarwar wannan watan ma ya haɗa da na gaggawa faci don wadancan abubuwan hacking din Windows din guda uku.
The Yunin 2017 Patch Talata yana kawo faci don da yawa layin aiwatar da lambar nesa a cikin Windows, Office, da Edge, waɗanda masu fashin kwamfuta za su iya amfani da su ta nesa don ɗaukar cikakken iko kan na'urori masu rauni tare da ƙarancin ma'amala daga mai amfani.
Duk da yake an yi amfani da rauni guda biyu a cikin kai tsaye, wasu kuskuren guda uku suna da hujja ta hujja (POC) a fili wanda kowa zai iya amfani da shi don amfani da masu amfani da Windows.
Abubuwan amfani na Windows ukun da ba a taɓa amfani da su ba an tsara su azaman "EsteemAudit," "ExplodingCan," da kuma "Likitan Likitan Turanci." EsteemAudit yana niyya sabis na yarjejeniya ta nesa (RDP) a kan ayyukan Microsoft Windows Server 2003 da injunan Windows XP, yayin da ExplodingCan ke amfani da kwari a cikin IIS 6.0 kuma EnglishmanDentist yana amfani da sabobin Microsoft Exchange. Babu ɗayan waɗannan fa'idodin da ke aiki akan dandamali na Windows mai tallafi.
A cewar kamfanin Microsoft na kwanan nan blog post, Babban maƙasudin matakan ƙasa don amfani da Windows uku ya haifar da "haɓakar haɗarin hare-haren lalata yanar gizo" ta ƙungiyoyin gwamnati, wani lokacin ana kiransu "actorsan wasan ƙasa-ƙasa ko wasu ƙungiyoyin kwafi."
Abubuwan tsaro na Windows XP, Vista, da Server 2003 sun ƙunshi gyare-gyare don samfuran tallafi na ƙarshen uku. Ba kamar abubuwan yau da kullun na yau da kullun ba wanda aka kawo ta atomatik ta hanyar tsarin Windows Update zuwa na'urorin ku, waɗannan facin-matakin ƙasa dole ne a zazzage su kuma a sanya su da hannu. Ana samun waɗannan sabuntawa a cikin Cibiyar Zazzagewa ta Microsoft ko, a cikin Cataaukaka Katalogi, ko kuma za a iya samun hanyoyin saukar da bayanai a ƙasan Shawarwar Shawara ta Tsaro 4025685.
“Shawarar da muka yanke yau don sakin wadannan abubuwan tsaro ga dandamali wadanda ba a cikin tallafi mai tsawo ba kamata a kallesu a matsayin barin manufofinmu na aiki. Dangane da ƙididdigar yanayin barazanar da injiniyoyinmu na tsaro suka yi, mun yanke shawarar samar da abubuwan sabuntawa sosai. Kamar koyaushe, muna ba da shawarar abokan ciniki haɓaka zuwa sabbin dandamali. Mafi kyawu kariya ita ce kasancewa akan tsarin zamani, wanda zai dace da zamani wanda zai hada sabbin sabbin abubuwa na kariya. Tsoffin tsarin, koda kuwa sun kasance na zamani, basu da sabbin kayan tsaro da kuma ci gaba, ”Eric Doerr, babban manajan cibiyar amsar tsaro ta kamfanin, ya fada a wani daban blog post.
A halin yanzu, Adobe Har ila yau, ta bayar da gyare-gyaren tsaro don abubuwan sadaukarwarta mafi sauki, Flash Player da kuma Wasan Shockwave, shirye-shirye biyu galibin masu amfani zasu iya zama mafi kyau ba tare da ba. Kamfanin ya magance manyan kwari tara a cikin Flash Player wanda zai iya ba da izinin aiwatar da lambar nesa, biyar daga cikinsu saboda lalacewar ƙwaƙwalwar ajiya kuma huɗu suna amfani da-bayan-kyauta a cikin software.
Masu amfani da ke aiki da Chrome, Edge, da Internet Explorer 11 kuma daga baya za su sami sabuntawa ta atomatik daga Google da ƙungiyar tsaro ta Microsoft, yayin da sauran masu amfani za su sauke facin kai tsaye daga Adobe.
Mai kunnawa Shockwave ya karɓi facin lamba don aiwatar da rauni mai lamba a cikin sigar Windows ta software. Ya kamata masu amfani su zazzage sigar Shockwave Player 12.2.9.199 don kare kansu.
