ÐÅÏ¢Çå¾²Öܱ¨-2020ÄêµÚ20ÖÜ

Ðû²¼Ê±¼ä 2020-05-18

> ±¾ÖÜÇ徲̬ÊÆ×ÛÊö


2020Äê05ÔÂ11ÈÕÖÁ05ÔÂ17ÈÕ¹²ÊÕ¼Çå¾²Îó²î77¸ö£¬£¬£¬£¬£¬ÖµµÃ¹Ø×¢µÄÊÇOpto22 SoftPAC ProjectÎÞÃÜÂëδÊÚȨ»á¼ûÎó²î; Adobe Acrobat CVE-2020-9607ÊͷźóʹÓôúÂëÖ´ÐÐÎó²î£»£»£»£»£»£»£»SAPApplication Server ABAPЧÀÍÊý¾Ý´úÂë×¢ÈëÎó²î£»£»£»£»£»£»£»Istio/envoy servicemesh-proxy´úÂëÖ´ÐÐÎó²î£»£»£»£»£»£»£»Microsoft SharePoint CVE-2020-1024í§Òâ´úÂëÖ´ÐÐÎó²î¡£¡£¡£¡£¡£


±¾ÖÜÖµµÃ¹Ø×¢µÄÍøÂçÇå¾²ÊÂÎñÊǺڿÍ×é֯͵ȡ11¼Ò¹«Ë¾7320ÍòÌõÊý¾Ý£¬£¬£¬£¬£¬ÔÚ°µÍø³öÊÛ£»£»£»£»£»£»£»KasperskyÐû²¼2020ÄêµÚÒ»¼¾¶ÈDDoS¹¥»÷Ç÷ÊƱ¨¸æ£»£»£»£»£»£»£»Î¢ÈíÐû²¼Îó²î²¹¶¡£¬£¬£¬£¬£¬ÐÞ¸´12¿î²úÆ·ÖÐ111¸öÎó²î£»£»£»£»£»£»£»AdobeÐû²¼²¹¶¡³ÌÐò£¬£¬£¬£¬£¬ÐÞ¸´3¿î²úÆ·ÖеÄ36¸öÎó²î£»£»£»£»£»£»£»Å²Íþ»ù½ð»áNorfundÔâÍøÂç¹¥»÷£¬£¬£¬£¬£¬Ëðʧ1000ÍòÃÀÔª¡£¡£¡£¡£¡£


ƾ֤ÒÔÉÏ×ÛÊö£¬£¬£¬£¬£¬±¾ÖÜÇå¾²ÍþвΪÖС£¡£¡£¡£¡£


>Ö÷ÒªÇå¾²Îó²îÁбí


1. Opto22 SoftPAC ProjectÎÞÃÜÂëδÊÚȨ»á¼ûÎó²î


Opto 22 SoftPAC Project SoftPACMonitorûÓÐʹÓÃÑé֤ƾ֤£¬£¬£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬£¬£¬£¬¿ÉδÊÚȨ»á¼û£¬£¬£¬£¬£¬¿ØÖÆ×°±¸¡£¡£¡£¡£¡£

https://www.us-cert.gov/ics/advisories/icsa-20-135-01


2. AdobeAcrobat CVE-2020-9607ÊͷźóʹÓôúÂëÖ´ÐÐÎó²î


AdobeAcrobat´¦Öóͷ£PDFÎļþ±£´æÊͷźóʹÓÃÎó²î£¬£¬£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÎļþÇëÇ󣬣¬£¬£¬£¬ÓÕʹÓû§ÆÊÎö, ¿ÉʹӦÓóÌÐò±ÀÀ£»£»£»£»£»£»£»òÖ´ÐÐí§Òâ´úÂë¡£¡£¡£¡£¡£

https://helpx.adobe.com/security/products/acrobat/apsb20-24.htm


3. SAPApplication Server ABAPЧÀÍÊý¾Ý´úÂë×¢ÈëÎó²î


SAP Application Server ABAPЧÀÍÊý¾Ý±£´æ´úÂë×¢ÈëÎó²î£¬£¬£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬£¬£¬£¬ÒÔÓ¦ÓóÌÐòÉÏÏÂÎÄÖ´ÐÐí§Òâ´úÂë¡£¡£¡£¡£¡£

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222


4. Istio/envoyservicemesh-proxy´úÂëÖ´ÐÐÎó²î


Istio/envoy servicemesh-proxy±£´æ¿ÕÖ¸ÕëÒýÓÃÎó²î£¬£¬£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬£¬£¬£¬¿ÉʹӦÓóÌÐòÍ߽⡣¡£¡£¡£¡£

https://talosintelligence.com/vulnerability_reports/TALOS-2020-1003


5. MicrosoftSharePoint CVE-2020-1024í§Òâ´úÂëÖ´ÐÐÎó²î


MicrosoftSharePoint±£´æÄÚ´æÆÆËðÎó²î£¬£¬£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßʹÓÃÎó²îÌá½»ÌØÊâµÄÎļþÇëÇ󣬣¬£¬£¬£¬ÓÕʹÓû§ÆÊÎö£¬£¬£¬£¬£¬¿ÉʹӦÓóÌÐò±ÀÀ£»£»£»£»£»£»£»ò¿ÉÖ´ÐÐí§Òâ´úÂë¡£¡£¡£¡£¡£

https://portal.msrc.microsoft.com/zh-CN/security-guidance/advisory/CVE-2020-1024



> Ö÷ÒªÇå¾²ÊÂÎñ×ÛÊö


1¡¢ºÚ¿Í×é֯͵ȡ11¼Ò¹«Ë¾7320ÍòÌõÊý¾Ý£¬£¬£¬£¬£¬ÔÚ°µÍø³öÊÛ


welcome-°ÙÀÖ²©


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/hacker-group-floods-dark-web-with-data-stolen-from-11-companies/


2¡¢KasperskyÐû²¼2020ÄêµÚÒ»¼¾¶ÈDDoS¹¥»÷Ç÷ÊƱ¨¸æ


welcome-°ÙÀÖ²©


Ô­ÎÄÁ´½Ó£º

https://securelist.com/ddos-attacks-in-q1-2020/96837/


3¡¢Î¢ÈíÐû²¼Îó²î²¹¶¡£¬£¬£¬£¬£¬ÐÞ¸´12¿î²úÆ·ÖÐ111¸öÎó²î


welcome-°ÙÀÖ²©


Ô­ÎÄÁ´½Ó£º

https://www.zdnet.com/article/microsoft-may-2020-patch-tuesday-fixes-111-vulnerabilities/


4¡¢AdobeÐû²¼²¹¶¡³ÌÐò£¬£¬£¬£¬£¬ÐÞ¸´3¿î²úÆ·ÖеÄ36¸öÎó²î


welcome-°ÙÀÖ²©


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/adobe-fixes-critical-vulnerabilities-in-acrobat-reader-and-dng-sdk/leased/


5¡¢Å²Íþ»ù½ð»áNorfundÔâÍøÂç¹¥»÷£¬£¬£¬£¬£¬Ëðʧ1000ÍòÃÀÔª


welcome-°ÙÀÖ²©


Ô­ÎÄÁ´½Ó£º

https://www.theregister.co.uk/2020/05/14/they_cant_affjord_it/