ÐÅÏ¢Çå¾²Öܱ¨-2020ÄêµÚ20ÖÜ

Ðû²¼Ê±¼ä 2020-05-18

> ±¾ÖÜÇ徲̬ÊÆ×ÛÊö


2020Äê05ÔÂ11ÈÕÖÁ05ÔÂ17ÈÕ¹²ÊÕ¼Çå¾²Îó²î77¸ö£¬£¬£¬£¬£¬£¬ÖµµÃ¹Ø×¢µÄÊÇOpto22 SoftPAC ProjectÎÞÃÜÂëδÊÚȨ»á¼ûÎó²î; Adobe Acrobat CVE-2020-9607ÊͷźóʹÓôúÂëÖ´ÐÐÎó²î£»£»£»£»£»SAPApplication Server ABAPЧÀÍÊý¾Ý´úÂë×¢ÈëÎó²î£»£»£»£»£»Istio/envoy servicemesh-proxy´úÂëÖ´ÐÐÎó²î£»£»£»£»£»Microsoft SharePoint CVE-2020-1024í§Òâ´úÂëÖ´ÐÐÎó²î¡£¡£


±¾ÖÜÖµµÃ¹Ø×¢µÄÍøÂçÇå¾²ÊÂÎñÊǺڿÍ×é֯͵ȡ11¼Ò¹«Ë¾7320ÍòÌõÊý¾Ý£¬£¬£¬£¬£¬£¬ÔÚ°µÍø³öÊÛ£»£»£»£»£»KasperskyÐû²¼2020ÄêµÚÒ»¼¾¶ÈDDoS¹¥»÷Ç÷ÊƱ¨¸æ£»£»£»£»£»Î¢ÈíÐû²¼Îó²î²¹¶¡£¬£¬£¬£¬£¬£¬ÐÞ¸´12¿î²úÆ·ÖÐ111¸öÎó²î£»£»£»£»£»AdobeÐû²¼²¹¶¡³ÌÐò£¬£¬£¬£¬£¬£¬ÐÞ¸´3¿î²úÆ·ÖеÄ36¸öÎó²î£»£»£»£»£»Å²Íþ»ù½ð»áNorfundÔâÍøÂç¹¥»÷£¬£¬£¬£¬£¬£¬Ëðʧ1000ÍòÃÀÔª¡£¡£


ƾ֤ÒÔÉÏ×ÛÊö£¬£¬£¬£¬£¬£¬±¾ÖÜÇå¾²ÍþвΪÖС£¡£


>Ö÷ÒªÇå¾²Îó²îÁбí


1. Opto22 SoftPAC ProjectÎÞÃÜÂëδÊÚȨ»á¼ûÎó²î


Opto 22 SoftPAC Project SoftPACMonitorûÓÐʹÓÃÑé֤ƾ֤£¬£¬£¬£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬£¬£¬£¬£¬¿ÉδÊÚȨ»á¼û£¬£¬£¬£¬£¬£¬¿ØÖÆ×°±¸¡£¡£

https://www.us-cert.gov/ics/advisories/icsa-20-135-01


2. AdobeAcrobat CVE-2020-9607ÊͷźóʹÓôúÂëÖ´ÐÐÎó²î


AdobeAcrobat´¦Öóͷ£PDFÎļþ±£´æÊͷźóʹÓÃÎó²î£¬£¬£¬£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÎļþÇëÇ󣬣¬£¬£¬£¬£¬ÓÕʹÓû§ÆÊÎö, ¿ÉʹӦÓóÌÐò±ÀÀ£»£»£»£»£»òÖ´ÐÐí§Òâ´úÂë¡£¡£

https://helpx.adobe.com/security/products/acrobat/apsb20-24.htm


3. SAPApplication Server ABAPЧÀÍÊý¾Ý´úÂë×¢ÈëÎó²î


SAP Application Server ABAPЧÀÍÊý¾Ý±£´æ´úÂë×¢ÈëÎó²î£¬£¬£¬£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬£¬£¬£¬£¬ÒÔÓ¦ÓóÌÐòÉÏÏÂÎÄÖ´ÐÐí§Òâ´úÂë¡£¡£

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222


4. Istio/envoyservicemesh-proxy´úÂëÖ´ÐÐÎó²î


Istio/envoy servicemesh-proxy±£´æ¿ÕÖ¸ÕëÒýÓÃÎó²î£¬£¬£¬£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬£¬£¬£¬£¬¿ÉʹӦÓóÌÐòÍ߽⡣¡£

https://talosintelligence.com/vulnerability_reports/TALOS-2020-1003


5. MicrosoftSharePoint CVE-2020-1024í§Òâ´úÂëÖ´ÐÐÎó²î


MicrosoftSharePoint±£´æÄÚ´æÆÆËðÎó²î£¬£¬£¬£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßʹÓÃÎó²îÌá½»ÌØÊâµÄÎļþÇëÇ󣬣¬£¬£¬£¬£¬ÓÕʹÓû§ÆÊÎö£¬£¬£¬£¬£¬£¬¿ÉʹӦÓóÌÐò±ÀÀ£»£»£»£»£»ò¿ÉÖ´ÐÐí§Òâ´úÂë¡£¡£

https://portal.msrc.microsoft.com/zh-CN/security-guidance/advisory/CVE-2020-1024



> Ö÷ÒªÇå¾²ÊÂÎñ×ÛÊö


1¡¢ºÚ¿Í×é֯͵ȡ11¼Ò¹«Ë¾7320ÍòÌõÊý¾Ý£¬£¬£¬£¬£¬£¬ÔÚ°µÍø³öÊÛ


¿­Ðý¹ú¼ÊÓÎÏ·(Öйú)¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/hacker-group-floods-dark-web-with-data-stolen-from-11-companies/


2¡¢KasperskyÐû²¼2020ÄêµÚÒ»¼¾¶ÈDDoS¹¥»÷Ç÷ÊƱ¨¸æ


¿­Ðý¹ú¼ÊÓÎÏ·(Öйú)¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://securelist.com/ddos-attacks-in-q1-2020/96837/


3¡¢Î¢ÈíÐû²¼Îó²î²¹¶¡£¬£¬£¬£¬£¬£¬ÐÞ¸´12¿î²úÆ·ÖÐ111¸öÎó²î


¿­Ðý¹ú¼ÊÓÎÏ·(Öйú)¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://www.zdnet.com/article/microsoft-may-2020-patch-tuesday-fixes-111-vulnerabilities/


4¡¢AdobeÐû²¼²¹¶¡³ÌÐò£¬£¬£¬£¬£¬£¬ÐÞ¸´3¿î²úÆ·ÖеÄ36¸öÎó²î


¿­Ðý¹ú¼ÊÓÎÏ·(Öйú)¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/adobe-fixes-critical-vulnerabilities-in-acrobat-reader-and-dng-sdk/leased/


5¡¢Å²Íþ»ù½ð»áNorfundÔâÍøÂç¹¥»÷£¬£¬£¬£¬£¬£¬Ëðʧ1000ÍòÃÀÔª


¿­Ðý¹ú¼ÊÓÎÏ·(Öйú)¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://www.theregister.co.uk/2020/05/14/they_cant_affjord_it/