ÐÅÏ¢Äþ¾²Öܱ¨-2020ÄêµÚ20ÖÜ

Ðû²¼Ê±¼ä 2020-05-18

> ±¾ÖÜÄþ¾²Ì¬ÊÆ×ÛÊö


2020Äê05ÔÂ11ÈÕÖÁ05ÔÂ17ÈÕ¹²ÊÕ¼Äþ¾²Â©¶´77¸ö£¬ÖµµÃ¹Ø×¢µÄÊÇOpto22 SoftPAC ProjectÎÞÃÜÂëδÊÚȨ·ÃÎÊ©¶´; Adobe Acrobat CVE-2020-9607ÊͷźóʹÓôúÂëÖ´ÐЩ¶´£»SAPApplication Server ABAP·þÎñÊý¾Ý´úÂë×¢È멶´£»Istio/envoy servicemesh-proxy´úÂëÖ´ÐЩ¶´£»Microsoft SharePoint CVE-2020-1024ÈÎÒâ´úÂëÖ´ÐЩ¶´¡£


±¾ÖÜÖµµÃ¹Ø×¢µÄÍøÂçÄþ¾²Ê¼þÊǺڿÍ×é֯͵ȡ11¼Ò¹«Ë¾7320ÍòÌõÊý¾Ý£¬ÔÚ°µÍø³öÊÛ£»KasperskyÐû²¼2020ÄêµÚÒ»¼¾¶ÈDDoS¹¥»÷Ç÷ÊƳÂËߣ»Î¢ÈíÐû²¼Â©¶´²¹¶¡£¬ÐÞ¸´12¿î²úÎïÖÐ111¸ö©¶´£»AdobeÐû²¼²¹¶¡·¨Ê½£¬ÐÞ¸´3¿î²úÎïÖеÄ36¸ö©¶´£»Å²Íþ»ù½ð»áNorfundÔâÍøÂç¹¥»÷£¬Ëðʧ1000ÍòÃÀÔª¡£


ƾ¾ÝÒÔÉÏ×ÛÊö£¬±¾ÖÜÄþ¾²ÍþвΪÖС£


>ÖØÒªÄþ¾²Â©¶´Áбí


1. Opto22 SoftPAC ProjectÎÞÃÜÂëδÊÚȨ·ÃÎÊ©¶´


Opto 22 SoftPAC Project SoftPACMonitorûÓÐʹÓÃÑé֤ƾ¾Ý£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔÀûÓ鶴Ìá½»ÌØÊâµÄÇëÇ󣬿ÉδÊÚȨ·ÃÎÊ£¬¿ØÖÆÉ豸¡£

https://www.us-cert.gov/ics/advisories/icsa-20-135-01


2. AdobeAcrobat CVE-2020-9607ÊͷźóʹÓôúÂëÖ´ÐЩ¶´


AdobeAcrobat´¦ÖÃPDFÎļþ´æÔÚÊͷźóʹÓ鶴£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔÀûÓ鶴Ìá½»ÌØÊâµÄÎļþÇëÇó£¬ÓÕʹÓû§½âÎö, ¿ÉʹӦÓ÷¨Ê½±ÀÀ£»òÖ´ÐÐÈÎÒâ´úÂë¡£

https://helpx.adobe.com/security/products/acrobat/apsb20-24.htm


3. SAPApplication Server ABAP·þÎñÊý¾Ý´úÂë×¢È멶´


SAP Application Server ABAP·þÎñÊý¾Ý´æÔÚ´úÂë×¢È멶´£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßÀûÓ鶴Ìá½»ÌØÊâµÄÇëÇó£¬ÒÔÓ¦Ó÷¨Ê½ÉÏÏÂÎÄÖ´ÐÐÈÎÒâ´úÂë¡£

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222


4. Istio/envoyservicemesh-proxy´úÂëÖ´ÐЩ¶´


Istio/envoy servicemesh-proxy´æÔÚ¿ÕÖ¸ÕëÒýÓ鶴£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßÀûÓ鶴Ìá½»ÌØÊâµÄÇëÇ󣬿ÉʹӦÓ÷¨Ê½Í߽⡣

https://talosintelligence.com/vulnerability_reports/TALOS-2020-1003


5. MicrosoftSharePoint CVE-2020-1024ÈÎÒâ´úÂëÖ´ÐЩ¶´


MicrosoftSharePoint´æÔÚÄÚ´æÆÆ»µÂ©¶´£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßÀûÓ鶴Ìá½»ÌØÊâµÄÎļþÇëÇó£¬ÓÕʹÓû§½âÎö£¬¿ÉʹӦÓ÷¨Ê½±ÀÀ£»ò¿ÉÖ´ÐÐÈÎÒâ´úÂë¡£

https://portal.msrc.microsoft.com/zh-CN/security-guidance/advisory/CVE-2020-1024



> ÖØÒªÄþ¾²Ê¼þ×ÛÊö


1¡¢ºÚ¿Í×é֯͵ȡ11¼Ò¹«Ë¾7320ÍòÌõÊý¾Ý£¬ÔÚ°µÍø³öÊÛ


×ðÁú¶¶È¦ - Ϊdu¶øÉú


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/hacker-group-floods-dark-web-with-data-stolen-from-11-companies/


2¡¢KasperskyÐû²¼2020ÄêµÚÒ»¼¾¶ÈDDoS¹¥»÷Ç÷ÊƳÂËß


×ðÁú¶¶È¦ - Ϊdu¶øÉú


Ô­ÎÄÁ´½Ó£º

https://securelist.com/ddos-attacks-in-q1-2020/96837/


3¡¢Î¢ÈíÐû²¼Â©¶´²¹¶¡£¬ÐÞ¸´12¿î²úÎïÖÐ111¸ö©¶´


×ðÁú¶¶È¦ - Ϊdu¶øÉú


Ô­ÎÄÁ´½Ó£º

https://www.zdnet.com/article/microsoft-may-2020-patch-tuesday-fixes-111-vulnerabilities/


4¡¢AdobeÐû²¼²¹¶¡·¨Ê½£¬ÐÞ¸´3¿î²úÎïÖеÄ36¸ö©¶´


×ðÁú¶¶È¦ - Ϊdu¶øÉú


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/adobe-fixes-critical-vulnerabilities-in-acrobat-reader-and-dng-sdk/leased/


5¡¢Å²Íþ»ù½ð»áNorfundÔâÍøÂç¹¥»÷£¬Ëðʧ1000ÍòÃÀÔª


×ðÁú¶¶È¦ - Ϊdu¶øÉú


Ô­ÎÄÁ´½Ó£º

https://www.theregister.co.uk/2020/05/14/they_cant_affjord_it/