微软安全更新多个产品高危漏洞通告(CVE-2020-1054、CVE-2020-1067、CVE-2020-1153、CVE-2020-1062、CVE-2020-1023、CVE-2020-1024、CVE-2020–1102和CVE-2020-1069、CVE-2020-0901)

来源:scanv2020.05.16

一 漏洞概述

本月,微软共发布111个漏洞的补丁程序,影响较大的漏洞如下,其中,CVE-2020-1062、CVE-2020-1153、CVE-2020-1054、CVE-2020-1143、CVE-2020-1035被微软标记为“Exploitation More Likely”。

CVE-2020-1062 Internet Explorer 内存破坏漏洞

Internet Explorer在处理内存中的对象时,存在一个远程代码执行漏洞。攻击者可通过构造特制的站点、攻击脆弱网站、向内容或广告服务提供商添加特制内容,并诱导用户访问来利用此漏洞,攻击者还可以通过向用户发送邮件或即时消息并诱导用户点击链接或打开附件来利用此漏洞,成功利用此漏洞的远程攻击者可在目标系统上以该用户权限执行任意代码。

CVE-2020-1153 Microsoft Graphics Components 远程代码执行漏洞

Microsoft Graphics Components在处理内存中的对象时,存在远程代码执行漏洞。攻击者可通过诱导用户打开特制文件来利用此漏洞,成功利用此漏洞的远程攻击者可在目标系统上执行任意代码。

Win32k权限提升漏洞

Windows kernel-mode driver在处理内存中的对象时,存在两个权限提升漏洞(CVE-2020-1054、CVE-2020-1143)。攻击者可通过登录目标系统并运行特制程序来利用此漏洞,成功利用此漏洞的攻击者可在目标系统内核模式下运行任意代码。

CVE-2020-1035 VBScript远程代码执行漏洞

VBScript引擎在处理内存中的对象时,存在远程代码执行漏洞。攻击者可通过诱导用户访问特制网站或通过诱导用户打开嵌入标记为“初始化安全”的ActiveX控件的应用程序或Microsoft Office文档等方式来利用此漏洞,攻击者还可以通过攻击脆弱网站、向内容或广告服务提供商添加特制内容来利用此漏洞。成功利用此漏洞的远程攻击者可在目标系统上以该用户权限执行任意代码。

Microsoft SharePoint 远程代码执行漏洞

Microsoft SharePoint在检查应用程序包的源标记时,存在三个远程代码执行漏洞(CVE-2020-1023、CVE-2020-1024、CVE-2020-1102)。攻击者可通过向受影响SharePoint上传特制SharePoint应用程序包来利用此漏洞,成功利用此漏洞的攻击者可在 SharePoint应用程序池和SharePoint服务器账户的上下文中执行任意代码。

Media Foundation 内存破坏漏洞

Windows Media Foundation在处理内存中的对象时,存在三个远程代码执行漏洞(CVE-2020-1028、CVE-2020-1126、CVE-2020-1136)。攻击者可通过构造特制的站点并诱导用户访问或向用户发送特制文件并诱导用户打开来利用此漏洞,成功利用此漏洞的远程攻击者可在目标系统上以该用户权限执行任意代码。

CVE-2020-1056 Microsoft Edge 权限提升漏洞

Microsoft Edge在实施跨域策略时,存在权限提升漏洞,该漏洞允许攻击者从一个域获取信息并将其注入另一个域。攻击者可通过构造特制的站点、攻击脆弱网站、向内容或广告服务提供商添加特制内容,并诱导用户访问来利用此漏洞,成功利用此漏洞的远程攻击者可在受影响版本的Microsoft Edge中提升特权。

CVE-2020-1117 Microsoft Color Management 远程代码执行漏洞

Microsoft Color Management在处理内存中的对象时,存在远程代码执行漏洞。攻击者可通过构造特制的站点并诱导用户访问或通过向用户发送邮件或即时消息并诱导用户点击链接或打开附件来利用此漏洞,成功利用此漏洞的远程攻击者可在目标系统上以该用户权限执行任意代码。

二 影响版本

CVE-2020-1062:

Internet Explorer 11 on Windows  10 for 32-bit Systems      

Explorer 11 on Windows 10 for  x64-based Systems

Explorer 11 on Windows 10 Version  1607 for 32-bit Systems

Explorer 11 on Windows 10 Version  1607 for x64-based Systems    

Explorer 11 on Windows 10 Version  1709 for 32-bit Systems

Explorer 11 on Windows 10 Version  1709 for ARM64-based Systems   

Explorer 11 on Windows 10 Version  1709 for x64-based Systems

Explorer 11 on Windows 10 Version  1803 for 32-bit Systems 

Explorer 11 on Windows 10 Version  1803 for ARM64-based Systems

Explorer 11 on Windows 10 Version  1803 for x64-based Systems

Explorer 11 on Windows 10 Version  1809 for 32-bit Systems 

Explorer 11 on Windows 10 Version  1809 for ARM64-based Systems

Explorer 11 on Windows 10 Version  1809 for x64-based Systems

Explorer 11 on Windows 10 Version  1903 for 32-bit Systems

Explorer 11 on Windows 10 Version  1903 for ARM64-based Systems

Explorer 11 on Windows 10 Version  1903 for x64-based Systems

Explorer 11 on Windows 10 Version  1909 for 32-bit Systems

Explorer 11 on Windows 10 Version  1909 for ARM64-based Systems

Explorer 11 on Windows 10 Version  1909 for x64-based Systems

Explorer 11 on Windows 7 for  32-bit Systems Service Pack 1

Explorer 11 on Windows 7 for  x64-based Systems Service Pack 1

Explorer 11 on Windows 8.1 for  32-bit systems

Explorer 11 on Windows 8.1 for  x64-based systems

Explorer 11 on Windows RT 8.1

Internet Explorer 9 on Windows  Server 2008 for 32-bit Systems Service Pack 2

Internet Explorer 9  on Windows Server 2008 for x64-based Systems  Service Pack 2

Explorer 11 on Windows Server  2008 R2 for x64-based Systems Service Pack 1      

Explorer 11 on Windows Server  2012

Explorer 11 on Windows Server  2012 R2

Explorer 11 on Windows Server  2016    

Explorer 11 on Windows Server  2019

CVE-2020-1153:

Windows 10 Version 1803 for  32-bit Systems

Windows 10 Version 1803 for  x64-based Systems

Windows Server, version 1803 (Server  Core Installation)

Windows 10 Version 1803 for  ARM64-based Systems

Windows 10 Version 1809 for  32-bit Systems

Windows 10 Version 1809 for  x64-based Systems

Windows 10 Version 1809 for  ARM64-based Systems

Windows Server 2019

Windows Server 2019 (Server Core  installation)

Windows 10 Version 1909 for  32-bit Systems

Windows 10 Version 1909 for  x64-based Systems

Windows 10 Version 1909 for  ARM64-based Systems

Windows Server, version 1909  (Server Core installation)

Windows 10 Version 1709 for  32-bit Systems

Windows 10 Version 1709 for  x64-based Systems

Windows 10 Version 1709 for  ARM64-based Systems

Windows 10 Version 1903 for  32-bit Systems

Windows 10 Version 1903 for  x64-based Systems

Windows 10 Version 1903 for  ARM64-based Systems

Windows Server, version 1903  (Server Core installation)

Windows 10 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 Version 1607 for  32-bit Systems

Windows 10 Version 1607 for  x64-based Systems

Windows Server 2016

Windows Server 2016 (Server Core  installation)

Windows 7 for 32-bit Systems  Service Pack 1

Windows 7 for x64-based Systems  Service Pack 1

Windows 8.1 for 32-bit systems

Windows 8.1 for x64-based systems

Windows RT 8.1

Windows Server 2008 for 32-bit  Systems Service Pack 2

Windows Server 2008 for 32-bit  Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for  Itanium-Based Systems Service Pack 2

Windows Server 2008 for x64-based  Systems Service Pack 2

Windows Server 2008 for x64-based  Systems Service Pack 2 (Server Core installation)

Windows Server 2008 R2 for Itanium-Based  Systems Service Pack 1

Windows Server 2008 R2 for  x64-based Systems Service Pack 1

Windows Server 2008 R2 for  x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2012

Windows Server 2012 (Server Core  installation)

Windows Server 2012 R2

Windows Server 2012 R2 (Server  Core installation)

CVE-2020-1054:

Windows 10 Version 1803 for  32-bit Systems

Windows 10 Version 1803 for  x64-based Systems

Windows Server, version 1803 (Server  Core Installation)

Windows 10 Version 1803 for ARM64-based  Systems

Windows 10 Version 1809 for  32-bit Systems

Windows 10 Version 1809 for  x64-based Systems

Windows 10 Version 1809 for  ARM64-based Systems

Windows Server 2019

Windows Server 2019 (Server Core  installation)

Windows 10 Version 1909 for 32-bit  Systems

Windows 10 Version 1909 for  x64-based Systems

Windows 10 Version 1909 for  ARM64-based Systems

Windows Server, version 1909  (Server Core installation)

Windows 10 Version 1709 for  32-bit Systems

Windows 10 Version 1709 for  x64-based Systems

Windows 10 Version 1709 for  ARM64-based Systems

Windows 10 Version 1903 for  32-bit Systems

Windows 10 Version 1903 for  x64-based Systems

Windows 10 Version 1903 for  ARM64-based Systems

Windows Server, version 1903  (Server Core installation)

Windows 10 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 Version 1607 for  32-bit Systems

Windows 10 Version 1607 for  x64-based Systems

Windows Server 2016

Windows Server 2016 (Server Core  installation)

Windows 7 for 32-bit Systems  Service Pack 1

Windows 7 for x64-based Systems  Service Pack 1

Windows 8.1 for 32-bit systems

Windows 8.1 for x64-based systems

Windows RT 8.1

Windows Server 2008 for 32-bit  Systems Service Pack 2

Windows Server 2008 for 32-bit  Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for  Itanium-Based Systems Service Pack 2

Windows Server 2008 for x64-based  Systems Service Pack 2

Windows Server 2008 for x64-based  Systems Service Pack 2 (Server Core installation)

Windows Server 2008 R2 for  Itanium-Based Systems Service Pack 1

Windows Server 2008 R2 for  x64-based Systems Service Pack 1

Windows Server 2008 R2 for  x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2012

Windows Server 2012 (Server Core  installation)

Windows Server 2012 R2

Windows Server 2012 R2 (Server  Core installation)

CVE-2020-1143:

Windows 10 Version 1803 for  32-bit Systems

Windows 10 Version 1803 for  x64-based Systems

Windows Server, version 1803 (Server  Core Installation)

Windows 10 Version 1803 for  ARM64-based Systems

Windows 10 Version 1809 for  32-bit Systems

Windows 10 Version 1809 for  x64-based Systems

Windows 10 Version 1809 for  ARM64-based Systems

Windows Server 2019

Windows Server 2019 (Server Core  installation)

Windows 10 Version 1909 for  32-bit Systems

Windows 10 Version 1909 for  x64-based Systems

Windows 10 Version 1909 for  ARM64-based Systems

Windows Server, version 1909  (Server Core installation)

Windows 10 Version 1709 for  32-bit Systems

Windows 10 Version 1709 for  x64-based Systems

Windows 10 Version 1709 for  ARM64-based Systems

Windows 10 Version 1903 for  32-bit Systems

Windows 10 Version 1903 for  x64-based Systems

Windows 10 Version 1903 for  ARM64-based Systems

Windows Server, version 1903  (Server Core installation)

Windows 10 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 Version 1607 for  32-bit Systems

Windows 10 Version 1607 for  x64-based Systems

Windows Server 2016

Windows Server 2016 (Server Core  installation)

Windows 7 for 32-bit Systems  Service Pack 1

Windows 7 for x64-based Systems  Service Pack 1

Windows 8.1 for 32-bit systems

Windows 8.1 for x64-based systems

Windows RT 8.1

Windows Server 2008 for 32-bit  Systems Service Pack 2

Windows Server 2008 for 32-bit  Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for  Itanium-Based Systems Service Pack 2

Windows Server 2008 for x64-based  Systems Service Pack 2

Windows Server 2008 for x64-based  Systems Service Pack 2 (Server Core installation)

Windows Server 2008 R2 for  Itanium-Based Systems Service Pack 1

Windows Server 2008 R2 for x64-based  Systems Service Pack 1

Windows Server 2008 R2 for  x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2012

Windows Server 2012 (Server Core  installation)

Windows Server 2012 R2

Windows Server 2012 R2 (Server  Core installation)

CVE-2020-1035:

Internet Explorer 11 on Windows  10 Version 1803 for 32-bit Systems

Internet Explorer 11 on Windows  10 Version 1803 for x64-based Systems

Internet Explorer 11 on Windows  10 Version 1803 for ARM64-based Systems

Internet Explorer 11 on Windows  10 Version 1809 for 32-bit Systems

Internet Explorer 11 on Windows  10 Version 1809 for x64-based Systems

Internet Explorer 11 on Windows  10 Version 1809 for ARM64-based Systems

Internet Explorer 11 on Windows  Server 2019

Internet Explorer 11 on Windows  10 Version 1909 for 32-bit Systems

Internet Explorer 11 on Windows  10 Version 1909 for x64-based Systems

Internet Explorer 11 on Windows  10 Version 1909 for ARM64-based Systems

Internet Explorer 11 on Windows  10 Version 1709 for 32-bit Systems

Internet Explorer 11 on Windows  10 Version 1709 for x64-based Systems

Internet Explorer 11 on Windows  10 Version 1709 for ARM64-based Systems

Internet Explorer 11 on Windows  10 Version 1903 for 32-bit Systems

Internet Explorer 11 on Windows  10 Version 1903 for x64-based Systems

Internet Explorer 11 on Windows  10 Version 1903 for ARM64-based Systems

Internet Explorer 11 on Windows  10 for 32-bit Systems

Internet Explorer 11 on Windows  10 for x64-based Systems     

Internet Explorer 11 on Windows  10 Version 1607 for 32-bit Systems

Internet Explorer 11 on Windows  10 Version 1607 for x64-based Systems

Internet Explorer 11 on Windows  Server 2016

Internet Explorer 11 on Windows 7  for 32-bit Systems Service Pack 1

Internet Explorer 11 on Windows 7  for x64-based Systems Service Pack 1

Internet Explorer 11 on Windows  8.1 for 32-bit systems

Internet Explorer 11 on Windows  8.1 for x64-based systems     

Internet Explorer 11 on Windows  RT 8.1 4556846    Monthly Rollup

Internet Explorer 11 on Windows  Server 2008 R2 for x64-based Systems Service Pack 1

Internet Explorer 11 on Windows  Server 2012

Internet Explorer 11 on Windows  Server 2012 R2

Internet Explorer 9  on Windows Server 2008 for 32-bit Systems  Service Pack 2

Internet Explorer 9  on Windows Server 2008 for x64-based Systems  Service Pack 2

CVE-2020-1023:

Microsoft SharePoint Enterprise  Server 2016

Microsoft SharePoint Server 2019

Microsoft SharePoint Foundation  2013 Service Pack 1

CVE-2020-1024:

Microsoft SharePoint Enterprise  Server 2016

Microsoft SharePoint Server 2019

Microsoft SharePoint Foundation  2013 Service Pack 1

CVE-2020-1102:

Microsoft SharePoint Enterprise  Server 2016

Microsoft SharePoint Server 2019

CVE-2020-1028:

Windows 10 Version 1803 for  32-bit Systems

Windows 10 Version 1803 for  x64-based Systems

Windows Server, version 1803 (Server  Core Installation)

Windows 10 Version 1803 for  ARM64-based Systems

Windows 10 Version 1809 for  32-bit Systems

Windows 10 Version 1809 for  x64-based Systems

Windows 10 Version 1809 for  ARM64-based Systems

Windows Server 2019

Windows Server 2019 (Server Core  installation)

Windows 10 Version 1909 for  32-bit Systems

Windows 10 Version 1909 for  x64-based Systems

Windows 10 Version 1909 for  ARM64-based Systems

Windows Server, version 1909  (Server Core installation)

Windows 10 Version 1709 for  32-bit Systems

Windows 10 Version 1709 for  x64-based Systems

Windows 10 Version 1709 for  ARM64-based Systems

Windows 10 Version 1903 for  32-bit Systems

Windows 10 Version 1903 for  x64-based Systems

Windows 10 Version 1903 for  ARM64-based Systems

Windows Server, version 1903  (Server Core installation)

Windows 10 Version 1607 for  32-bit Systems

Windows 10 Version 1607 for  x64-based Systems

Windows Server 2016

Windows Server 2016 (Server Core  installation)

CVE-2020-1126:

Windows 10 Version 1803 for  32-bit Systems

Windows 10 Version 1803 for  x64-based Systems

Windows Server, version 1803 (Server  Core Installation)

Windows 10 Version 1803 for  ARM64-based Systems

Windows 10 Version 1809 for  32-bit Systems

Windows 10 Version 1809 for  x64-based Systems

Windows 10 Version 1809 for  ARM64-based Systems

Windows Server 2019

Windows Server 2019 (Server Core  installation)

Windows 10 Version 1909 for  32-bit Systems

Windows 10 Version 1909 for  x64-based Systems

Windows 10 Version 1909 for  ARM64-based Systems

Windows Server, version 1909  (Server Core installation)

Windows 10 Version 1709 for  32-bit Systems

Windows 10 Version 1709 for  x64-based Systems

Windows 10 Version 1709 for  ARM64-based Systems

Windows 10 Version 1903 for  32-bit Systems

Windows 10 Version 1903 for  x64-based Systems

Windows 10 Version 1903 for  ARM64-based Systems

Windows Server, version 1903  (Server Core installation)

Windows 10 Version 1607 for  32-bit Systems

Windows 10 Version 1607 for  x64-based Systems

Windows Server 2016

Windows Server 2016 (Server Core  installation)

CVE-2020-1136:

Windows 10 Version 1803 for  32-bit Systems

Windows 10 Version 1803 for  x64-based Systems

Windows Server, version 1803 (Server  Core Installation)

Windows 10 Version 1803 for  ARM64-based Systems

Windows 10 Version 1809 for  32-bit Systems

Windows 10 Version 1809 for  x64-based Systems

Windows 10 Version 1809 for  ARM64-based Systems

Windows Server 2019

Windows Server 2019 (Server Core  installation)

Windows 10 Version 1909 for  32-bit Systems

Windows 10 Version 1909 for  x64-based Systems

Windows 10 Version 1909 for  ARM64-based Systems

Windows Server, version 1909  (Server Core installation)

Windows 10 Version 1709 for  32-bit Systems

Windows 10 Version 1709 for  x64-based Systems

Windows 10 Version 1709 for  ARM64-based Systems

Windows 10 Version 1903 for  32-bit Systems

Windows 10 Version 1903 for  x64-based Systems

Windows 10 Version 1903 for  ARM64-based Systems

Windows Server, version 1903  (Server Core installation)

Windows 10 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 Version 1607 for  32-bit Systems

Windows 10 Version 1607 for  x64-based Systems

Windows Server 2016

Windows Server 2016 (Server Core  installation)

Windows 8.1 for 32-bit systems

Windows 8.1 for x64-based systems

Windows RT 8.1

Windows Server 2012 R2

Windows Server 2012 R2 (Server  Core installation)

CVE-2020-1056:

Microsoft Edge (EdgeHTML-based)  on Windows 10 Version 1803 for 32-bit Systems

Microsoft Edge (EdgeHTML-based)  on Windows 10 Version 1803 for x64-based Systems

Microsoft Edge (EdgeHTML-based)  on Windows 10 Version 1803 for ARM64-based Systems

Microsoft Edge (EdgeHTML-based)  on Windows 10 Version 1809 for 32-bit Systems

Microsoft Edge (EdgeHTML-based)  on Windows 10 Version 1809 for x64-based Systems

Microsoft Edge (EdgeHTML-based)  on Windows 10 Version 1809 for ARM64-based Systems

Microsoft Edge (EdgeHTML-based)  on Windows Server 2019

Microsoft Edge (EdgeHTML-based)  on Windows 10 Version 1909 for 32-bit Systems

Microsoft Edge (EdgeHTML-based)  on Windows 10 Version 1909 for x64-based Systems

Microsoft Edge (EdgeHTML-based)  on Windows 10 Version 1909 for ARM64-based Systems

Microsoft Edge (EdgeHTML-based)  on Windows 10 Version 1709 for 32-bit Systems

Microsoft Edge (EdgeHTML-based)  on Windows 10 Version 1709 for x64-based Systems

Microsoft Edge (EdgeHTML-based)  on Windows 10 Version 1709 for ARM64-based Systems

Microsoft Edge (EdgeHTML-based)  on Windows 10 Version 1903 for 32-bit Systems

Microsoft Edge (EdgeHTML-based)  on Windows 10 Version 1903 for x64-based Systems

Microsoft Edge (EdgeHTML-based)  on Windows 10 Version 1903 for ARM64-based Systems

Microsoft Edge (EdgeHTML-based)  on Windows 10 Version 1607 for 32-bit Systems

Microsoft Edge (EdgeHTML-based)  on Windows 10 Version 1607 for x64-based Systems

Microsoft Edge (EdgeHTML-based)  on Windows Server 2016

CVE-2020-1117:

Windows 10 Version 1803 for  32-bit Systems

Windows 10 Version 1803 for  x64-based Systems

Windows Server, version 1803 (Server  Core Installation)

Windows 10 Version 1803 for  ARM64-based Systems

Windows 10 Version 1809 for  32-bit Systems

Windows 10 Version 1809 for  x64-based Systems

Windows 10 Version 1809 for  ARM64-based Systems

Windows Server 2019

Windows Server 2019 (Server Core  installation)

Windows 10 Version 1909 for  32-bit Systems

Windows 10 Version 1909 for  x64-based Systems

Windows 10 Version 1909 for  ARM64-based Systems

Windows Server, version 1909  (Server Core installation)

Windows 10 Version 1709 for  32-bit Systems

Windows 10 Version 1709 for  x64-based Systems

Windows 10 Version 1709 for  ARM64-based Systems

Windows 10 Version 1903 for  32-bit Systems

Windows 10 Version 1903 for  x64-based Systems

Windows 10 Version 1903 for  ARM64-based Systems

Windows Server, version 1903  (Server Core installation)

Windows 10 Version 1607 for  32-bit Systems

Windows 10 Version 1607 for  x64-based Systems

Windows Server 2016

Windows Server 2016 (Server Core  installation)

三 复现过程

四 影响范围

根据 ZoomEye 网络空间搜索引擎对关键字 “Microsoft Windows” 进行搜索,共得到 17,282,748 条 IP 历史记录,主要分布在中国、美国等国家;对关键字 “Microsoft Office” 进行搜索,共得到 13, 443 条 IP 历史记录,主要分布在美国、中国等国家;对关键字 “SharePoint” 进行搜索,共得到 11,552 条 IP 历史记录,主要分布在沙特阿拉伯、美国等国家。

五 修复建议

1.建议受影响用户尽快安装补丁进行防护,用户在安装补丁后,应及时检查补丁是否成功更新。针对未成功安装的更新,可点击更新名称跳转到微软官方下载页面

2.修改Internet Explorer处理内存中对象

3.更正Microsoft Graphics Components处理内存中对象

4.更正Windows内核模式驱动程序处理内存中对象

5.修改脚本引擎处理内存中对象

6.更正SharePoint如何检查应用程序包的源标记

六 相关链接

微软:https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/

ZoomEye 网络空间搜索引擎:

https://www.zoomeye.org/searchResult?q=app%3A%22Microsoft%20Windows%22

https://www.zoomeye.org/searchResult?q=app%3A%22Microsoft%20Office%22

https://www.zoomeye.org/searchResult?q=app%3A%22SharePoint%22

热门文章

  • WebSphere远程代码执行漏洞(CVE-2020-4450)

    2020年6月5日,IBM官方发布通告修复了WebSphere Application Server(WAS)中的远程代码执行(CVE-2020-4450)漏洞,此漏洞由IIOP协议上的反序列化造成,未经身份认证的攻击者可以通过IIOP协议远程攻击WAS服务器,在目标服务端执行任意代码,获取系统权限,进而接管服务器。

  • SpaceX火箭发射成功,勒索团伙入侵其IT供应商内网并留下祝贺信息

    SpaceX和美国宇航局NASA首次载人火箭发射成功后不久,勒索团伙DopplePaymer即刻宣布入侵了NASA IT供应商之一DMI的内网。

  • 用友NC反序列化远程命令执行“0-Day”漏洞

    2020年6月4日,知道创宇监测到有国内安全组织披露用友NC存在反序列化远程命令执行“0-Day”漏洞。经知道创宇安全团队分析,漏洞真实存在,攻击者通过构造特定的HTTP请求,可以成功利用漏洞在目标服务器上执行任意命令,该漏洞风险极大,可能造成严重的信息泄露事件。

关注知道创宇云安全

获取安全动态