ÐÅÏ¢Çå¾²Öܱ¨-2020ÄêµÚ20ÖÜ

Ðû²¼Ê±¼ä 2020-05-18

> ±¾ÖÜÇ徲̬ÊÆ×ÛÊö


2020Äê05ÔÂ11ÈÕÖÁ05ÔÂ17ÈÕ¹²ÊÕ¼Çå¾²Îó²î77¸ö£¬ £¬£¬£¬£¬ÖµµÃ¹Ø×¢µÄÊÇOpto22 SoftPAC ProjectÎÞÃÜÂëδÊÚȨ»á¼ûÎó²î; Adobe Acrobat CVE-2020-9607ÊͷźóʹÓôúÂëÖ´ÐÐÎó²î£»£» £»£»SAPApplication Server ABAPЧÀÍÊý¾Ý´úÂë×¢ÈëÎó²î£»£» £»£»Istio/envoy servicemesh-proxy´úÂëÖ´ÐÐÎó²î£»£» £»£»Microsoft SharePoint CVE-2020-1024í§Òâ´úÂëÖ´ÐÐÎó²î¡£¡£¡£¡£


±¾ÖÜÖµµÃ¹Ø×¢µÄÍøÂçÇå¾²ÊÂÎñÊǺڿÍ×é֯͵ȡ11¼Ò¹«Ë¾7320ÍòÌõÊý¾Ý£¬ £¬£¬£¬£¬ÔÚ°µÍø³öÊÛ£»£» £»£»KasperskyÐû²¼2020ÄêµÚÒ»¼¾¶ÈDDoS¹¥»÷Ç÷ÊƱ¨¸æ£»£» £»£»Î¢ÈíÐû²¼Îó²î²¹¶¡£¬ £¬£¬£¬£¬ÐÞ¸´12¿î²úÆ·ÖÐ111¸öÎó²î£»£» £»£»AdobeÐû²¼²¹¶¡³ÌÐò£¬ £¬£¬£¬£¬ÐÞ¸´3¿î²úÆ·ÖеÄ36¸öÎó²î£»£» £»£»Å²Íþ»ù½ð»áNorfundÔâÍøÂç¹¥»÷£¬ £¬£¬£¬£¬Ëðʧ1000ÍòÃÀÔª¡£¡£¡£¡£


ƾ֤ÒÔÉÏ×ÛÊö£¬ £¬£¬£¬£¬±¾ÖÜÇå¾²ÍþвΪÖС£¡£¡£¡£


>Ö÷ÒªÇå¾²Îó²îÁбí


1. Opto22 SoftPAC ProjectÎÞÃÜÂëδÊÚȨ»á¼ûÎó²î


Opto 22 SoftPAC Project SoftPACMonitorûÓÐʹÓÃÑé֤ƾ֤£¬ £¬£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇó£¬ £¬£¬£¬£¬¿ÉδÊÚȨ»á¼û£¬ £¬£¬£¬£¬¿ØÖÆ×°±¸¡£¡£¡£¡£

https://www.us-cert.gov/ics/advisories/icsa-20-135-01


2. AdobeAcrobat CVE-2020-9607ÊͷźóʹÓôúÂëÖ´ÐÐÎó²î


AdobeAcrobat´¦Öóͷ£PDFÎļþ±£´æÊͷźóʹÓÃÎó²î£¬ £¬£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÎļþÇëÇó£¬ £¬£¬£¬£¬ÓÕʹÓû§ÆÊÎö, ¿ÉʹӦÓóÌÐòÍ߽⻣» £»£»òÖ´ÐÐí§Òâ´úÂë¡£¡£¡£¡£

https://helpx.adobe.com/security/products/acrobat/apsb20-24.htm


3. SAPApplication Server ABAPЧÀÍÊý¾Ý´úÂë×¢ÈëÎó²î


SAP Application Server ABAPЧÀÍÊý¾Ý±£´æ´úÂë×¢ÈëÎó²î£¬ £¬£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇó£¬ £¬£¬£¬£¬ÒÔÓ¦ÓóÌÐòÉÏÏÂÎÄÖ´ÐÐí§Òâ´úÂë¡£¡£¡£¡£

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222


4. Istio/envoyservicemesh-proxy´úÂëÖ´ÐÐÎó²î


Istio/envoy servicemesh-proxy±£´æ¿ÕÖ¸ÕëÒýÓÃÎó²î£¬ £¬£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇó£¬ £¬£¬£¬£¬¿ÉʹӦÓóÌÐòÍ߽⡣¡£¡£¡£

https://talosintelligence.com/vulnerability_reports/TALOS-2020-1003


5. MicrosoftSharePoint CVE-2020-1024í§Òâ´úÂëÖ´ÐÐÎó²î


MicrosoftSharePoint±£´æÄÚ´æÆÆËðÎó²î£¬ £¬£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßʹÓÃÎó²îÌá½»ÌØÊâµÄÎļþÇëÇó£¬ £¬£¬£¬£¬ÓÕʹÓû§ÆÊÎö£¬ £¬£¬£¬£¬¿ÉʹӦÓóÌÐòÍ߽⻣» £»£»ò¿ÉÖ´ÐÐí§Òâ´úÂë¡£¡£¡£¡£

https://portal.msrc.microsoft.com/zh-CN/security-guidance/advisory/CVE-2020-1024



> Ö÷ÒªÇå¾²ÊÂÎñ×ÛÊö


1¡¢ºÚ¿Í×é֯͵ȡ11¼Ò¹«Ë¾7320ÍòÌõÊý¾Ý£¬ £¬£¬£¬£¬ÔÚ°µÍø³öÊÛ


¿­Ê±K66¡¤(ÖйúÇø)¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/hacker-group-floods-dark-web-with-data-stolen-from-11-companies/


2¡¢KasperskyÐû²¼2020ÄêµÚÒ»¼¾¶ÈDDoS¹¥»÷Ç÷ÊƱ¨¸æ


¿­Ê±K66¡¤(ÖйúÇø)¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://securelist.com/ddos-attacks-in-q1-2020/96837/


3¡¢Î¢ÈíÐû²¼Îó²î²¹¶¡£¬ £¬£¬£¬£¬ÐÞ¸´12¿î²úÆ·ÖÐ111¸öÎó²î


¿­Ê±K66¡¤(ÖйúÇø)¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://www.zdnet.com/article/microsoft-may-2020-patch-tuesday-fixes-111-vulnerabilities/


4¡¢AdobeÐû²¼²¹¶¡³ÌÐò£¬ £¬£¬£¬£¬ÐÞ¸´3¿î²úÆ·ÖеÄ36¸öÎó²î


¿­Ê±K66¡¤(ÖйúÇø)¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/adobe-fixes-critical-vulnerabilities-in-acrobat-reader-and-dng-sdk/leased/


5¡¢Å²Íþ»ù½ð»áNorfundÔâÍøÂç¹¥»÷£¬ £¬£¬£¬£¬Ëðʧ1000ÍòÃÀÔª


¿­Ê±K66¡¤(ÖйúÇø)¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://www.theregister.co.uk/2020/05/14/they_cant_affjord_it/