綠盟科技釋出了本周安全通告,周報編号nsfocus-17-24,綠盟科技漏洞庫本周新增109條,其中高危93條。本次周報建議大家關注 windows lnk檔案遠端代碼執行漏洞 。微軟官方已經在6月份釋出的安全更新檔中修複了此漏洞,受影響的使用者應立即通過windows自動更新服務來下載下傳更新該安全更新檔來防護。對于無法及時更新更新檔的主機,建議禁用u盤、網絡共享的功能。
<a href="http://toutiao.secjia.com/windows-lnk-rce-cve-2017-8464" target="_blank">windows lnk檔案遠端代碼執行漏洞</a>
nsfocus id 36895
cve id cve-2017-8464
受影響版本
windows 10
windows 7
windows 8.1
windows 8
windows vista
windows rt 8.1
windows server 2016
windows server 2012
windows server 2008
漏洞點評
microsoft windows在處理惡意的快捷方式(.lnk)檔案時存在漏洞,攻擊者可以通過可移動驅動器(u盤)或遠端共享等方式将包含惡意lnk檔案和與之相關的惡意二進制檔案傳播給使用者。當使用者通過windows資料總管或任何能夠解析lnk檔案的程式打開惡意的lnk檔案時,與之關聯的惡意二進制代碼将在目标系統上執行。成功利用此漏洞的攻擊者可以獲得與本地使用者相同的使用者權限。微軟官方已經在6月份釋出的安全更新檔中修複了此漏洞,受影響的使用者應立即通過windows自動更新服務來下載下傳更新該安全更新檔來防護。對于無法及時更新更新檔的主機,建議禁用u盤、網絡共享的功能。
(資料來源:綠盟科技安全研究部&産品規則組)
最近一周cve公告總數與前期相比數量回升。值得關注的高危漏洞如下:
标題:sneaky hackers use intel management tools to bypass windows firewall
時間:2017-06-12
摘要:the group, which microsoft has named platinum, has developed a system for sending files—such as new payloads to run and new versions of their malware—to compromised machines。
連結:https://arstechnica.com/security/2017/06/sneaky-hackers-use-intel-management-tools-to-bypass-windows-firewall/
摘要:criminal hackers have started using a novel malware attack that infects people when their mouse hovers over a link embedded in a malicious powerpoint file.
連結:https://arstechnica.com/security/2017/06/malicious-powerpoint-files-can-infect-targets-when-hovering-over-hyperlinks/
時間:2017-06-02
摘要:the national cybersecurity and communications integration center (nccic) is aware of public reports from eset and dragos outlining a new, highly capable industrial controls systems (ics) attack platform that was reportedly used in 2016 against critical infrastructure in ukraine. as reported by eset (link is external) and dragos (link is external), the crashoverride malware is an extensible platform that could be used to target critical infrastructure sectors. nccic is working with its partners to validate the eset and dragos analysis, and develop a better understanding of the risk this new malware poses to the u.s. critical infrastructure.
連結:https://www.us-cert.gov/ncas/alerts/ta17-163a
摘要:malware researchers at security firm fortinet have spotted macransom, it is the first mac ransomware offered as a raas service.
連結:http://securityaffairs.co/wordpress/59981/malware/macransom-raas.html
标題:彭博社稱俄羅斯黑客攻陷美國39個州的選舉系統
時間:2017-06-13
摘要:彭博社的一份新報告顯示,美國39個州選舉系統在去年美國大選前後被黑,在某些情況下,攻擊者甚至可以通路國家級選民問卷資料,損害多達9萬名選民的記錄。。
連結:http://www.youxia.org/2017/06/29925.html
标題:rare xp patches fix three remaining leaked nsa exploits
時間:2017-06-14
摘要:microsoft today released security updates to fix almost a hundred flaws in its various windows operating systems and related software. one bug is so serious that microsoft is issuing patches for it on windows xp and other operating systems the company no longer officially supports. separately, adobe has pushed critical updates for its flash and shockwave players, two programs most users would probably be better off without.
連結:https://krebsonsecurity.com/2017/06/microsoft-adobe-ship-critical-fixes/
摘要:the united states computer emergency readiness team (us-cert) released a technical alert on tuesday on behalf of the dhs and the fbi to warn organizations of north korea’s “hidden cobra” activities, particularly distributed denial-of-service (ddos) attacks.
連結:http://www.securityweek.com/us-warns-north-koreas-hidden-cobra-attacks
時間:2017-06-15
摘要:wikileaks has published a new batch of the ongoing vault 7 leak, this time detailing a framework – which is being used by the cia for monitoring the internet activity of the targeted systems by exploiting vulnerabilities in wi-fi devices.
連結:http://thehackernews.com/2017/06/cia-wireless-router-hacking-tool.html
标題:jaff ransomware decryption tool released – don’t pay, unlock files for free
摘要:kaspersky labs has released an updated version 1.21.2.1 of its free ransomware decryption tool, rakhnidecryptor, which can now also decrypt files locked by the jaff ransomware..
連結:http://thehackernews.com/2017/06/jaff-ransomware-decryption-tool.html
标題:nigerian bec scams hit 500 companies in 50 countries
摘要:nigerian cybercriminals targeting industrial firms have stolen a slew of sensitive technical drawings, network diagrams, cost estimates, and project plans already this year. the data, exfiltrated by a cocktail of different spyware programs, wasn’t stolen from just executives, but also operators, engineers, designers and architects.
連結:https://threatpost.com/nigerian-bec-scams-hit-500-companies-in-50-countries/126298/
(資料來源:綠盟科技 威脅情報與網絡安全實驗室 收集整理)
截止到2017年6月16日,綠盟科技漏洞庫已收錄總條目達到36926條。本周新增漏洞記錄109條,其中高危漏洞數量93條,中危漏洞數量11條,低危漏洞數量5條。
cisco email security/content security management appliance跨站腳本漏洞(cve-2017-6661)
危險等級:中
bid:98950
cve編号:cve-2017-6661
cisco email security appliance附件過濾器繞過漏洞(cve-2017-6671)
bid:98969
cve編号:cve-2017-6671
cisco elastic services controller資訊洩露漏洞(cve-2017-6696)
危險等級:低
bid:98952
cve編号:cve-2017-6696
cisco elastic services controller未授權目錄通路漏洞(cve-2017-6693)
cve編号:cve-2017-6693
cisco elastic services controller資訊洩露漏洞(cve-2017-6691)
cve編号:cve-2017-6691
cisco elastic services controller預設管理者憑證漏洞(cve-2017-6689)
cve編号:cve-2017-6689
cisco elastic services controller遠端指令執行漏洞(cve-2017-6682)
bid:98951
cve編号:cve-2017-6682
pivotal spring web flow安全功能繞過漏洞(cve-2017-4971)
危險等級:高
bid:98785
cve編号:cve-2017-4971
cisco elastic services controller遠端指令執行漏洞(cve-2017-6683)
cve編号:cve-2017-6683
cisco elastic services controller安全限制繞過漏洞(cve-2017-6684)
bid:98979
cve編号:cve-2017-6684
cisco elastic services controller安全限制繞過漏洞(cve-2017-6688)
bid:98973
cve編号:cve-2017-6688
cisco elastic services controller資訊洩露漏洞(cve-2017-6697)
bid:98959
cve編号:cve-2017-6697
apache nifi跨架構腳本漏洞(cve-2017-7667)
cve編号:cve-2017-7667
apache nifi跨站腳本漏洞(cve-2017-7665)
cve編号:cve-2017-7665
google chrome os 本地資訊洩露漏洞(cve-2017-5084)
bid:98986
cve編号:cve-2017-5084
microsoft windows kernel本地權限提升漏洞(cve-2017-0297)
bid:98840
cve編号:cve-2017-0297
vmware vsphere data protection指令執行漏洞(cve-2017-4914)
bid:98939
cve編号:cve-2017-4914
microsoft internet explorer/edge資訊洩露漏洞(cve-2017-8529)
bid:98953
cve編号:cve-2017-8529
microsoft edge安全限制繞過漏洞(cve-2017-8555)
bid:98956
cve編号:cve-2017-8555
microsoft edge遠端代碼漏洞(cve-2017-8549)
bid:98955
cve編号:cve-2017-8549
microsoft edge遠端記憶體破壞漏洞(cve-2017-8548)
bid:98954
cve編号:cve-2017-8548
microsoft windows uniscribe遠端代碼執行漏洞(cve-2017-8528)
bid:98949
cve編号:cve-2017-8528
microsoft windows graphics component本地資訊洩露漏洞(cve-2017-8553)
bid:98940
cve編号:cve-2017-8553
microsoft windows graphics component遠端代碼執行漏洞(cve-2017-8527)
bid:98933
cve編号:cve-2017-8527
microsoft internet explorer遠端記憶體破壞漏洞(cve-2017-8547)
bid:98932
cve編号:cve-2017-8547
microsoft edge遠端記憶體破壞漏洞(cve-2017-8523)
bid:98928
cve編号:cve-2017-8523
microsoft windows graphics component資訊洩露漏洞(cve-2017-0289)
bid:98929
cve編号:cve-2017-0289
microsoft internet explorer/edge遠端記憶體破壞漏洞(cve-2017-8524)
bid:98930
cve編号:cve-2017-8524
microsoft internet explorer/edge遠端記憶體破壞漏洞(cve-2017-8522)
bid:98926
cve編号:cve-2017-8522
microsoft windows hyper-v本地權限提升漏洞(cve-2017-0193)
bid:98878
cve編号:cve-2017-0193
microsoft windows device guard 本地安全限制繞過漏洞(cve-2017-0215)
bid:98879
cve編号:cve-2017-0215
microsoft windows kernel 資訊洩露漏洞(cve-2017-8474)
bid:98902
cve編号:cve-2017-8474
microsoft windows kernel 資訊洩露漏洞(cve-2017-0300)
bid:98901
cve編号:cve-2017-0300
microsoft windows device guard 本地安全限制繞過漏洞(cve-2017-0219)
bid:98898
cve編号:cve-2017-0219
microsoft windows 本地安全限制繞過漏洞(cve-2017-0295)
bid:98904
cve編号:cve-2017-0295
microsoft internet explorer遠端記憶體破壞漏洞(cve-2017-8519)
bid:98999
cve編号:cve-2017-8519
microsoft sharepoint server遠端權限提升漏洞(cve-2017-8551)
bid:98913
cve編号:cve-2017-8551
microsoft windows kernel 資訊洩露漏洞(cve-2017-8462)
bid:98900
cve編号:cve-2017-8462
microsoft windows kernel 資訊洩露漏洞(cve-2017-8476)
bid:98903
cve編号:cve-2017-8476
microsoft skype for business/lync server 遠端代碼執行漏洞(cve-2017-8550)
bid:98916
cve編号:cve-2017-8550
microsoft windows graphics component資訊洩露漏洞(cve-2017-0286)
bid:98891
cve編号:cve-2017-0286
microsoft windows pdf資訊洩露漏洞(cve-2017-8460)
bid:98887
cve編号:cve-2017-8460
microsoft windows graphics component資訊洩露漏洞(cve-2017-0287)
bid:98922
cve編号:cve-2017-0287
microsoft windows graphics component資訊洩露漏洞(cve-2017-0288)
bid:98923
cve編号:cve-2017-0288
microsoft windows kernel 資訊洩露漏洞(cve-2017-0299)
bid:98884
cve編号:cve-2017-0299
microsoft outlook for mac欺騙漏洞(cve-2017-8545)
bid:98917
cve編号:cve-2017-8545
microsoft windows device guard 本地安全限制繞過漏洞(cve-2017-0218)
bid:98897
cve編号:cve-2017-0218
microsoft windows device guard 本地安全限制繞過漏洞(cve-2017-0216)
bid:98896
cve編号:cve-2017-0216
microsoft internet explorer/edge遠端記憶體破壞漏洞(cve-2017-8517)
bid:98895
cve編号:cve-2017-8517
microsoft edge遠端記憶體破壞漏洞(cve-2017-8496)
bid:98880
cve編号:cve-2017-8496
microsoft edge遠端記憶體破壞漏洞(cve-2017-8499)
bid:98883
cve編号:cve-2017-8499
microsoft edge遠端記憶體破壞漏洞(cve-2017-8497)
bid:98882
cve編号:cve-2017-8497
microsoft windows uniscribe資訊洩露漏洞(cve-2017-0282)
bid:98885
cve編号:cve-2017-0282
microsoft edge遠端資訊洩露漏洞(cve-2017-8498)
bid:98886
cve編号:cve-2017-8498
microsoft edge遠端資訊洩露漏洞(cve-2017-8504)
bid:98892
cve編号:cve-2017-8504
microsoft windows uniscribe資訊洩露漏洞(cve-2017-0285)
bid:98914
cve編号:cve-2017-0285
microsoft edge遠端記憶體破壞漏洞(cve-2017-8521)
bid:98925
cve編号:cve-2017-8521
microsoft windows uniscribe遠端代碼執行漏洞(cve-2017-0283)
bid:98920
cve編号:cve-2017-0283
microsoft windows uniscribe資訊洩露漏洞(cve-2017-0284)
bid:98919
cve編号:cve-2017-0284
microsoft outlook記憶體破壞漏洞(cve-2017-8507)
bid:98827
cve編号:cve-2017-8507
microsoft windows 本地安全限制繞過漏洞(cve-2017-8493)
bid:98850
cve編号:cve-2017-8493
microsoft office安全限制繞過漏洞(cve-2017-8508)
bid:98828
cve編号:cve-2017-8508
microsoft edge安全功能繞過漏洞(cve-2017-8530)
bid:98863
cve編号:cve-2017-8530
microsoft windows device guard 本地安全限制繞過漏洞(cve-2017-0173)
bid:98873
cve編号:cve-2017-0173
microsoft sharepoint跨站腳本漏洞(cve-2017-8514)
bid:98831
cve編号:cve-2017-8514
microsoft windows uniscribe 資訊洩露漏洞(cve-2017-8534)
bid:98822
cve編号:cve-2017-8534
microsoft windows kernel 資訊洩露漏洞(cve-2017-8485)
bid:98860
cve編号:cve-2017-8485
microsoft windows kernel 本地資訊洩露漏洞(cve-2017-8492)
bid:98870
cve編号:cve-2017-8492
microsoft windows kernel 本地資訊洩露漏洞(cve-2017-8489)
bid:98865
cve編号:cve-2017-8489
microsoft windows 遠端代碼執行漏洞(cve-2017-0294)
bid:98837
cve編号:cve-2017-0294
microsoft windows kernel 本地資訊洩露漏洞(cve-2017-8490)
bid:98867
cve編号:cve-2017-8490
microsoft windows kernel 本地資訊洩露漏洞(cve-2017-8491)
bid:98869
cve編号:cve-2017-8491
microsoft office dll加載遠端代碼執行漏洞(cve-2017-8506)
bid:98811
cve編号:cve-2017-8506
microsoft office dll加載遠端代碼執行漏洞(cve-2017-0260)
bid:98810
cve編号:cve-2017-0260
microsoft office遠端代碼執行漏洞(cve-2017-8512)
bid:98816
cve編号:cve-2017-8512
microsoft office遠端代碼執行漏洞(cve-2017-8511)
bid:98815
cve編号:cve-2017-8511
microsoft office遠端代碼執行漏洞(cve-2017-8510)
bid:98813
cve編号:cve-2017-8510
microsoft windows lnk遠端代碼執行漏洞(cve-2017-8464)
bid:98818
cve編号:cve-2017-8464
microsoft office遠端代碼執行漏洞(cve-2017-8509)
bid:98812
cve編号:cve-2017-8509
microsoft windows graphics component資訊洩露漏洞(cve-2017-8531)
bid:98819
cve編号:cve-2017-8531
microsoft windows graphics component資訊洩露漏洞(cve-2017-8533)
bid:98821
cve編号:cve-2017-8533
microsoft windows graphics component資訊洩露漏洞(cve-2017-8532)
bid:98820
cve編号:cve-2017-8532
microsoft windows search 資訊洩露漏洞(cve-2017-8544)
bid:98826
cve編号:cve-2017-8544
microsoft windows search 遠端代碼執行漏洞(cve-2017-8543)
bid:98824
cve編号:cve-2017-8543
microsoft powerpoint遠端代碼執行漏洞(cve-2017-8513)
bid:98830
cve編号:cve-2017-8513
microsoft windows 拒絕服務漏洞(cve-2017-8515)
bid:98833
cve編号:cve-2017-8515
microsoft windows pdf遠端代碼執行漏洞(cve-2017-0291)
bid:98835
cve編号:cve-2017-0291
microsoft windows kernel 本地資訊洩露漏洞(cve-2017-8469)
bid:98842
cve編号:cve-2017-8469
microsoft windows kernel ‘win32k.sys’ 本地權限提升漏洞(cve-2017-8465)
bid:98843
cve編号:cve-2017-8465
microsoft windows kernel 本地資訊洩露漏洞(cve-2017-8478)
bid:98845
cve編号:cve-2017-8478
microsoft windows kernel ‘win32k.sys’ 本地資訊洩露漏洞(cve-2017-8473)
bid:98852
cve編号:cve-2017-8473
microsoft windows kernel ‘win32k.sys’ 本地資訊洩露漏洞(cve-2017-8475)
bid:98853
cve編号:cve-2017-8475
microsoft windows kernel ‘win32k.sys’ 本地資訊洩露漏洞(cve-2017-8472)
bid:98851
cve編号:cve-2017-8472
microsoft windows kernel ‘win32k.sys’ 本地資訊洩露漏洞(cve-2017-8477)
bid:98854
cve編号:cve-2017-8477
microsoft windows kernel ‘win32k.sys’ 本地資訊洩露漏洞(cve-2017-8471)
bid:98849
cve編号:cve-2017-8471
microsoft windows pdf遠端代碼執行漏洞(cve-2017-0292)
bid:98836
cve編号:cve-2017-0292
microsoft windows kernel 資訊洩露漏洞(cve-2017-8482)
bid:98858
cve編号:cve-2017-8482
microsoft windows kernel 本地資訊洩露漏洞(cve-2017-8480)
bid:98857
cve編号:cve-2017-8480
microsoft windows kernel 本地資訊洩露漏洞(cve-2017-8481)
bid:98862
cve編号:cve-2017-8481
microsoft windows kernel ‘win32k.sys’本地資訊洩露漏洞(cve-2017-8470)
bid:98848
cve編号:cve-2017-8470
microsoft windows kernel ‘win32k.sys’ 本地資訊洩露漏洞(cve-2017-8484)
bid:98847
cve編号:cve-2017-8484
microsoft windows kernel ‘win32k.sys’ 本地權限提升漏洞(cve-2017-8468)
bid:98846
cve編号:cve-2017-8468
microsoft windows kernel 本地資訊洩露漏洞(cve-2017-8483)
bid:98859
cve編号:cve-2017-8483
microsoft windows kernel 本地資訊洩露漏洞(cve-2017-8479)
bid:98856
cve編号:cve-2017-8479
microsoft windows kernel 本地資訊洩露漏洞(cve-2017-8488)
bid:98864
cve編号:cve-2017-8488
microsoft windows cursor 本地權限提升漏洞(cve-2017-8466)
bid:98844
cve編号:cve-2017-8466
microsoft windows 本地權限提升漏洞(cve-2017-8494)
bid:98855
cve編号:cve-2017-8494
microsoft windows com本地權限提升漏洞(cve-2017-0298)
bid:98841
cve編号:cve-2017-0298
microsoft windows tdx本地權限提升漏洞(cve-2017-0296)
bid:98839
cve編号:cve-2017-0296
原文釋出時間:2017年6月21日
本文由:綠盟科技釋出,版權歸屬于原作者
原文連結:http://toutiao.secjia.com/nsfocus-internet-security-threats-weekly-201724#
本文來自雲栖社群合作夥伴安全加,了解相關資訊可以關注安全加網站