ÐÅÏ¢°²È«Öܱ¨-2020ÄêµÚ20ÖÜ

°ä²¼¹¦·ò 2020-05-18

> ±¾ÖÜ°²È«Ì¬ÊÆ×ÛÊö


2020Äê05ÔÂ11ÈÕÖÁ05ÔÂ17ÈÕ¹²ÊÕ¼°²È«·ì϶77¸ö £¬ÖµµÃ¹Ø×¢µÄÊÇOpto22 SoftPAC ProjectÎÞÃÜÂëδÊÚȨ½Ó¼û·ì϶; Adobe Acrobat CVE-2020-9607¿ªÊͺóʹÓôúÂëÖ´Ðзì϶£»SAPApplication Server ABAP·þÎñÊý¾Ý´úÂë×¢Èë·ì϶£»Istio/envoy servicemesh-proxy´úÂëÖ´Ðзì϶£»Microsoft SharePoint CVE-2020-1024ËÁÒâ´úÂëÖ´Ðзì϶¡£


±¾ÖÜÖµµÃ¹Ø×¢µÄÍøÂ簲ȫÊÂÎñÊǺڿÍ×éÖ¯µÁÈ¡11¼Ò¹«Ë¾7320ÍòÌõÊý¾Ý £¬ÔÚ°µÍøÏúÊÛ£»Kaspersky°ä²¼2020ÄêµÚÒ»¼¾¶ÈDDoS¹¥»÷Ç÷Ïò»ã±¨£»Î¢Èí°ä²¼·ì϶²¹¶¡ £¬½¨¸´12¿î²úÆ·ÖÐ111¸ö·ì϶£»Adobe°ä²¼²¹¶¡·¨Ê½ £¬½¨¸´3¿î²úÆ·ÖеÄ36¸ö·ì϶£»Å²Íþ»ù½ð»áNorfundÔâÍøÂç¹¥»÷ £¬Ëðʧ1000ÍòÃÀÔª¡£


ƾ¾ÝÒÔÉÏ×ÛÊö £¬±¾ÖÜ°²È«ÍþвΪÖС£


>³ÁÒª°²È«·ì϶Áбí


1. Opto22 SoftPAC ProjectÎÞÃÜÂëδÊÚȨ½Ó¼û·ì϶


Opto 22 SoftPAC Project SoftPACMonitorûÓÐʹÓÃÑé֤ʹ´¦ £¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßÄܹ»ÀûÓ÷ì϶Ìá½»ÌØÊâµÄÒªÇó £¬¿ÉδÊÚȨ½Ó¼û £¬½ÚÔìÉ豸¡£

https://www.us-cert.gov/ics/advisories/icsa-20-135-01


2. AdobeAcrobat CVE-2020-9607¿ªÊͺóʹÓôúÂëÖ´Ðзì϶


AdobeAcrobat´¦ÖÃPDFÎļþ´æÔÚ¿ªÊͺóʹÓ÷ì϶ £¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßÄܹ»ÀûÓ÷ì϶Ìá½»ÌØÊâµÄÎļþÒªÇó £¬ÓÕʹÓû§½âÎö, ¿ÉʹÀûÓ÷¨Ê½±ÀÀ£»òÖ´ÐÐËÁÒâ´úÂë¡£

https://helpx.adobe.com/security/products/acrobat/apsb20-24.htm


3. SAPApplication Server ABAP·þÎñÊý¾Ý´úÂë×¢Èë·ì϶


SAP Application Server ABAP·þÎñÊý¾Ý´æÔÚ´úÂë×¢Èë·ì϶ £¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßÀûÓ÷ì϶Ìá½»ÌØÊâµÄÒªÇó £¬ÒÔÀûÓ÷¨Ê½¸ßµÍÎÄÖ´ÐÐËÁÒâ´úÂë¡£

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222


4. Istio/envoyservicemesh-proxy´úÂëÖ´Ðзì϶


Istio/envoy servicemesh-proxy´æÔÚ¿ÕÖ¸ÕëÒýÓ÷ì϶ £¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßÀûÓ÷ì϶Ìá½»ÌØÊâµÄÒªÇó £¬¿ÉʹÀûÓ÷¨Ê½±ÀÀ£¡£

https://talosintelligence.com/vulnerability_reports/TALOS-2020-1003


5. MicrosoftSharePoint CVE-2020-1024ËÁÒâ´úÂëÖ´Ðзì϶


MicrosoftSharePoint´æÔÚÄÚ´æ·ÛËé·ì϶ £¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßÀûÓ÷ì϶Ìá½»ÌØÊâµÄÎļþÒªÇó £¬ÓÕʹÓû§½âÎö £¬¿ÉʹÀûÓ÷¨Ê½±ÀÀ£»ò¿ÉÖ´ÐÐËÁÒâ´úÂë¡£

https://portal.msrc.microsoft.com/zh-CN/security-guidance/advisory/CVE-2020-1024



> ³ÁÒª°²È«ÊÂÎñ×ÛÊö


1¡¢ºÚ¿Í×éÖ¯µÁÈ¡11¼Ò¹«Ë¾7320ÍòÌõÊý¾Ý £¬ÔÚ°µÍøÏúÊÛ


GA»Æ½ð¼×¡¤(ÖйúÇø)¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/hacker-group-floods-dark-web-with-data-stolen-from-11-companies/


2¡¢Kaspersky°ä²¼2020ÄêµÚÒ»¼¾¶ÈDDoS¹¥»÷Ç÷Ïò»ã±¨


GA»Æ½ð¼×¡¤(ÖйúÇø)¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://securelist.com/ddos-attacks-in-q1-2020/96837/


3¡¢Î¢Èí°ä²¼·ì϶²¹¶¡ £¬½¨¸´12¿î²úÆ·ÖÐ111¸ö·ì϶


GA»Æ½ð¼×¡¤(ÖйúÇø)¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://www.zdnet.com/article/microsoft-may-2020-patch-tuesday-fixes-111-vulnerabilities/


4¡¢Adobe°ä²¼²¹¶¡·¨Ê½ £¬½¨¸´3¿î²úÆ·ÖеÄ36¸ö·ì϶


GA»Æ½ð¼×¡¤(ÖйúÇø)¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/adobe-fixes-critical-vulnerabilities-in-acrobat-reader-and-dng-sdk/leased/


5¡¢Å²Íþ»ù½ð»áNorfundÔâÍøÂç¹¥»÷ £¬Ëðʧ1000ÍòÃÀÔª


GA»Æ½ð¼×¡¤(ÖйúÇø)¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://www.theregister.co.uk/2020/05/14/they_cant_affjord_it/