ÐÅÏ¢Çå¾²Öܱ¨-2020ÄêµÚ20ÖÜ

Ðû²¼Ê±¼ä 2020-05-18

> ±¾ÖÜÇ徲̬ÊÆ×ÛÊö


2020Äê05ÔÂ11ÈÕÖÁ05ÔÂ17ÈÕ¹²ÊÕ¼Çå¾²Îó²î77¸ö £¬ÖµµÃ¹Ø×¢µÄÊÇOpto22 SoftPAC ProjectÎÞÃÜÂëδÊÚȨ»á¼ûÎó²î; Adobe Acrobat CVE-2020-9607ÊͷźóʹÓôúÂëÖ´ÐÐÎó²î£»SAPApplication Server ABAP·þÎñÊý¾Ý´úÂë×¢ÈëÎó²î£»Istio/envoy servicemesh-proxy´úÂëÖ´ÐÐÎó²î£»Microsoft SharePoint CVE-2020-1024í§Òâ´úÂëÖ´ÐÐÎó²î ¡£


±¾ÖÜÖµµÃ¹Ø×¢µÄÍøÂçÇå¾²ÊÂÎñÊǺڿÍ×é֯͵ȡ11¼Ò¹«Ë¾7320ÍòÌõÊý¾Ý £¬ÔÚ°µÍø³öÊÛ£»KasperskyÐû²¼2020ÄêµÚÒ»¼¾¶ÈDDoS¹¥»÷Ç÷ÊƱ¨¸æ£»Î¢ÈíÐû²¼Îó²î²¹¶¡ £¬ÐÞ¸´12¿î²úÆ·ÖÐ111¸öÎó²î£»AdobeÐû²¼²¹¶¡³ÌÐò £¬ÐÞ¸´3¿î²úÆ·ÖеÄ36¸öÎó²î£»Å²Íþ»ù½ð»áNorfundÔâÍøÂç¹¥»÷ £¬Ëðʧ1000ÍòÃÀÔª ¡£


ƾ֤ÒÔÉÏ×ÛÊö £¬±¾ÖÜÇå¾²ÍþвΪÖÐ ¡£


>Ö÷ÒªÇå¾²Îó²îÁбí


1. Opto22 SoftPAC ProjectÎÞÃÜÂëδÊÚȨ»á¼ûÎó²î


Opto 22 SoftPAC Project SoftPACMonitorûÓÐʹÓÃÑé֤ƾ֤ £¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇó £¬¿ÉδÊÚȨ»á¼û £¬¿ØÖÆ×°±¸ ¡£

https://www.us-cert.gov/ics/advisories/icsa-20-135-01


2. AdobeAcrobat CVE-2020-9607ÊͷźóʹÓôúÂëÖ´ÐÐÎó²î


AdobeAcrobat´¦Öóͷ£PDFÎļþ±£´æÊͷźóʹÓÃÎó²î £¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÎļþÇëÇó £¬ÓÕʹÓû§ÆÊÎö, ¿ÉʹӦÓóÌÐò±ÀÀ£»òÖ´ÐÐí§Òâ´úÂë ¡£

https://helpx.adobe.com/security/products/acrobat/apsb20-24.htm


3. SAPApplication Server ABAP·þÎñÊý¾Ý´úÂë×¢ÈëÎó²î


SAP Application Server ABAP·þÎñÊý¾Ý±£´æ´úÂë×¢ÈëÎó²î £¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇó £¬ÒÔÓ¦ÓóÌÐòÉÏÏÂÎÄÖ´ÐÐí§Òâ´úÂë ¡£

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222


4. Istio/envoyservicemesh-proxy´úÂëÖ´ÐÐÎó²î


Istio/envoy servicemesh-proxy±£´æ¿ÕÖ¸ÕëÒýÓÃÎó²î £¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇó £¬¿ÉʹӦÓóÌÐòÍ߽⠡£

https://talosintelligence.com/vulnerability_reports/TALOS-2020-1003


5. MicrosoftSharePoint CVE-2020-1024í§Òâ´úÂëÖ´ÐÐÎó²î


MicrosoftSharePoint±£´æÄÚ´æÆÆËðÎó²î £¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßʹÓÃÎó²îÌá½»ÌØÊâµÄÎļþÇëÇó £¬ÓÕʹÓû§ÆÊÎö £¬¿ÉʹӦÓóÌÐò±ÀÀ£»ò¿ÉÖ´ÐÐí§Òâ´úÂë ¡£

https://portal.msrc.microsoft.com/zh-CN/security-guidance/advisory/CVE-2020-1024



> Ö÷ÒªÇå¾²ÊÂÎñ×ÛÊö


1¡¢ºÚ¿Í×é֯͵ȡ11¼Ò¹«Ë¾7320ÍòÌõÊý¾Ý £¬ÔÚ°µÍø³öÊÛ


ÓÅ·¢¹ú¼Ê¡¤ËæÓŶø¶¯Ò»´¥¼´·¢


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/hacker-group-floods-dark-web-with-data-stolen-from-11-companies/


2¡¢KasperskyÐû²¼2020ÄêµÚÒ»¼¾¶ÈDDoS¹¥»÷Ç÷ÊƱ¨¸æ


ÓÅ·¢¹ú¼Ê¡¤ËæÓŶø¶¯Ò»´¥¼´·¢


Ô­ÎÄÁ´½Ó£º

https://securelist.com/ddos-attacks-in-q1-2020/96837/


3¡¢Î¢ÈíÐû²¼Îó²î²¹¶¡ £¬ÐÞ¸´12¿î²úÆ·ÖÐ111¸öÎó²î


ÓÅ·¢¹ú¼Ê¡¤ËæÓŶø¶¯Ò»´¥¼´·¢


Ô­ÎÄÁ´½Ó£º

https://www.zdnet.com/article/microsoft-may-2020-patch-tuesday-fixes-111-vulnerabilities/


4¡¢AdobeÐû²¼²¹¶¡³ÌÐò £¬ÐÞ¸´3¿î²úÆ·ÖеÄ36¸öÎó²î


ÓÅ·¢¹ú¼Ê¡¤ËæÓŶø¶¯Ò»´¥¼´·¢


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/adobe-fixes-critical-vulnerabilities-in-acrobat-reader-and-dng-sdk/leased/


5¡¢Å²Íþ»ù½ð»áNorfundÔâÍøÂç¹¥»÷ £¬Ëðʧ1000ÍòÃÀÔª


ÓÅ·¢¹ú¼Ê¡¤ËæÓŶø¶¯Ò»´¥¼´·¢


Ô­ÎÄÁ´½Ó£º

https://www.theregister.co.uk/2020/05/14/they_cant_affjord_it/