ÐÅÏ¢Çå¾²Öܱ¨-2020ÄêµÚ20ÖÜ

Ðû²¼Ê±¼ä 2020-05-18

> ±¾ÖÜÇ徲̬ÊÆ×ÛÊö


2020Äê05ÔÂ11ÈÕÖÁ05ÔÂ17ÈÕ¹²ÊÕ¼Çå¾²Îó²î77¸ö£¬£¬£¬ÖµµÃ¹Ø×¢µÄÊÇOpto22 SoftPAC ProjectÎÞÃÜÂëδÊÚȨ»á¼ûÎó²î; Adobe Acrobat CVE-2020-9607ÊͷźóʹÓôúÂëÖ´ÐÐÎó²î £»£»£»£»SAPApplication Server ABAPЧÀÍÊý¾Ý´úÂë×¢ÈëÎó²î £»£»£»£»Istio/envoy servicemesh-proxy´úÂëÖ´ÐÐÎó²î £»£»£»£»Microsoft SharePoint CVE-2020-1024í§Òâ´úÂëÖ´ÐÐÎó²î¡£¡£ ¡£¡£¡£


±¾ÖÜÖµµÃ¹Ø×¢µÄÍøÂçÇå¾²ÊÂÎñÊǺڿÍ×é֯͵ȡ11¼Ò¹«Ë¾7320ÍòÌõÊý¾Ý£¬£¬£¬ÔÚ°µÍø³öÊÛ £»£»£»£»KasperskyÐû²¼2020ÄêµÚÒ»¼¾¶ÈDDoS¹¥»÷Ç÷ÊƱ¨¸æ £»£»£»£»Î¢ÈíÐû²¼Îó²î²¹¶¡£¬£¬£¬ÐÞ¸´12¿î²úÆ·ÖÐ111¸öÎó²î £»£»£»£»AdobeÐû²¼²¹¶¡³ÌÐò£¬£¬£¬ÐÞ¸´3¿î²úÆ·ÖеÄ36¸öÎó²î £»£»£»£»Å²Íþ»ù½ð»áNorfundÔâÍøÂç¹¥»÷£¬£¬£¬Ëðʧ1000ÍòÃÀÔª¡£¡£ ¡£¡£¡£


ƾ֤ÒÔÉÏ×ÛÊö£¬£¬£¬±¾ÖÜÇå¾²ÍþвΪÖС£¡£ ¡£¡£¡£


>Ö÷ÒªÇå¾²Îó²îÁбí


1. Opto22 SoftPAC ProjectÎÞÃÜÂëδÊÚȨ»á¼ûÎó²î


Opto 22 SoftPAC Project SoftPACMonitorûÓÐʹÓÃÑé֤ƾ֤£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬£¬¿ÉδÊÚȨ»á¼û£¬£¬£¬¿ØÖÆ×°±¸¡£¡£ ¡£¡£¡£

https://www.us-cert.gov/ics/advisories/icsa-20-135-01


2. AdobeAcrobat CVE-2020-9607ÊͷźóʹÓôúÂëÖ´ÐÐÎó²î


AdobeAcrobat´¦Öóͷ£PDFÎļþ±£´æÊͷźóʹÓÃÎó²î£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÎļþÇëÇ󣬣¬£¬ÓÕʹÓû§ÆÊÎö, ¿ÉʹӦÓóÌÐò±ÀÀ £»£»£»£»òÖ´ÐÐí§Òâ´úÂë¡£¡£ ¡£¡£¡£

https://helpx.adobe.com/security/products/acrobat/apsb20-24.htm


3. SAPApplication Server ABAPЧÀÍÊý¾Ý´úÂë×¢ÈëÎó²î


SAP Application Server ABAPЧÀÍÊý¾Ý±£´æ´úÂë×¢ÈëÎó²î£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬£¬ÒÔÓ¦ÓóÌÐòÉÏÏÂÎÄÖ´ÐÐí§Òâ´úÂë¡£¡£ ¡£¡£¡£

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222


4. Istio/envoyservicemesh-proxy´úÂëÖ´ÐÐÎó²î


Istio/envoy servicemesh-proxy±£´æ¿ÕÖ¸ÕëÒýÓÃÎó²î£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬£¬¿ÉʹӦÓóÌÐòÍ߽⡣¡£ ¡£¡£¡£

https://talosintelligence.com/vulnerability_reports/TALOS-2020-1003


5. MicrosoftSharePoint CVE-2020-1024í§Òâ´úÂëÖ´ÐÐÎó²î


MicrosoftSharePoint±£´æÄÚ´æÆÆËðÎó²î£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßʹÓÃÎó²îÌá½»ÌØÊâµÄÎļþÇëÇ󣬣¬£¬ÓÕʹÓû§ÆÊÎö£¬£¬£¬¿ÉʹӦÓóÌÐò±ÀÀ £»£»£»£»ò¿ÉÖ´ÐÐí§Òâ´úÂë¡£¡£ ¡£¡£¡£

https://portal.msrc.microsoft.com/zh-CN/security-guidance/advisory/CVE-2020-1024



> Ö÷ÒªÇå¾²ÊÂÎñ×ÛÊö


1¡¢ºÚ¿Í×é֯͵ȡ11¼Ò¹«Ë¾7320ÍòÌõÊý¾Ý£¬£¬£¬ÔÚ°µÍø³öÊÛ


Z6¡¤×ðÁú¿­Ê±¡¸ÖйúÇø¡¹¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/hacker-group-floods-dark-web-with-data-stolen-from-11-companies/


2¡¢KasperskyÐû²¼2020ÄêµÚÒ»¼¾¶ÈDDoS¹¥»÷Ç÷ÊƱ¨¸æ


Z6¡¤×ðÁú¿­Ê±¡¸ÖйúÇø¡¹¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://securelist.com/ddos-attacks-in-q1-2020/96837/


3¡¢Î¢ÈíÐû²¼Îó²î²¹¶¡£¬£¬£¬ÐÞ¸´12¿î²úÆ·ÖÐ111¸öÎó²î


Z6¡¤×ðÁú¿­Ê±¡¸ÖйúÇø¡¹¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://www.zdnet.com/article/microsoft-may-2020-patch-tuesday-fixes-111-vulnerabilities/


4¡¢AdobeÐû²¼²¹¶¡³ÌÐò£¬£¬£¬ÐÞ¸´3¿î²úÆ·ÖеÄ36¸öÎó²î


Z6¡¤×ðÁú¿­Ê±¡¸ÖйúÇø¡¹¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/adobe-fixes-critical-vulnerabilities-in-acrobat-reader-and-dng-sdk/leased/


5¡¢Å²Íþ»ù½ð»áNorfundÔâÍøÂç¹¥»÷£¬£¬£¬Ëðʧ1000ÍòÃÀÔª


Z6¡¤×ðÁú¿­Ê±¡¸ÖйúÇø¡¹¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://www.theregister.co.uk/2020/05/14/they_cant_affjord_it/